Skip to main content

AI Guard Settings

On the AI Guard Settings page in your Pangea User Console , you can view the service's integrations with other Pangea services.

Click on an integration tile to view the current settings. For some services, you can modify configuration settings and enable or disable integrations as needed. The settings saved in AI Guard override the underlying service configuration.

Click the service link to view the configuration page for the integrated service.

IP Intel Integration settings on the AI Guard General settings page in the Pangea User Console

Prompt Guard Integration

Prompt Guard detects prompt injection attacks in submitted input using a set of analyzers that can be enabled or disabled individually in the service configuration. The integration with Prompt Guard allows AI Guard to report or block the detection. In its API response, AI Guard includes the analyzer that detected the threat, the detection confidence score (between 0.00 and 1.00), and the action taken.

Configuration options:

  • Enable (default).
  • Disable.

Activity Log

The Activity Log for AI Guard captures the details of service calls. You can view a summary of AI Guard activity on its Overview page and access individual logs on the Activity Log page in your Pangea User Console.

Learn more about using this feature on the Activity Log documentation page.

Configuration Options

The Activity Log settings allow integration with the Secure Audit Log service, enabling attribution and accountability in your AI application.

Enabled by default, the integration uses the AI Activity Audit Log Schema, which is specifically designed to track AI application activity. When you click on the Activity Log tile, the dialog on the right will display the schema name and configuration ID. AI Guard logs its activity within this schema, capturing key details of each service call, including timestamps, input, output, detections, and contextual information.

Configuration options:

  • Enable Log AI Guard Activities (default).
  • Disable Log AI Guard Activities.

Audit Log Schema

View and configure the schema fields

You can view and configure the visibility of fields in your AI Guard audit schema, as well as set whether they are required on the Secure Audit Dialog configuration pages:

  1. In your Pangea User Console , click on the Secure Audit Log service name. If the service is not active, follow the wizard and accept the default settings to enable it.
  2. Select your AI Activity Audit Log Schema from the top left in the service sidebar.
  3. Click General in the sidebar.
  4. Under Secure Audit Log Settings, click the Audit Log Schema tile.
  5. In the dialog on the right, you can view the schema fields, update their visibility, and change whether they are required.
  6. Click Save to apply your changes.

Audit Schema settings on the Secure Audit Log General settings page in the Pangea User Console

Use the Schema in Your Application

Optionally, you can use this schema to capture additional details in your AI application. This allows you to view your application-specific events alongside the service activity in the AI Guard Activity Log, with a summary on the service's Overview page.

To send log data to Secure Audit Log from your application code:

  1. Click the Overview link in the Secure Audit Log sidebar.
  2. On the Secure Audit Log Overview page, in the Configuration Details section, obtain the necessary credentials to make an API call to Secure Audit Log:
    1. Your AI Activity Audit Log Schema Config ID (ensure the schema is selected in the top left sidebar).
    2. The project Domain.
    3. The Default Token to authorize your application requests to the Secure Audit Log service APIs.

Learn more about configuring Secure Audit Log in its documentation.

Redact Integration

Integration with the Redact service enables redaction rules within AI Guard detectors.

Follow the link to configure Redact rulesets and define how they are applied in AI Guard. Redact allows you to configure multiple schemas, and you can select which one to use in AI Guard. Learn more about Redact on its documentation pages.

Configuration options:

  • Select Redact schema.

Vault Integration

Pangea's Vault manages secrets and keys required by the AI Guard service.

For example, on the Vault's Secrets & Keys page, under pangea >> secrets >> ai-guard in your Pangea User Console , you can find the IDs for the tweak values created in AI Guard for use with deterministic Format Preserving Encryption (FPE). You can access these values using Vault APIs, such as the /v2/get endpoint. Learn more about Vault configuration on its documentation pages.

Integration with Vault is enabled by default and cannot be changed.

IP Intel Integration

Integration with the IP Intel service allows AI Guard Malicious Entity detector to identify and defang malicious IP addresses.

Configuration options:

  • Select Reputation Provider.
  • Adjust the Identify as malicious based on threshold value to exclude detections of IP addresses with lower risk scores.

Learn more about IP Intel providers and configuration in the service's documentation.

URL Intel Integration

Integration with the URL Intel service allows AI Guard Malicious Entity detector to identify and defang malicious URLs.

Configuration options:

  • Select Reputation Provider.
  • Adjust the Identify as malicious based on threshold value to exclude detections of URLs with lower risk scores.

Learn more about URL Intel configuration in the service's documentation.

Domain Intel Integration

Integration with the Domain Intel service allows AI Guard Malicious Entity detector to identify and defang malicious domains.

Configuration options:

  • Select Reputation Provider.
  • Adjust the Identify as malicious based on threshold value to exclude detections of domains with lower risk scores.

Learn more about Domain Intel configuration on its documentation pages.

Was this article helpful?

Contact us