Detecting GenAI Threats at Scale with YARA-Like Semantic Rules
Mohamed Nabeel
[un]prompted 2026 — AI Security Practitioner Conference · Day 1 · 2
YARA has been the gold standard for malware detection for two decades — but natural language is now the attack surface. Mohamed Nabeel of Palo Alto Networks introduces SCIARA (pronounced "see-ara"), an open-source library that brings YARA's familiar rule syntax into the semantic domain, enabling detection of prompt injection and AI-specific threats at the scale of millions of URLs per day, with cost reductions approaching 99% over naive LLM-based approaches. ---
AI review
Nabeel took YARA — a tool every person in that room already knows and respects — and extended it into the semantic domain with a genuinely useful open-source library. The 98.2% cost reduction number isn't marketing; it comes from a real 10,000-URL batch test with documented methodology. The pre-filtering pattern alone is worth the price of admission.