UPDATE · 2026-05-29Prisma AIRS is what Portkey became after the Palo Alto Networks acquisition. If you were on Portkey directly, PANW is routing you into their enterprise procurement track.See the alternative →

Visionality vs Prisma AIRS

Prisma AIRS is enterprise-only. Not everyone is.

Palo Alto Networks bought Portkey (May 29, 2026) and folded it into Prisma AIRS — the AI Runtime Security bundle sold alongside Prisma Cloud and Prisma Access. If your PANW rep is scheduling enterprise-procurement calls and you don't have a PANW security org, you need somewhere else to run. Visionality is the purpose-built alternative — in stealth today; hosted design-partner access from $99/mo, same wire-level surface, Finance-audit-ready by default.

Migrating from Portkey directly? See the Portkey-branded migration page →

What Prisma AIRS is

PANW's AI Runtime Security suite, with Portkey inside.

Prisma AIRS existed as a PANW product line before the Portkey acquisition — an enterprise DLP + posture-management play for AI. The Portkey acquisition added multi-provider routing, cost observability, and semantic caching. Verify with your PANW rep for account-specific impact.

Owner

Palo Alto Networks (PANW)

Origin

Portkey acquisition, May 29, 2026

Deal size

~$700M-class (undisclosed exact)

Product line

Prisma AIRS = AI Runtime Security suite

Bundled with

Prisma Cloud + Prisma Access (SASE)

Pricing shape

Enterprise-only, undisclosed publicly

Buyer

CISO org, PANW procurement track

Deployment

PANW cloud / hybrid on-prem appliances

Migration path

Moving from Prisma AIRS to Visionality

Roughly a half-day of engineering time. Config ports 1:1 from your existing Portkey (or Prisma AIRS-encoded) setup; SDK code stays the same. The differences show up as features you didn't have before.

1

Point your SDK at Visionality

Same wire-level surface Portkey had — swap the base URL. Anthropic / OpenAI / Google / Bedrock / Azure OpenAI all supported natively; 1,900+ more via OpenRouter and LiteLLM pass-through. Your existing SDK code works unchanged.

2

Import your Portkey config

Metadata mapping, route configs, and rate-limit policies port over 1:1. If your PANW rep is offering to migrate you to Prisma AIRS instead, take the exported config and point it at us — the wire-level position is identical, so the config just works.

3

Turn on the differences

Spend Tokens, binding-key envelope, PII pre-flight, SOC 2 evidence pack, per-project chargeback CSV — all one env flag away. None of these existed in Portkey; and while Prisma AIRS has security posture, it doesn't have Finance-audit-grade attribution or per-task chargeback.

4

Skip enterprise procurement

Design-partner access is available during stealth. Hosted from $99/mo at public launch when you want us to run it. Team at $499/mo when you need SSO. Enterprise at $999+/mo when you need BYOC + SOC 2 pack + dedicated CSM — but real Enterprise deals land $5k-$50k/mo, still well under whatever PANW's Prisma AIRS SKU comes with.

In stealthRequest design-partner access — hosted on our infra during stealth. An open-source Lite edition is planned for the post-stealth public launch; a self-host curl | bash installer will ship with it.

What to say in the room

The question comes from a specific seat. The answer should too.

Prisma AIRS is genuinely stronger on classic DLP security posture — that's where PANW has 20+ years of muscle. Visionality is genuinely stronger on Finance-audit-grade cost governance and per-task attribution.

CFO

"Show me what we spent on AI last month, by project, by team — joinable to our GL."

Prisma AIRSBundled into a PANW spend line. Not per-project unless you buy specific Prisma Cloud add-ons for FinOps.
VisionalityChargeback CSV with GL codes + cost centers, joinable to Workday. Every row signed by the SSO sub, tied to a task in your tracker.

CHRO

"Who has access to AI, and what happens when someone leaves?"

Prisma AIRSBundled with your existing PANW SASE user directory — if you have one.
VisionalityHRIS leaver feed (BambooHR / Workday / Rippling) auto-revokes. Identity is in the token envelope, not on a list.

PMO

"How much did the redesign sprint actually cost us in AI tokens?"

Prisma AIRSTag it in metadata and hope engineers remember. Prisma AIRS is a security bundle, not a PMO tool.
Visionality--task PROJ-128 at key issuance — every commit on that key is tagged automatically.

CISO

"How do we prevent prompt injection, PII leaks, and jailbreaks at the gateway level?"

Prisma AIRSNative. This is Prisma AIRS's strongest pillar — DLP + runtime scanning + inline guardrails.
Visionality12-detector PII pre-flight (fail-closed), MCP Axis-2 hardening cluster (allowlist + RBAC + attestation), spend-token binding-key envelope. Not the same coverage AIRS has for classic DLP — that's where AIRS wins on the security dimension.

The details

Capability-by-capability, where the postures diverge.

Use this when engineering + security + finance all need to see what actually differs.

Ownership + roadmap

CapabilityPrisma AIRS (PANW)Visionality
Current ownerPalo Alto Networks (Prisma product line)Visionality (ServiceVision) — independent, in stealth · Lite edition planned
Buying trackPANW enterprise procurement, CISO-ledDesign-partner access during stealth · $99 Hosted / $499 Team / $999+ Enterprise at public launch
Product roadmap directionAbsorbed into Prisma AIRS security suite, PANW-directedMid-market-first, weekly design-partner reviews, roadmap shared with partners
Data residencyPANW infrastructure (cloud / on-prem PANW appliances)Hosted on our infra; BYOC available at Enterprise; self-host option coming with the Lite edition

Posture

CapabilityPrisma AIRS (PANW)Visionality
Primary buyerCISO org with existing PANW footprintCFO — pulls in CIO / CHRO / PMO
FrameAI Runtime Security — DLP + guardrails + postureAI commit ledger — reconciliation to person × project × task × token
What changes Monday morningSecurity team gets AI in the same panel as SASE / CASBFour awkward stakeholder questions stop being awkward

Cost governance

CapabilityPrisma AIRS (PANW)Visionality
Hard budget capRate limits at the gateway (soft)Budget binding signed into the token; gateway fast-fails 402 before any LLM call
Per-project chargeback CSVNot first-class; bundle-level cost onlyFirst-class — GL codes + cost centers, joinable to Workday
Semantic cachingYes (from Portkey)Yes — CACHE-01 with envelope-aware credit accounting
Real-time burn-down per projectDashboardsHard counter — UI + ledger row + 402 response in one trip

Security posture

CapabilityPrisma AIRS (PANW)Visionality
PII pre-flightYes — DLP is a PANW core competencyYes — 12 detectors, fail-closed
Prompt injection scanningYesYes — MCP-PROMPT-INJECTION-PREFILTER primitive
SASE integrationNative — same panel as Prisma AccessExternal via OTel + your existing SIEM
SOC 2 / ISO 27001 / ISO 42001 / NIST AI RMF evidenceCustom queries + PANW compliance moduleTwo-click evidence pack across all four frameworks

OSS + deployment

CapabilityPrisma AIRS (PANW)Visionality
LicenseProprietary (PANW commercial)In stealth · design-partner deploys today; Lite edition self-host planned post-stealth
Self-hostEnterprise appliance option, not communityLite edition planned for post-stealth public launch
Governance transparencyWhatever PANW's security team ships in their release cycleWeekly design-partner reviews · 1,299+ tests · roadmap shared with partners

Honest take

When Prisma AIRS is genuinely the right answer.

If your team is already a PANW Prisma Cloud or Prisma Access customer, the AIRS bundle likely comes with your existing contract at minimal marginal cost — that's a real economic advantage. If your primary AI risk story is DLP, prompt injection, and jailbreak prevention as a security posture extension, Prisma AIRS shares operational context with your SASE and CASB in one PANW panel. That's a meaningful UX and IR advantage for a mature CISO org.

Visionality is a different bet: AI cost and audit governance as a Finance-owned discipline, priced for teams that don't have PANW procurement, in stealth today with an open-source Lite edition planned. If you need both — enterprise security posture AND per-task Finance-audit-grade attribution — the honest answer is you run both. Neither one covers the other's core competency.

Skip the enterprise procurement cycle.

Same wire-level surface as what Portkey was — your existing SDK code works unchanged. Bring your own LLM keys. In stealth today with hosted design-partner access; an open-source Lite edition is planned for the post-stealth public launch.