Policy Generator

The Policy Generator is used to create a template for an AI Runtime Protection Policy based on the results of selected probe runs. Created template can later be either applied as an update to the existing policy or created as a completely new one. The generated policy activates Policy Rules and adjusts their configurations according to the outcomes of these probe runs, ensuring that the policy reflects real system behavior and is tailored to the specific findings of the selected probes.

When working with an existing policy, the generator can refine it by updating or fine-tuning current Rules, adding newly relevant ones. By leveraging data from Probe Runs, the Policy Generator ensures that every new or updated policy is grounded in actual usage patterns and reflects the current state of the system, resulting in more accurate, comprehensive, and effective protection.

If you want to configure a policy independent of probe runs, you can do so on the AI Runtime Protection page.

Creating a Policy

Step 1: The user can choose between two options:

• Create a completely new Policy, or

• Generate a new Policy from an existing one.

If Create from Existing Policy is selected, two dropdown menus appear:

1. Workspace selection - to choose the workspace where policy is located.

2. AI Runtime Policy selection - to pick the existing policy as a base.

Once an existing Policy is chosen, an expandable section labeled "Existing AI Runtime Policy Preview" becomes active. It shows all current Rules configurations for the selected policy, providing a clear overview before generating the new version.

Step 2: Select Mapped Probes

After defining the policy source, the next step is to select Probes. Only probes that meet the required criteria are shown, and their fail rates are displayed for reference.

Probes used in this step must:

• Have a completed probe run

• Have mapped Policy Rules

These criteria ensure that only relevant probes are included in the generated policy, keeping configurations accurate and efficient.

After the "Generate Policy" button is clicked, new Policy Template is created, and viewed on tab Latest. All previously created Policy Templates are displayed on History tab.

Generated Policy Template Page

Once the new policy has been generated, the Generated Policy Template Page displays the full details of the result.

The top section includes key policy information:

• Generation timestamp - when the policy template was created.

• Generated by - who triggered the policy generation the policy.

• Appliance timestamp - when the policy was applied to AI runtime protection.

• Applied by - who applied the policy.

• Policy type - whether it’s a new policy or based on an existing one.

• Selected probes - displayed as badges.

• Progress status - showing whether the policy is being generated or the generation is finished.

• State - not applied, applied.

Below the summary, users can review all rules configured in the generated policy template. Certain rules, such as Context Leakage in the example, offer additional generated configuration options, which can be viewed by expanding their detail sections.

Available Actions

On the generated policy template, the following actions are available:

• Export Policy - allows downloading the generated policy in JSON format.

• Apply Policy:

  • to Existing AI Runtime Policy - updates an existing AI runtime policy.

  • Create New AI Runtime Policy - creates a new AI runtime policy with generated rules.

The system also maintains a history of generated policies in the History tab, allowing users to revisit and review previously created versions at any time.