PANW AI Security

Author: Matt Zhang

Version: 0.0.5

Type: tool

中文文档|Chinese Doc: https://github.com/zm1990s/PANW-AIRS-for-Dify/blob/main/README-CN.md

Overview

This plugin is a PANW AI Runtime Security API security tool designed for the Dify platform, aiming to enhance the security of AI model and interactions. By integrating Palo Alto Networks' advanced cloud threat detection services, it provides users with comprehensive security protection.

IMPORTANT NOTICE BEFORE USE

The software is provided "as is" and the author disclaims all warranties with regard to this software including all implied warranties of merchantability and fitness. in no event shall the author be liable for any special, direct, indirect, or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of this software.

Prerequisites

Authorized users should refer to the AI Runtime Security: API Intercept Overview to complete the configuration of AI Runtime Security.

If you have not yet been authorized, please contact our Palo Alto Networks account manager.

Main Features

• Prompt Detection: Scans user inputs in Dify applications to prevent prompt injection, large model DoS attacks, and unsafe URLs, ensuring the secure operation of AI models.
• Model and Data Protection: Scans the outputs of large models to prevent accidental leakage of sensitive data such as PII; prevents large models from returning malicious URLs or malicious content.
• Flexible Integration: Seamlessly integrates into Dify's existing architecture without requiring customized modifications to the model, supporting various integration methods such as workflows and Agents.

Basic Usage Example

Installation and Authorization

Install the plugin via Marketplace/Github/Local Plugin, and after installation, click "Authorize" to fill in the authentication information.

[Image blocked: img1]

Calling in Chatflow

You can call the plugin in Chatflow to retrieve input and output content separately. It is also necessary to use "conditional branches" for judgment. If the detection result includes "allow", the workflow continues; otherwise, static content is returned, the and workflow is stopped.

[Image blocked: img2]

The following is an example of calling the input side tool:

[Image blocked: img3]

The specific parameters are described as follows:

• Check Options? The PANW AIRS Prompt/Response identifier is used to distinguish whether the content to be checked belongs to input or output. Supported values are: ,, and
• App Name (Optional): The name of the Chatflow/Agent, used for logging purposes.
• User Name (Optional): The user identifier for the current application, used for logging purposes.
• Model Name (Optional): The name of the model used by the current application, used for logging purposes.
• PANW AIRS Profile Name Override (Optional): If you want to use a different Profile for this application, you can adjust it through this parameter. The default will use the globally configured Profile Name.

The input judgment component is configured as follows:

[Image blocked: img4]

The following is an example of calling the output side tool:

[Image blocked: img5]

The output judgment component is configured as follows:

[Image blocked: img6]

Calling in Agent

[Image blocked: img7]

Prompt examples:

You are a personal information inquiry chatbot.

You need to chat with users. Before chatting, you should call the tool to check the user's input. If the detection result includes "block", reply to the user with "Input is prohibited", otherwise answer the question normally.

If the user is asking about information related to Matt, you need to query the knowledge base for relevant content.

Before answering the question, you should call the tool to check the output. If the detection result includes "block", reply to the user with "Output is prohibited", otherwise answer the question normally.

Simple Demo

[Image blocked: img8]

Changelog

v0.0.5

• Added masked_data output parameter, storing content after DLP masking
• Added region selection feature, currently supporting three regions: US, EU, India, Singapore

v0.0.4

• Fixed documentation links

v0.0.3

• Added malicious code detection feature, aligning with API functionality

v0.0.2

• Added Profile Name Override feature, meeting the needs of different applications to use different security policy configurations (Note: globally still can only share one Key)

v0.0.1

• Initial version, implementing basic global credential configuration, input checking, and output checking
• Support for identifying the following:
  • Prompt injection
  • Malicious URLs
  • Sensitive data detection (supports backend policy definition)
  • SQL security
  • Toxic Content

PANW AI Security Tools for Dify

作者： Matt Zhang

版本： 0.0.5

类型： tool

使用前的重要声明

本软件按“原样”提供，作者不承担与本软件相关的任何担保，包括所有关于适销性和适用性的默示担保。在任何情况下，作者均不对任何因使用、数据或利润损失而导致的特殊、直接、间接或后果性损害或任何损害承担责任，无论是因合同、疏忽或其他侵权行为而导致的，也无论该等损害是否因使用或执行本软件而产生或与之相关。

概述

该插件是一款适用于 Dify 平台的 PANW AI Runtime Security API 安全工具，旨在增强 AI 模型和数据交互中的安全性，通过集成 Palo Alto Networks 先进的云威胁检测服务，为用户提供全方位的安全防护。

前提条件

已获得授权的用户，请参照此文档完成 AI Runtime Security 的配置。

如还未获得授权，请联系 Palo Alto Networks 客户经理。

主要功能

• 提示词检测：扫描 Dify 应用的用户输入，防止提示词注入、大模型 DoS 攻击、不安全的 URL 等安全问题，确保 AI 模型的安全运行。
• 模型与数据保护：扫描大模型的输出，防止大模型意外泄露 PII 等敏感数据；防止大模型返回恶意 URL、恶意内容等安全风险。
• 灵活集成：无缝集成到 Dify 的现有架构中，无需对模型进行定制化修改，支持工作流、Agent 等多种对接方式。

基本使用示例

安装及授权

通过 Marketplace/Github/本地插件等方式安装插件，安装完毕后点击“去授权”，确保认证成功。

[Image blocked: img1]

在 Chatflow 中调用

可以在 Chatflow 中分别调用插件对输入和输出内容进行检索，同时需要搭配“条件分支”来进行判断，如果检测结果中包含 "allow" 则继续进行工作流，否则返回静态内容，停止工作流。

[Image blocked: img2]

输入侧工具调用示例如下：

具体参数说明如下：

• 进行输入检查还是输出检查？：PANW AIRS Prompt/Response 标识符，用于区分待检测内容属于输入还是输出
• 应用名称（可选）：该 Chatflow/Agent 的名称，用于日志记录
• 用户名称（可选）：当前应用的用户标识，用于日志记录
• 模型名称（可选）：当前应用所使用的模型名称，用于日志记录
• 指定新的 PANW AIRS Profile Name（可选）：如果想针对该应用使用不同的 Profile，可以通过此参数来调整。默认将会使用全局配置的 Profile Name

输入判断组件配置如下：

输出侧工具调用示例如下：

输出判断组件配置如下：

在 Agent 中调用

提示词示例：

你是一个个人信息查询对话机器人。

你需要和用户聊天，在聊天前需要先调用 palo_alto_networks_ai_security_api 对用户的输入进行检查，如果检测结果中包含 block，则回复用户“输入已被禁止”，否则请正常回答问题。

如果用户在询问 Matt 相关的信息，需要查询知识库获取相关的内容。

在回答问题前，需要先将你想回答的内容调用 palo_alto_networks_ai_security_api 对输出进行检查，如果检测结果中包含 block，则回复用户“输出已被禁止”，否则请正常回答问题。

功能演示

Changelog

v0.0.5

• 新增 masked_data 输出参数，存放 DLP 脱敏后的内容
• 新增区域选择功能，目前支持三个区域：US，EU，India，Singapore

v0.0.4

• 修复文档链接

v0.0.3

• 新增恶意代码检测功能，与 API 功能对齐

v0.0.2

• 新增 Profile Name Override 功能，满足不同应用使用不同的安全策略配置需求（注意：全局依然只能共享使用一个 Key）

v0.0.1

• 初始版本，实现基本的全局凭据配置，输入检查及输出检查
• 支持下列内容的识别：
  • 提示词注入
  • 恶意 URL
  • 敏感数据检测（支持后台此定义策略）
  • SQL 安全
  • Toxic Content