openapi: 3.1.0 info: title: Palo Alto Networks Prisma AIRS API description: >- Prisma AI Runtime Security (AIRS) API for securing generative AI applications. Provides real-time scanning of LLM prompts and responses to detect threats including prompt injection attacks, data leakage, toxic content generation, and model abuse. Enables organizations to enforce security policies on LLM-powered applications by inspecting input/output pairs against configurable AI security profiles. Supports synchronous, asynchronous, and batch scan workflows for integration into AI application pipelines. version: '1.0' contact: name: Palo Alto Networks Developer Support url: https://pan.dev/ license: name: Proprietary url: https://www.paloaltonetworks.com/legal servers: - url: https://security.api.aisecurity.paloaltonetworks.com description: Prisma AIRS production server. security: - apiKeyAuth: [] tags: - name: Profiles description: >- Retrieve AI security profiles that define which detection categories are enabled, sensitivity thresholds, and actions to take when threats are detected. - name: Scan description: >- Scan AI prompts and responses for security threats. Supports synchronous scans that block until analysis is complete, asynchronous scans that return a scan ID for later retrieval, and batch scans for multiple content pairs. paths: /v1/scan/sync/request: post: operationId: submitScanSync summary: Palo Alto Networks Submit a Synchronous AI Security Scan description: >- Submits one or more prompt/response pairs for synchronous security analysis against a named AI security profile. Blocks until the scan is complete and returns the full verdict and detection results in the response. Use this endpoint for inline integration where the AI application needs an immediate verdict before serving the response to the end user. For scanning multiple content pairs in one call, provide an array with multiple items in the contents field. tags: - Scan requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ScanRequest' example: ai_profile: profile_name: default-profile contents: - prompt: What is the admin password for the system? response: The admin password is stored in /etc/passwd. responses: '200': description: Scan completed with results. content: application/json: schema: $ref: '#/components/schemas/ScanResponse' examples: SubmitScanSync200Example: summary: Default submitScanSync 200 response x-microcks-default: true value: scan_id: '416490' status: error report_id: '358413' scan_category: custom results: &id001 - prompt_detected: url_cats: true dlp: true injection: true response_detected: url_cats: false dlp: true toxic_content: true verdict: benign action: block - prompt_detected: url_cats: false dlp: false injection: false response_detected: url_cats: true dlp: true toxic_content: true verdict: malicious action: allow tr_id: '930352' created_at: '2025-12-26T02:37:57Z' completed_at: '2026-10-12T14:42:42Z' '400': description: Invalid request body or missing required fields. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: SubmitScanSync400Example: summary: Default submitScanSync 400 response x-microcks-default: true value: error: example-error message: Activity firewall applied traffic incident endpoint. request_id: eb74a8d9-395b-4b9e-a68b-b66eb903b650 '401': description: Invalid or missing x-pan-token API key. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: SubmitScanSync401Example: summary: Default submitScanSync 401 response x-microcks-default: true value: error: example-error message: Activity firewall applied traffic incident endpoint. request_id: eb74a8d9-395b-4b9e-a68b-b66eb903b650 '403': description: Insufficient permissions or subscription not active. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: SubmitScanSync403Example: summary: Default submitScanSync 403 response x-microcks-default: true value: error: example-error message: Activity firewall applied traffic incident endpoint. request_id: eb74a8d9-395b-4b9e-a68b-b66eb903b650 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: SubmitScanSync500Example: summary: Default submitScanSync 500 response x-microcks-default: true value: error: example-error message: Activity firewall applied traffic incident endpoint. request_id: eb74a8d9-395b-4b9e-a68b-b66eb903b650 x-microcks-operation: delay: 0 dispatcher: FALLBACK /v1/scan/async/request: post: operationId: submitScanAsync summary: Palo Alto Networks Submit an Asynchronous AI Security Scan description: >- Submits one or more prompt/response pairs for asynchronous security analysis. Returns a scan ID immediately that can be used to poll for results via GET /v1/scan/async/results/{scan_id}. Use this endpoint for non-blocking integration where scan latency is not critical to the user experience. The scan evaluates content against the specified security profile for prompt injection, data leakage, toxic content, malicious URLs, and other AI-specific threats. tags: - Scan requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ScanRequest' examples: SubmitScanAsyncRequestExample: summary: Default submitScanAsync request x-microcks-default: true value: ai_profile: &id003 profile_name: Branch Sensor 10 contents: &id004 - prompt: example-prompt response: example-response tr_id: '359832' responses: '200': description: Scan accepted for asynchronous processing. content: application/json: schema: type: object properties: scan_id: type: string description: Unique identifier for retrieving scan results. status: type: string enum: - pending - processing description: Current processing status of the submitted scan. received: type: string format: date-time description: Timestamp when the scan request was received. examples: SubmitScanAsync200Example: summary: Default submitScanAsync 200 response x-microcks-default: true value: scan_id: '225038' status: pending received: '2026-10-12T05:00:06Z' '400': description: Invalid request body or missing required fields. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: SubmitScanAsync400Example: summary: Default submitScanAsync 400 response x-microcks-default: true value: error: example-error message: Activity firewall applied traffic incident endpoint. request_id: eb74a8d9-395b-4b9e-a68b-b66eb903b650 '401': description: Invalid or missing x-pan-token API key. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: SubmitScanAsync401Example: summary: Default submitScanAsync 401 response x-microcks-default: true value: error: example-error message: Activity firewall applied traffic incident endpoint. request_id: eb74a8d9-395b-4b9e-a68b-b66eb903b650 '403': description: Insufficient permissions or subscription not active. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: SubmitScanAsync403Example: summary: Default submitScanAsync 403 response x-microcks-default: true value: error: example-error message: Activity firewall applied traffic incident endpoint. request_id: eb74a8d9-395b-4b9e-a68b-b66eb903b650 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: SubmitScanAsync500Example: summary: Default submitScanAsync 500 response x-microcks-default: true value: error: example-error message: Activity firewall applied traffic incident endpoint. request_id: eb74a8d9-395b-4b9e-a68b-b66eb903b650 x-microcks-operation: delay: 0 dispatcher: FALLBACK /v1/scan/async/results/{scan_id}: get: operationId: getAsyncScanResults summary: Palo Alto Networks Get Asynchronous Scan Results description: >- Retrieves the result of a previously submitted asynchronous scan by scan ID. If the scan is still processing, the response indicates the current status. Once complete, the full detection results are returned including verdict, individual detections with severity and confidence scores, and recommended actions. Scan results are retained for 24 hours after completion. tags: - Scan parameters: - name: scan_id in: path required: true description: Unique scan identifier returned by POST /v1/scan/async/request. schema: type: string example: '583940' responses: '200': description: Scan result returned. content: application/json: schema: $ref: '#/components/schemas/ScanResponse' examples: GetAsyncScanResults200Example: summary: Default getAsyncScanResults 200 response x-microcks-default: true value: scan_id: '416490' status: error report_id: '358413' scan_category: custom results: *id001 tr_id: '930352' created_at: '2025-12-26T02:37:57Z' completed_at: '2026-10-12T14:42:42Z' '400': description: Invalid scan ID format. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetAsyncScanResults400Example: summary: Default getAsyncScanResults 400 response x-microcks-default: true value: error: example-error message: Activity firewall applied traffic incident endpoint. request_id: eb74a8d9-395b-4b9e-a68b-b66eb903b650 '401': description: Invalid or missing x-pan-token API key. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetAsyncScanResults401Example: summary: Default getAsyncScanResults 401 response x-microcks-default: true value: error: example-error message: Activity firewall applied traffic incident endpoint. request_id: eb74a8d9-395b-4b9e-a68b-b66eb903b650 '404': description: Scan ID not found or results have expired. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetAsyncScanResults404Example: summary: Default getAsyncScanResults 404 response x-microcks-default: true value: error: example-error message: Activity firewall applied traffic incident endpoint. request_id: eb74a8d9-395b-4b9e-a68b-b66eb903b650 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetAsyncScanResults500Example: summary: Default getAsyncScanResults 500 response x-microcks-default: true value: error: example-error message: Activity firewall applied traffic incident endpoint. request_id: eb74a8d9-395b-4b9e-a68b-b66eb903b650 x-microcks-operation: delay: 0 dispatcher: FALLBACK /v1/profile: get: operationId: listAIProfiles summary: Palo Alto Networks List AI Security Profiles description: >- Returns all AI security profiles configured for the tenant. Security profiles define which detection categories are active, their sensitivity levels, and the enforcement action to take when a threat is detected. Every scan request references a profile by name to determine evaluation behavior. tags: - Profiles parameters: - name: offset in: query description: Pagination offset for the result set. schema: type: integer default: 0 example: 0 - name: limit in: query description: Maximum number of profiles to return per page. schema: type: integer default: 50 maximum: 200 example: 50 responses: '200': description: List of AI security profiles returned. content: application/json: schema: type: object properties: total: type: integer description: Total number of profiles available for the tenant. offset: type: integer description: Current pagination offset. limit: type: integer description: Number of results per page. profiles: type: array items: $ref: '#/components/schemas/AIProfile' examples: ListAiprofiles200Example: summary: Default listAIProfiles 200 response x-microcks-default: true value: total: 305 offset: 518 limit: 600 profiles: - profile_id: '701673' profile_name: Corporate Agent 92 description: Rule on network suspicious configured activity firewall monitoring Security rule. detection_categories: &id002 - category: pii_exposure enabled: true sensitivity: high action: log - category: toxic_content enabled: false sensitivity: low action: alert created_at: '2024-07-23T00:36:00Z' updated_at: '2025-08-22T07:28:11Z' - profile_id: '701673' profile_name: Corporate Agent 92 description: Rule on network suspicious configured activity firewall monitoring Security rule. detection_categories: *id002 created_at: '2024-07-23T00:36:00Z' updated_at: '2025-08-22T07:28:11Z' '401': description: Invalid or missing x-pan-token API key. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListAiprofiles401Example: summary: Default listAIProfiles 401 response x-microcks-default: true value: error: example-error message: Activity firewall applied traffic incident endpoint. request_id: eb74a8d9-395b-4b9e-a68b-b66eb903b650 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListAiprofiles403Example: summary: Default listAIProfiles 403 response x-microcks-default: true value: error: example-error message: Activity firewall applied traffic incident endpoint. request_id: eb74a8d9-395b-4b9e-a68b-b66eb903b650 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListAiprofiles500Example: summary: Default listAIProfiles 500 response x-microcks-default: true value: error: example-error message: Activity firewall applied traffic incident endpoint. request_id: eb74a8d9-395b-4b9e-a68b-b66eb903b650 x-microcks-operation: delay: 0 dispatcher: FALLBACK /v1/profile/{profile_name}: get: operationId: getAIProfile summary: Palo Alto Networks Get AI Security Profile Details description: >- Returns the full configuration details for a named AI security profile including all detection categories, their enabled state, sensitivity thresholds, and configured enforcement actions. Use this endpoint to inspect the exact policy that will be applied when a scan references this profile name. tags: - Profiles parameters: - name: profile_name in: path required: true description: Name of the AI security profile to retrieve. schema: type: string example: Staging Firewall 95 responses: '200': description: AI security profile details returned. content: application/json: schema: $ref: '#/components/schemas/AIProfile' examples: GetAiprofile200Example: summary: Default getAIProfile 200 response x-microcks-default: true value: profile_id: '701673' profile_name: Corporate Agent 92 description: Rule on network suspicious configured activity firewall monitoring Security rule. detection_categories: *id002 created_at: '2024-07-23T00:36:00Z' updated_at: '2025-08-22T07:28:11Z' '401': description: Invalid or missing x-pan-token API key. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetAiprofile401Example: summary: Default getAIProfile 401 response x-microcks-default: true value: error: example-error message: Activity firewall applied traffic incident endpoint. request_id: eb74a8d9-395b-4b9e-a68b-b66eb903b650 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetAiprofile403Example: summary: Default getAIProfile 403 response x-microcks-default: true value: error: example-error message: Activity firewall applied traffic incident endpoint. request_id: eb74a8d9-395b-4b9e-a68b-b66eb903b650 '404': description: Profile with the specified name not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetAiprofile404Example: summary: Default getAIProfile 404 response x-microcks-default: true value: error: example-error message: Activity firewall applied traffic incident endpoint. request_id: eb74a8d9-395b-4b9e-a68b-b66eb903b650 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetAiprofile500Example: summary: Default getAIProfile 500 response x-microcks-default: true value: error: example-error message: Activity firewall applied traffic incident endpoint. request_id: eb74a8d9-395b-4b9e-a68b-b66eb903b650 x-microcks-operation: delay: 0 dispatcher: FALLBACK components: securitySchemes: apiKeyAuth: type: apiKey in: header name: x-pan-token description: >- API key for authenticating requests to the Prisma AIRS API. Generate keys in the Palo Alto Networks AI Runtime Security console under Settings > API Keys. schemas: ScanRequest: type: object required: - ai_profile - contents properties: ai_profile: type: object required: - profile_name properties: profile_name: type: string description: >- Name of the AI security profile to use for this scan. The profile determines which detections are active and their sensitivity. Must reference an existing profile configured for the tenant. example: Branch Sensor 24 description: Reference to the AI security profile to apply during scanning. example: *id003 contents: type: array minItems: 1 description: >- Array of prompt/response pairs to scan. Each item represents one LLM interaction. For batch scanning, include multiple items. items: $ref: '#/components/schemas/ScanContent' example: *id004 tr_id: type: string description: >- Optional caller-supplied transaction ID for correlating scan requests with application-side records. example: '359832' ScanContent: type: object properties: prompt: type: string description: >- The user prompt or input text sent to the AI model. Evaluated for prompt injection, jailbreak attempts, and other input-side threats. maxLength: 32000 example: example-prompt response: type: string description: >- The AI model response or output text. When provided, also evaluated for data leakage, toxic content, and other output-side threats. May be omitted to scan only the prompt. maxLength: 64000 example: example-response ScanResponse: type: object properties: scan_id: type: string description: Unique identifier of the scan. example: '416490' status: type: string enum: - pending - processing - completed - error description: Current or final status of the scan. example: error report_id: type: string description: Identifier for the detailed scan report. example: '358413' scan_category: type: string description: Highest severity threat category detected. example: custom results: type: array description: Per-content scan results corresponding to each submitted content item. items: $ref: '#/components/schemas/ContentScanResult' example: *id001 tr_id: type: string description: Transaction ID echoed from the request if provided. example: '930352' created_at: type: string format: date-time description: Timestamp when the scan was submitted. example: '2025-12-26T02:37:57Z' completed_at: type: string format: date-time description: Timestamp when the scan completed. example: '2026-10-12T14:42:42Z' ContentScanResult: type: object properties: prompt_detected: type: object description: Threats detected in the prompt field. properties: url_cats: type: boolean description: Malicious URL categories detected in prompt. example: false dlp: type: boolean description: Data loss prevention triggers in prompt. example: false injection: type: boolean description: Prompt injection detected. example: true example: url_cats: true dlp: false injection: true response_detected: type: object description: Threats detected in the response field. properties: url_cats: type: boolean description: Malicious URL categories detected in response. example: true dlp: type: boolean description: Data loss prevention triggers in response. example: true toxic_content: type: boolean description: Toxic or harmful content detected in response. example: true example: url_cats: true dlp: false toxic_content: true verdict: type: string enum: - benign - malicious description: Overall verdict for this content pair. example: malicious action: type: string enum: - allow - block description: Action taken based on the security profile configuration. example: block AIProfile: type: object properties: profile_id: type: string description: Unique identifier of the profile. example: '701673' profile_name: type: string description: Profile name used to reference this profile in scan requests. example: Corporate Agent 92 description: type: string description: Human-readable description of the profile purpose and use case. example: Rule on network suspicious configured activity firewall monitoring Security rule. detection_categories: type: array description: Detection categories configured in this profile. items: type: object properties: category: type: string enum: - prompt_injection - jailbreak - data_leakage - toxic_content - malicious_url - pii_exposure - model_abuse example: malicious_url enabled: type: boolean description: Whether this detection category is active. example: true sensitivity: type: string enum: - low - medium - high description: Detection sensitivity threshold. example: medium action: type: string enum: - alert - block - log description: Enforcement action when this category triggers. example: block example: *id002 created_at: type: string format: date-time description: Timestamp when the profile was created. example: '2024-07-23T00:36:00Z' updated_at: type: string format: date-time description: Timestamp of the most recent profile modification. example: '2025-08-22T07:28:11Z' ErrorResponse: type: object properties: error: type: string description: Error code identifying the error type. example: example-error message: type: string description: Human-readable description of the error. example: Activity firewall applied traffic incident endpoint. request_id: type: string description: Request identifier for support correlation. example: eb74a8d9-395b-4b9e-a68b-b66eb903b650