AI Defense-Multicloud Defense Integration

AI Defense relies on Cisco Multicloud Defense to perform AI Asset detection of models and other AI artifacts in your cloud accounts, and to discover third-party models being called from within your cloud accounts. Once discovered, models can be validated in Validation and protected with Runtime policies.

Follow these steps to set up your Multicloud Defense Integration:

Step 1: Locate the Multicloud Defense integration card in AI Defense

Click AI Defense: Assets or click the Knowledge bases card in the Dashboard. This provides an overview of what has been configured so far. If the Integrate Multicloud Defense button is present, then you need to set up the integration as explained below.

Step 2: Prepare a Multicloud Defense tenant for integration with AI Defense

Do one of the following to prepare your Multicloud Defense tenant:

  • If you have a Multicloud Defense tenant, make sure you have credentials that will allow you to generate an API key in Multicloud Defense. Proceed to “Step 3: Integrate Multicloud Defense and AI Defense.”

  • If you don’t have a Multicloud Defense tenant, create one as shown in the next section.

Set up Multicloud Defense in Security Cloud Control (SCC)

Follow the instructions below that apply to your environment:

If you already have both Security Cloud Control and Multicloud Defense accounts

  1. Login to Security Cloud Control: Access your account.

  2. Proceed to “Step 3: Integrate Multicloud Defense and AI Defense.”

If you have an SCC account but haven't activated Multicloud Defense
  1. Login to Security Cloud Control: Access your account.

  2. Proceed to Enable Multicloud Defense, below.

If you do not have an Security Cloud Control account

Create your Security Cloud Control Account:

  1. Visit Security Cloud Control.

  2. Follow the instructions to create an account.

After you’ve created the account, proceed to Enable Multicloud Defense, below.

Enable Multicloud Defense in Security Cloud Control

Enable Multicloud Defense in Security Cloud Control:

  1. Go to the Multicloud Defense Management panel: From the left-hand pane, go to AdministrationMulticloud Defense Management. Accept the EULA if prompted.

  2. Initiate Cloud Protection: Click the rocket ship icon (top right) and choose Protect cloud assets.

  3. Enable Multicloud Defense:

    1. Click Enable Multicloud Defense.

    2. Follow the on-screen prompts to create an Multicloud Defense tenant. This takes a few minutes.

Step 3: Integrate Multicloud Defense and AI Defense

Enable AI Defense to call the Multicloud Defense API:

  1. Create an API key in Multicloud Defense. Capture the API Key ID and API Key Secret for use in the next step. See Cisco Multicloud Defense User Guide - Management [Cisco Defense Orchestrator]

  2. Open the AI Defense Administration tab, go to the Multicloud Defense card, and click Connect, and provide the API key details to complete the connection.

  3. Return to Multicloud Defense and use the Connect Account button to connect Multicloud Defense to your cloud account. See Cisco Multicloud Defense User Guide - Setup with the Multicloud Defense Wizard [Cisco Defense Orchestrator]


 

AI Defense supports Asset discovery in AWS Bedrock. Cisco Multicloud Defense supports additional AI model platforms (LLM API providers), but those are not currently supported in AI Defense.

After Multicloud Defense has completed its scan, the Assets tab in AI Defense will display the AI models in your cloud and the external models that call into instances in your cloud.

Step 4: Configure Multicloud Defense

Complete the configuration in Multicloud Defense. You must either Enable Traffic Visibility, Secure Your Account, or both. See:


 

Only egress Multicloud Defense Gateways are currently compatible with AI Defense.

Once you have completed the steps above, Multicloud Defense monitoring will intercept prompt and response traffic in the VPC where you added guardrails. Runtime protection evaluates content based on the Multicloud Defense AI Guardrails profile you applied to the VPC. Evaluation results appear in the AI Guardrails Logs of Multicloud Defense.

Learn more about how guardrails are enforced: