AI Defense FAQ

AI Defense is a comprehensive security solution designed to empower organizations to confidently adopt and integrate generative AI into their operations. It provides a cutting-edge, user-centric, and transparent suite of tools focused on ensuring the highest standards of data protection, compliance, and ethical integrity in an evolving AI landscape. With AI Defense, organizations can secure their AI operations, maintain compliance with industry regulations, and uphold ethical standards in their use of generative AI.

Addressing the risks of adopting generative AI requires a comprehensive strategy that integrates strong security protocols, well-defined policies, and cutting-edge technology. AI Defense offers an all-in-one solution that enables organizations to identify potential risks and safeguard their operations effectively.

Use your Cisco SSO credentials to log in to your Security Cloud Control account and then launch AI Defense.

AI Defense does not capture or store any personal data. Instead, it monitors AI interactions to ensure they comply with established rules and regulations. When a prompt or AI response violates these guidelines, an event is generated. This event contains relevant details to help administrators review and address potential issues but does not involve the direct collection of user data.

The system focuses solely on ensuring that AI usage remains within safe, compliant boundaries without compromising privacy.

A policy is a customizable set of guardrails and rules designed to meet the unique security, privacy, and relevancy requirements of organizations. Each policy contains three types of guardrails—security, privacy, and relevancy—offering a flexible way to tailor and assign protective measures to different associations based on their specific needs. These policies are assigned to connections and each connection can have one policy.

Guardrails in AI refers to predefined rules, or mechanisms that ensures AI-adapted organizations operate within safe and secure boundaries. These guardrails are configured as a part of policy and they help prevent unintended actions, security vulnerabilities, and compliance violations.

AI Defense guardrails keep traffic secure, ensure privacy is maintained, and avoid exposing sensitive data.

AI Defense Runtime and Multicloud Defense AI Guardrails scan your AI application traffic (prompts and responses) for security, privacy, and safety. AI Runtime detects, and optionally blocks:

• Cybersecurity and Hacking: Any attempt to obtain or provide assistance to conduct cybersecurity attacks or deliberate misuse of systems.

• Model Vulnerabilities: Any attempt to exploit weaknesses in a model with the intent to compromise its security, integrity, or functionality.

• PII (Personally Identifiable Information): Any attempt to obtain or provide people's private and sensitive information, including phone numbers, addresses, emails, and any other personal information.

• Intellectual Property Theft: Any attempt to steal or misuse any form of intellectual property from the victim organization, including copyrighted material, patent violations, trade secrets, competitive ideas, and protected software, with the intent to cause economic harm or competitive disadvantage to the victim organization.

• Financial Harm: Any attempt to bring about a loss of wealth, property, or other monetary assets due to theft, arson, vandalism, fraud, or forgery, or pressure to provide financial resources to the adversary.

• Societal Harm: Societal harms might generate harmful outcomes that affect the public or specific vulnerable groups.

• User Harm: User harms may encompass various harm types, including financial and reputational, that are directed at or felt by individual victims of the attack rather than at the organization level. Responses may contain specialized financial, medical, or legal advice, or indicate dangerous activities or objects as safe.

AI Defense identifies various types of adversarial prompts, including:

• Direct Request: A prompt directly asking for inappropriate or toxic output without any attempt to disguise the intent.

• Indirect Request: A prompt that provides access to a third-party data source containing adversarial content.

• Instruction Injection: A prompt that instructs the model to ignore or bypass previous instructions or guidelines.

• Obfuscation: A prompt that appears harmless but subtly shifts into harmful or inappropriate content.

• Fictionalization: A prompt that hides an inappropriate request within a fictional or role-playing context.

To protect an AI application and its users with your policy, you must set up a runtime enforcement point. This can be Multicloud Defense with AI Guardrails, an AI Defense Gateway, or the AI Defense Inspection API. The different options serve different use cases:

• The Multicloud Defense approach allows you to enforce policies without any change to your AI application or AI models. The Cisco Multicloud Defense Egress Gateway intercepts AI application traffic, and your AI Guardrails policies are enforced.

• The AI Defense Gateway approach also allows you to enforce policies without requiring code changes in your AI applications, but you must configure your AI applications to direct prompts to the AI Defense Gateway URL.

• The AI Defense Inspection API approach lets you inspect prompts and responses on-demand via the AI Defense Inspection API. You build the AI Inspection API calls into your AI application, and you add logic to your application to handle policy violations that are detected by AI Defense.

Learn more in the Runtime section.

Currently, AI Defense does not support directing traffic to specific groups of users. Traffic routing is limited to application-based and model-based configurations. This means that you can control how traffic is routed through specific applications or models, but not by user groups at this time.

To enable user-level reporting, you must include user-specific information in the requests sent to the AI model. This could involve passing user identifiers, such as user IDs or roles, as part of the input.

You are not seeing any user data because it hasn't been included as part of the requests sent to the AI model.

We leverage proprietary models developed by Cisco to ensure the security, privacy, and safety of AI-adopting organizations. These models are designed to detect threats, enforce compliance, and provide robust protection against vulnerabilities unique to AI operations. By integrating advanced security measures into AI workflows, these models safeguard organizations from emerging risks in the AI landscape.

You can verify that your traffic is being routed through AI Defense by navigating to the Applications and Events sections of the AI Defense Dashboard. If traffic is successfully processed, you will see logged events, including application names, timestamps, associated models, and any policy enforcement actions.

Additionally, check the connection status. If it displays as "Connected," it indicates that traffic is successfully passing through the AI Defense gateway, ensuring that AI Defense is actively monitoring and securing your AI operations.

When the connection status displays as 'pending', it means that the application has been successfully added to AI Defense and is ready for use, but no traffic has yet been routed through the AI Defense gateway. To start directing traffic, use the provided connection guide to help configure the proxy. Once the first request passes through the proxy, the status will automatically update to connected.

The connection guide for a specific connection can be found on the connections page under View Connection Guide.

Events are recorded instances of AI activity that are captured and logged by AI Defense's AI Runtime componenets. Each event represents an interaction or action taken within your AI environment, such as a prompt submitted to the model, a response generated, a rule violation, or any other significant activity related to your AI application's operation.

Events typically include key details like:

• Time stamp: The exact time the event occurred.

• Application: The specific application or service involved in the event.

• Rule Matches: Any security or compliance rules that were triggered.

• Conversation: Provides admins an opportunity to review the conversation and the reason behind the rule match.

• Action Taken: The system’s response, such as blocking, alerting, or allowing the action.

• Model Used: The AI model that processed the interaction.

By tracking events, you can monitor AI usage, detect threats, and ensure compliance with security policies in real-time.

To connect your application to AI Defense, follow these steps:

1. Navigate to the Applications page in the AI Defense Admin Console.

2. Click Add Application and provide a name for your application.

3. Select the endpoint associated with your application from the list.

4. Enter a Connection name and click Save.

If the endpoint is not already defined, you can add it by selecting the appropriate provider and entering the endpoint URL.

Cisco Multicloud Defense is used to detect AI workloads in your cloud environments including AI models, agents, and knowledge bases. Multicloud Defense crawls your environment to detect the AI workloads. The detected assets appear on the AI Assets page. You can also use Multicloud Defense to enforce AI runtime policies as AI Guardrails that you set up in Multicloud Defense.

Navigate to the application page. AI Defense offers two ways to monitor AI application traffic: Gateway and API. Gateway-based AI Runtime enforcement is a proxy-based solution that monitors traffic in real time, while AI Defense Inspection API allows your application to submit user prompts and model responses to an AI Defense endpoint so that AI Defense can evaluate them. Start by adding a new application and providing a name and description. For gateway applications add a connection and either select an existing endpoint or click to add an endpoint. For API applications select Add Connection, add a name, and generate an API key. Use the API key to call the AI Defense Inspection API.

Event logs are visible to AI Defense users with the Admin or Analyst role. Event logs and other user data is securely stored in data centers in the United States.

An application in AI Defense represents an LLM chat application that you will protect with AI Runtime protection. Applications in AI Defense have various deployment models, including API, gateway, and Multicloud Defense-style deployment. In AI Defense, each applications contains one or more connections to represent the LLM APIs being protected. Once you've created an application and its connections, you can apply Runtime policies to secure each connection. See the descriptions for the Multicloud Defense, API, and gateway methods of deploying Runtime protection.

• Insufficient Permissions – Your user role or license does not grant editing access. Check with your administrator for the required permissions.

• Read-Only Mode – The connection is in a state that prevents modifications, such as being managed by an external system or policy restrictions.

• Inactive or Restricted Connection – The connection may be disabled, expired, or restricted, preventing edits until it is reactivated or updated.

• Ongoing Validation or Processing – If the connection is currently under validation, scanning, or in a pending state, editing may be temporarily disabled.

  To resolve this, verify your permissions and check the connection status.