DLP fails to detect sensitive content when using AI Access security License

DLP fails to detect sensitive content when using AI Access security License

393
Created On 05/12/25 21:54 PM - Last Modified 10/10/25 02:24 AM


Symptom


  • DLP (Data Loss Prevention) isn't detecting sensitive content in the inline traffic.
  • This means no DLP incidents are being logged for users.
  • The message "License not valid" is displayed when using the command "show ctd-agent status security-client”.

Environment


  • Prisma Access of NGFW
  • Supported PAN-OS
  • AIX license (which has DLP feature)

Cause


AI Access Security License only supports partial DLP. The license only supports Gen AI Apps for DLP inspection.

Resolution


  1. DLP part of AIX license is only supported from PAN-OS 11.2.2+ for Gen AI Apps.
  2. For non Gen AI Apps, Enterprise DLP license is required.
  3. Refer to this document  and contact accounts team to get the proper license.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000fxXaKAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail