Set up Runtime for Protection via Multicloud Defense

Runtime Multicloud Defense-deployed approach

The Multicloud Defense-deployed approach to Runtime uses one or more egress Multicloud Defense Gateways to monitor traffic to and from your AI model or application. In this approach, the AI Defense Gateway acts as a proxy between your AI application and its users, intercepting user prompts and model responses and applying your guardrails profile rules to them. These are rules that you set up to ensure security, safety, and/or privacy.

Policies and Multicloud Defense-deployed Runtime Protection

Multicloud Defense-deployed Runtime logs an event each time a rule in the guardrails profile is triggered, and allows rules to block each prompt or response that violates your policy.

Policies you edit in the AI Defense UI apply only to gateway-deployed Runtime and on-demand Runtime. For Multicloud Defense-deployed Runtime, you must edit your policies in the Multicloud Defense guardrails profile, managed in the Multicloud Defense UI.

If you wish to perform evaluation via an API call, see API-enforced Runtime.

Set up Multicloud Defense-deployed Runtime protection

To use the runtime Multicloud Defense-deployed approach, you will connect Multicloud Defense to AI Defense, configure Multicloud Defense (three steps), and apply a guardrails profile to your VPC in Multicloud Defense.

Prerequisites

You must have a Security Cloud Control account prior to accessing either AI Defense or Multicloud Defense.
Only egress Multicloud Defense Gateways are currently compatible with AI Defense.
To enable Multicloud Defense to monitor prompts and responses with AI Runtime, you must Secure Your Account and add a Service VPC or VNet to your gateway.
Guardrails profiles (policies) created in Multicloud Defense must be modified in the Multicloud Defense Controller; you cannot delete or modify a Multicloud Defense guardrails profile or ruleset in the AI Defense dashboard.

Procedure

To set this up:

Find or create your Multicloud Defense account and connect Multicloud Defense to AI Defense. See the section, Multicloud Defense Integration.
Configure Multicloud Defense by performing the Secure Your Account setup, creating a guardrails profile, and enabling traffic visibility in Multicloud Defense for your Service VPC or VNet. See the section, AI Defense Integration with Multicloud Defense in the Multicloud Defense User Guide.
Each time a prompt or response triggers a rule from your guardrails profile, AI Defense will log an event, and if the prompt or response represents a potential risk, Multicloud Defense will block it.