> For the complete documentation index, see [llms.txt](https://waf-doc.inext.checkpoint.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://waf-doc.inext.checkpoint.com/additional-security-engines/genai-security.md).

# GenAI Security

## Overview

Generative AI (or GenAI) is transforming applications by enabling natural interactions, automation, and advanced decision-making. However, these capabilities also introduce new security risks such as prompt injection, data leakage, sensitive content exposure, and misuse of resources. Traditional security controls are not designed to handle these challenges.

CloudGuard WAF addresses this with a Ensemble learning model purpose-built for GenAI applications.

CloudGuard WAF combines:

* **Engine 1 – Prompt & Data Classification**\
  A super-fast supervised model trained on millions of prompts and attacks classifies inputs in real time.&#x20;
* **Engine 2 – Contextual & Semantic Analysis**\
  This semantic engine ensures accurate decisions on whether to approve or block requests.

This ensable approach delivers:

* Best-in-class detection accuracy
* Continuous adaptation to new threats
* Minimal latency (as low as 50ms, depending on prompt size)

### Configuration

#### Settings

GenAI Security settings can be configured during the asset creation, see instructions [here](/getting-started/protect-a-web-application-api.md#step-4-genai-protection). Or from the asset directly:

**Step 1:** Edit the web API/application asset through Policy->Assets-> General Tab.

<figure><img src="/files/IsGc2AVXObUYcBXfE4Xm" alt=""><figcaption></figcaption></figure>

Configure the following:

* **Request URI**: Enter the API endpoint for LLM prompts (e.g., /api/chat).
* **Prompt Location:** Specify where the prompt appears in the request body (e.g., body.prompt).

Under Advanced you can configure the following:

<figure><img src="/files/YJuQzfeTkLLumavsWdCf" alt="" width="375"><figcaption></figcaption></figure>

* **LLM Model**: Select the LLM your app uses.
* **Expected Prompts**: Choose One:
  * Wide range – many different prompt types.
  * Specific – narrow, domain-focused prompts.
* **Expected Users**:
  * All users (internal & external)
  * Internal roles (e.g., admin, sales)
  * External roles (e.g., customers, partners)
  * One specific role
* **Application Description:** Add a short note on your app’s purpose to improve protection accuracy.

#### Modes

All GenAI Security Modes can be configured by navigating to **Policy → Assets** and editing the GenAI tab in the Web Application Asset.

<figure><img src="/files/mQS12t3AoFuRcR0jX9YE" alt=""><figcaption></figcaption></figure>

GenAI Security protects AI-driven applications using two protection models:

* **Learn / Detect** – monitors activity, detects suspicious behavior, and learns usage patterns.
* **Prevent** – actively blocks malicious or risky inputs/outputs when detected.
* **Disabled** - not activating the protection.

### Protection Types

#### Prompt Injection Prevention

<figure><img src="/files/AjKBptVOiQAkh47KMNNW" alt=""><figcaption></figcaption></figure>

Prevents malicious prompt manipulation techniques, such as:

* Context changes
* Obfuscation attempts
* Reverse psychology
* Role-play and emotional manipulation
* Negation commands
* Chain-of-thought manipulation

#### Data Leakage Prevention

<figure><img src="/files/KfBUKWnxqgsD5yqhZpbS" alt=""><figcaption></figcaption></figure>

Protects against sensitive data exposure by detecting and blocking patterns such as:

* Credit card numbers
* IBANs and banking details
* Other personal identifiers

Data checks can be applied to both **incoming requests** (requests to the application) and **outgoing responses** (responses from the application to the calling client).

#### Content Control&#x20;

<figure><img src="/files/hS0yxP84XyeQ7Zb0Bmbe" alt=""><figcaption></figcaption></figure>

Analyzes AI inputs and outputs for restricted or harmful content, including:

* Banned keywords and topics
* Language misuse
* Sentiment and toxicity detection

#### Usage Guard (Coming Soon)

<figure><img src="/files/JOoZir7qiKX0SDcTqRDO" alt=""><figcaption></figcaption></figure>

The **Usage Control** policy protects GenAI applications from excessive resource consumption by enforcing limits on request frequency and request size. This helps mitigate abusive usage patterns, including prompt flooding, excessive token consumption, and AI Denial-of-Service (AI DoS) attempts.

To configure Usage Control:

1. Navigate to the **Usage Control** practice.
2. Select the enforcement **Mode**:
   * **Detect** – Log violations without blocking requests.
   * **Prevent** – Block requests that exceed the configured limits.
3. Add one or more rules:
   * **Rate** – Limit the number of requests allowed within a specified time window.
   * **Size** – Limit the maximum request payload size.
4. (Optional) Configure additional conditions to scope the rule to specific applications or traffic.
5. Save and publish the policy.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://waf-doc.inext.checkpoint.com/additional-security-engines/genai-security.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
