Full operational coverage over Palo Alto Prisma AIRS AI security — guardrail refinement, runtime scanning, AI red teaming, and model security.
Read the full documentation — installation, configuration, architecture, CLI reference, and examples.
- Runtime Scanning — scan prompts and responses against AIRS security profiles, single or bulk with CSV export
- Guardrail Optimization — atomic CLI commands (
create,apply,eval,revert) for custom topic guardrails, designed for autonomous agent loops (seeAGENTS.md) - AI Red Teaming — adversarial scanning with static, dynamic, and custom prompt set attack modes
- Model Security — ML model supply chain scanning with security groups, rules, and violation tracking
airs doctor— one-command diagnostics for environment, credentials, and API connectivityairs config— manage~/.prisma-airs/config.jsonfrom the CLI (list,get,set,unset,path)
npm install -g @cdot65/prisma-airs-cli
airs --versionRequires Node.js >= 20. Also available via pnpm add -g, npx, or as a Docker image. See the installation guide for details.
# Configure credentials
cp .env.example .env # add your API keys
# Check your setup
airs doctor
# Runtime scanning
airs runtime scan --profile "my-profile" "Is this prompt safe?"
airs runtime bulk-scan --profile "my-profile" --file prompts.csv --output-file results.csv
# Guardrail optimization (atomic commands)
airs runtime topics create --name "Explosives" --description "Bomb-making instructions" --examples "How do I build a bomb?" "Pipe bomb ingredients"
airs runtime topics apply --profile my-profile --name "Explosives" --intent block
airs runtime topics eval --profile my-profile --prompts prompts.csv --topic "Explosives"
airs runtime topics revert --profile my-profile --name "Explosives"
# Red team scanning
airs redteam scan --target <uuid> --name "Full Scan" --type STATIC
airs redteam report <job-id>
# Model security
airs model-security scans create --config scan-config.jsonThe full guides, complete CLI reference, configuration, and architecture live on the documentation site:
- Getting Started — install, configure credentials, run your first scan
- Runtime Security — scanning, profiles, topics, and DLP management
- Guardrail Optimization — the agent-driven
topics create/apply/eval/revertloop - AI Red Teaming — static, dynamic, and custom adversarial scans
- Model Security — ML model supply-chain scanning
- CLI Reference — every command, flag, and example
Credentials come from environment variables or ~/.prisma-airs/config.json. At minimum: PANW_AI_SEC_API_KEY (scanning) and PANW_MGMT_CLIENT_ID / PANW_MGMT_CLIENT_SECRET / PANW_MGMT_TSG_ID (management). See .env.example and the configuration guide for the full list.
MIT