airs-workshop — module 1.2
~/airs platform overview --module 1.2 --pillars 5

Prisma AIRS
Platform Overview

The 5 pillars, where they fit, and how you'll talk about them with customers.

5
Pillars
1
Console (SCM)
Full
Lifecycle
45
Minutes
The Problem

What Existing Security Can't See

Your customers have mature security stacks. None of them cover the AI layer.

What they have

What none of them do

The gap: Traditional tools see AI traffic as encrypted HTTPS to api.openai.com. They can allow or block. They cannot inspect what's being said, leaked, or manipulated.

The Platform

Prisma AIRS — Five Pillars, One Console

The industry's most comprehensive AI security platform. Full lifecycle coverage.

Strata Cloud Manager — Same console you already use
🔍
Model Security
Scan Models
🎯
Red Teaming
Test Apps
🛡
Runtime Security
Protect Runtime
🤖
Agent Security
Secure Agents
📊
AI-SPM
Discover Risks
Discover
AI-SPM • Agent Security
Assess
Model Security • Red Teaming
Protect
Runtime Security
Deep Dive

What Each Pillar Does

🔍
Model Security
“AV scanning for AI models”
  • Scans model files (.pth, .safetensors, .onnx — 35+ formats) for embedded malware, backdoors
  • Local scanning (models stay on-prem) + HuggingFace integration (100k+ pre-scanned)
  • Security Groups define pass/fail per environment
🔧 Day 2: Download, deploy, scan, gate pipeline
🎯
Red Teaming
“Automated pen testing for AI apps”
  • ~600 curated attack templates mapped to OWASP LLM Top 10 & MITRE ATLAS
  • Three modes: attack library, AI agent (adaptive), custom datasets
  • LLMs are non-deterministic — test repeatedly, not once
🔧 Day 5: Red team apps built during the week
🛡
Runtime Security
“Inline protection for AI traffic”
  • Network Intercept: VM-Series with AI threat signatures. Same deployment model.
  • API Intercept: SDK/API in app code. Deep inspection, custom guardrails, session tracking.
  • Detects: prompt injection, jailbreak, DLP, toxic content, malicious URLs/code
🔧 Day 3: Integrate API Intercept, test detections
🤖
Agent Security
“Identity & access control for autonomous AI”
  • Discovers agents across AWS Bedrock, Azure AI Foundry, SaaS (Copilot Studio, Agentforce)
  • Posture analysis: excessive permissions, sensitive data exposure, unprotected agents
  • MCP threat detection: tool poisoning, credential leakage, context manipulation
🔧 Day 4: Deploy multi-agent on Bedrock, secure with AIRS
📊
AI-SPM
“CSPM for AI workloads”
🔧 Day 5: Onboard AWS account, view discovered assets
The Decision

Network Intercept vs. API Intercept

They're complementary, not competing. Many customers will deploy both.

Question Network Intercept API Intercept
Who deploys it? NetSec / SecOps DevSecOps / App team
How does it deploy? VM-Series (familiar) SDK / REST API / Gateway plugin
What does it see? All AI traffic on the network Specific app's LLM calls
What can it do? Broad visibility, shadow AI detection Deep inspection, custom guardrails, session tracking
Managed by? SCM or Panorama SCM only
When to pitch? “We need visibility across all AI usage” “We need to secure this specific AI app”

Network Intercept = the play for existing NGFW customers. Same deployment, same management.
API Intercept = the play for app teams building AI products. Deeper, more granular.

Positioning

Communicating Value as a Consultant

“You already have NGFW protecting your network. AIRS extends that protection to AI workloads — same management console, same licensing model, new coverage.”

AppSec Under NetSec

You're talking about SDKs, API instrumentation, CI/CD pipelines — not just firewall rules. New territory for most PS consultants and most customer security teams.

Different Buyer

NGFW buyer = CISO / NetSec director. AIRS buyer might also be VP of Engineering, Head of AI/ML, or the platform team. New rooms, new conversations.

Speed of Change

NGFW cycles are measured in years. AIRS features ship monthly. What you learn this week will have updates by next month. That's normal for this space.

🔑
Licensing — Keep It Simple
Same Flex Credits (PAN-SOFTWARE-NGFW-CR) as VM-Series. Customer buys credit pool, allocates to AIRS. No new procurement. No new PO. Same line item. Eval credits: 500 Flex Credits, same process.
Vision

Where This Is Going

✅ Shipping & Solid
  • Model Security: GA, production-ready, Protect AI integration
  • Red Teaming: GA, 600+ attacks, agent-based scanning
  • Runtime API Intercept: GA, Python SDK, REST, gateway integrations
  • Runtime Network Intercept: GA, VM-Series with AI threat prevention
  • AI-SPM: GA, AWS & Azure discovery, SaaS agents
  • Agent Security: GA for discovery & posture, MCP threat detection
🟡 Early or Emerging
  • Agent-to-Agent (A2A) protocol security — standard is new
  • Custom guardrails — powerful but requires per-deployment tuning
  • Session view UI for SOC analysts — shipping but iterating
  • GCP Vertex AI discovery in AI-SPM — roadmap
🚀 Market Direction
  • Agent Fabric: Agents calling agents, managing workflows. Security at every handoff.
  • Multi-cloud native: AWS, Azure, GCP simultaneously. Cloud-agnostic by design.
  • Developer-first: API Intercept & MCP mean security ships with the app, not bolted on.
⚔ Competitive Reality
  • No other vendor covers all 5 pillars — real, verifiable, strongest differentiator
  • Individual pillars have point-solution competitors (Lakera, cloud-native guardrails)
  • AIRS wins on integration and breadth. Know the gaps — be honest.
The Week

What You'll Build

Monday
Foundations
Model Security
Download & run a model locally, explore model files
Tuesday
Deploy & Scan
Model Security
Deploy to GCP Cloud Run, integrate AIRS scanning in CI/CD
Wednesday
Protect Runtime
Runtime Security (API)
Deploy LLM gateway, integrate API Intercept, test detections
Thursday
Agents & MCP
Agent Security
Deploy multi-agent on AWS Bedrock, secure with AIRS
Friday
Attack Everything
Red Teaming + AI-SPM
Red team your builds, onboard cloud for discovery

By Friday noon: Deployed a model from source to production. Scanned it. Protected an app at runtime. Built and secured a multi-agent system. Red teamed your own deployments. Reviewed findings in SCM. That's not a demo — that's hands-on experience you can take to a customer engagement.

airs-workshop — platform overview complete
~/airs platform status --summary

Five Pillars. One Platform.

Scan → Test → Protect → Secure → Discover
Same Flex Credits. Same SCM. New coverage for a new risk.

Scan
Model Security
Test
Red Teaming
Protect
Runtime
Secure
Agent Security
Discover
AI-SPM

Questions before we move on?