Model Security
Prisma AIRS CLI integrates with Palo Alto Prisma AIRS AI Model Security to manage ML model supply chain security. This enables scanning model artifacts for vulnerabilities, malicious code, and compliance issues before deployment.
Overview
The airs model-security command group provides access to Model Security operations:
- Groups — manage security groups that define scanning policies per source type
- Rules — browse available security rules (read-only, managed by AIRS)
- Rule Instances — configure rule enforcement within groups (BLOCKING, ALLOWING, DISABLED)
- Scans — create, list, and inspect model security scans with evaluations, violations, and file results
- Install — one-command setup of the
model-security-clientPython package (auto-detects uv/pip, creates venv) - Labels — organize scans with key-value labels
- PyPI Auth — get raw authentication URL for Google Artifact Registry
Concepts
Security Groups
A security group ties a source type (LOCAL, S3, GCS, AZURE, HUGGING_FACE) to a set of rule instances. Each group defines the security policy applied when scanning models from that source.
Security Rules
Rules are the individual checks AIRS performs — unsafe deserialization detection, malicious code injection scanning, license compliance, etc. Rules are managed by AIRS and cannot be created or deleted via the API.
Rule Instances
When a group is created, AIRS automatically provisions rule instances for all compatible rules. Each instance can be configured independently:
| State | Behavior |
|---|---|
BLOCKING | Scan fails if rule triggers |
ALLOWING | Rule evaluates but doesn't block |
DISABLED | Rule is skipped entirely |
Model Catalog
Every model AIRS has scanned is recorded in a read-only catalog. A model (e.g.
nvidia/LocateAnything-3B) has one or more versions, and each version has the files
that were scanned. The catalog surfaces the latest eval outcome (ALLOWED / BLOCKED),
detected formats, source type, and per-file results — useful for auditing supply-chain
posture without re-running a scan.
Workflow
0. Install the Python SDK
# Auto-detects uv or pip, creates a project/venv, installs the package
airs model-security install
# Or install with only AWS extras
airs model-security install --extras aws
1. List available groups
airs model-security groups list
# Structured output (table, csv, json, yaml)
airs model-security groups list --output table
2. Browse security rules
airs model-security rules list
airs model-security rules get <uuid>
3. Configure rule enforcement
# View current rule instances in a group
airs model-security rule-instances list <groupUuid>
# Update a rule instance state
echo '{"state": "BLOCKING"}' > update.json
airs model-security rule-instances update <groupUuid> <instanceUuid> --config update.json
4. Create custom groups
echo '{"name": "Strict S3 Policy", "source_type": "S3"}' > group.json
airs model-security groups create --config group.json
5. Inspect scan results
# List scans
airs model-security scans list
# View evaluations for a scan
airs model-security scans evaluations <scanUuid>
# View violations
airs model-security scans violations <scanUuid>
# View scanned files
airs model-security scans files <scanUuid>
6. Organize with labels
airs model-security labels add <scanUuid> --labels '[{"key":"env","value":"prod"}]'
airs model-security labels keys
7. Browse the model catalog
# List scanned models
airs model-security models list
# Drill into a model → its versions → the files in a version
airs model-security models get <modelUuid>
airs model-security models versions <modelUuid>
airs model-security models version <modelVersionUuid>
airs model-security models files <modelVersionUuid>
Every model-security command with options and example output lives in the CLI Reference.
Sub-pages
- Security Groups — CRUD operations for security groups
- Rules & Instances — browsing rules and configuring rule instances
- Scans & Results — listing scans, evaluations, violations, and files
- Labels — organizing scans with key-value metadata
- Model Catalog — read-only browsing of models, versions, and files
- Python SDK — installing the model-security-client and PyPI authentication