AI application protection in Web Application Firewall (WAF) 3.0 defends AI models, data, and infrastructure against prompt injection, jailbreak attacks, and content compliance violations.
What is AI application protection
AI models power applications across NLP, image recognition, and recommendation systems. However, AI applications and agents face threats including prompt injection, jailbreak commands, role-play manipulation, and content compliance violations. These risks threaten business operations and create compliance exposure. AI application protection addresses these threats at the WAF layer without requiring code changes.
Benefits
AI application protection integrates Alibaba Cloud AI Security Guardrails to detect prompt injection and jailbreak attacks, enforce content compliance, and apply WAF actions (block, replace, revoke) in real time.
-
Prompt attack detection: Identifies jailbreak commands, role-play manipulation, and system instruction tampering targeting generative AI. Covers AI agent instruction flows, open-domain dialogue systems, and third-party plugin calls.
-
Content compliance detection: Checks both request and response content against security and regulatory requirements.
-
Real-time protection and response: Blocks abnormal behavior and replaces response content in real time using WAF actions including block, replace, and revoke.
Enable AI application protection
Before you begin, enable subscription WAF 3.0 or pay-as-you-go WAF 3.0 and add your web service to WAF.
-
Log on to the Web Application Firewall 3.0 console. In the top menu bar, select the resource group and region (Chinese Mainland or Outside Chinese Mainland) for the WAF instance. In the left-side navigation pane, choose .
-
Apply for public preview: On the AI Application Protection page, click Request Public Preview. Fill in your trial application information and click Submit.
An Alibaba Cloud engineer will contact you within one week to confirm the trial details. After approval, AI application protection is automatically enabled for your WAF instance.
-
Activate AI Guardrails and Role Authorization: The AI Application Protection feature depends on AI Guardrails capabilities. After approval, return to the WAF AI Application Protection page and follow the instructions to complete service activation and role authorization.
The AI Application Protection feature is in public preview and free of charge. However, it invokes AI Guardrails capabilities, and the associated charges appear on the AI Guardrails bill.
FAQ
What are the differences among AI Guardrails, AI application protection, and AI Gateway?
|
Comparison item |
AI Guardrails (core atomic capabilities) |
AI Application Protection (for security teams) |
AI Gateway (for business teams) |
|
Product positioning |
Core atomic capabilities for AI intent protection. Detects content risks, prompt attacks, hallucinations, and sensitive information. |
Out-of-the-box security protection built on AI Guardrails. |
Traffic routing and management for LLM API forwarding. Security protection is an add-on feature. |
|
Integration method |
Detection-only SDK integrated into application source code. |
No code changes required. Add the AI application domain to WAF to enable protection. |
Set the AI agent base URL to the AI Gateway endpoint URL. |
|
Features |
Flexible deployment and rule configuration. Embeds within applications, between applications, or within LLMs to prevent policy evasion. |
Fine-grained rule configuration with preconfigured actions: revoke, replace, acknowledgement, block, log, and custom responses. |
Security plug-in built on AI Guardrails with limited capabilities. No fine-grained content type rules; block is the only available action. |
|
Limitations |
Detection only; no direct action capabilities. |
Requires WAF architecture. Cannot be used if the domain cannot be added to WAF. |
Limited security capabilities and actions. |