Skip to main content

Policy Configuration

The Policies page in the AIDR console lets you define how incoming and outgoing AI traffic is inspected and controlled.

Each collector registered in AIDR and deployed in your environment can be assigned an input policy and an output policy. These policies determine which detections are applied to data entering or leaving an AI system and whether any enforcement actions are taken.

Pre-configured policies

On the Policies page, you can view a set of default policies designed for common use cases. These out-of-the-box policies serve as both examples and starting points for your own configurations.

You can edit existing policies or create new ones to match your security requirements.

Pre-configured policies on the Polices page in the AIDR console

Create policy

  1. Click the + Policy button. In the Create a Policy dialog, provide the following information:

    • Policy Key - Unique identifier for the policy
    • Display name - Policy name as it appears in collector policy selectors
    • Description - (Optional) Additional details about the policy's purpose or scope

    Create a Policy dialog in the AIDR console

  2. Click Save.

This creates a new policy and opens its details page.

Modify policy

For each policy, you can:

  • Set up policy rules

    On the Policies page, click a policy name to open its details and configure rules.

  • Manage policy settings

    Use the triple-dot menu in the policy list or on the policy details page to access the following options:

    • Update - Edit the policy name and description. This option is available for policies you created or for out-of-the-box policies you have customized.
    • Delete - Remove custom configurations:
      • Deletes policies you created
      • Resets an out-of-the-box policy to its default configuration if customized
    • Manage Redact Settings - Enable deterministic (reproducible) Format Preserving Encryption (FPE) as a redaction method. For details, see Format Preserving Encryption (FPE) redact action in the Prompt Rules guide.

Set up policy rules

On the policy details page, you can define rules that control how AIDR processes requests and responses in collector traffic:

  • Access rules - Evaluate request attributes at runtime to determine whether a request is allowed, denied, or reported.
  • Prompt rules - Apply one or more detectors to the request or response and take block, report, or redact actions when conditions are met.

When a policy executes:

  1. AIDR evaluates the configured access rules.
  2. If the request is allowed, the policy applies the actions defined by the prompt rules.

Polices page in the AIDR console with pre-configured policies

Was this article helpful?

Contact us

Secure AI from cloud to code

636 Ramona St Palo Alto, CA 94301

Guides
Services
SDKs & APIs

©2025 Pangea. All rights reserved.

PrivacyYour Privacy ChoicesTerms of UseLegal Notices
Contact Us