# GenAI Security

## Overview

Generative AI (or GenAI) is transforming applications by enabling natural interactions, automation, and advanced decision-making. However, these capabilities also introduce new security risks such as prompt injection, data leakage, sensitive content exposure, and misuse of resources. Traditional security controls are not designed to handle these challenges.

CloudGuard WAF addresses this with a Ensemble learning model purpose-built for GenAI applications.

CloudGuard WAF combines:

* **Engine 1 – Prompt & Data Classification**\
  A super-fast supervised model trained on millions of prompts and attacks classifies inputs in real time. 
* **Engine 2 – Contextual & Semantic Analysis**\
  This semantic engine ensures accurate decisions on whether to approve or block requests.

This ensable approach delivers:

* Best-in-class detection accuracy
* Continuous adaptation to new threats
* Minimal latency (as low as 50ms, depending on prompt size)

### Configuration

#### Settings

GenAI Security settings can be configured during the asset creation, see instructions [here](/getting-started/protect-a-web-application-api.md#step-4-genai-protection). Or from the asset directly:

**Step 1:** Edit the web API/application asset through Policy->Assets-> General Tab.

<figure><img src="/files/IsGc2AVXObUYcBXfE4Xm" alt=""><figcaption></figcaption></figure>

Configure the following:

* **Request URI**: Enter the API endpoint for LLM prompts (e.g., /api/chat).
* **Prompt Location:** Specify where the prompt appears in the request body (e.g., body.prompt).

Under Advanced you can configure the following:

<figure><img src="/files/YJuQzfeTkLLumavsWdCf" alt="" width="375"><figcaption></figcaption></figure>

* **LLM Model**: Select the LLM your app uses.
* **Expected Prompts**: Choose One:
  * Wide range – many different prompt types.
  * Specific – narrow, domain-focused prompts.
* **Expected Users**:
  * All users (internal & external)
  * Internal roles (e.g., admin, sales)
  * External roles (e.g., customers, partners)
  * One specific role
* **Application Description:** Add a short note on your app’s purpose to improve protection accuracy.

#### Modes

All GenAI Security Modes can be configured by navigating to **Policy → Assets** and editing the GenAI tab in the Web Application Asset.

<figure><img src="/files/mQS12t3AoFuRcR0jX9YE" alt=""><figcaption></figcaption></figure>

GenAI Security protects AI-driven applications using two protection models:

* **Learn / Detect** – monitors activity, detects suspicious behavior, and learns usage patterns.
* **Prevent** – actively blocks malicious or risky inputs/outputs when detected.
* **Disabled** - not activating the protection.

### Protection Types

#### Prompt Injection Prevention

<figure><img src="/files/AjKBptVOiQAkh47KMNNW" alt=""><figcaption></figcaption></figure>

Prevents malicious prompt manipulation techniques, such as:

* Context changes
* Obfuscation attempts
* Reverse psychology
* Role-play and emotional manipulation
* Negation commands
* Chain-of-thought manipulation

#### Data Leakage Prevention

<figure><img src="/files/KfBUKWnxqgsD5yqhZpbS" alt=""><figcaption></figcaption></figure>

Protects against sensitive data exposure by detecting and blocking patterns such as:

* Credit card numbers
* IBANs and banking details
* Other personal identifiers

Data checks can be applied to both **incoming requests** (requests to the application) and **outgoing responses** (responses from the application to the calling client).

#### Content Control&#x20;

<figure><img src="/files/hS0yxP84XyeQ7Zb0Bmbe" alt=""><figcaption></figcaption></figure>

Analyzes AI inputs and outputs for restricted or harmful content, including:

* Banned keywords and topics
* Language misuse
* Sentiment and toxicity detection

#### Usage Guard (Coming Soon)

<figure><img src="/files/IBjTye31wbXSDI689Uml" alt=""><figcaption></figcaption></figure>

Prevents misuse of the application by limiting resource consumption. Controls include:

* Maximum prompt size
* Maximum prompts per user or session
* Frequency controls to stop abuse


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://waf-doc.inext.checkpoint.com/additional-security-engines/genai-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.