Wangsu Science & Technology (SZ:300017) Yang Guang Wang·2025-07-18 07:37Core Insights - The report emphasizes the urgent need for enterprises to adopt an "AI-driven systematic proactive security" approach to address the increasing risks associated with digital transformation and asset exposure [1][6] Group 1: Cybersecurity Landscape - In 2024, the risk of asset exposure has surged dramatically, with global CVE vulnerabilities exceeding 40,000 for the first time, and high-risk vulnerabilities accounting for 67.98% [3] - The report highlights a significant increase in attacks targeting domestic software vulnerabilities, particularly in collaborative office, content management, and enterprise resource planning systems [3] - The number of T-level DDoS attacks reached 219, marking a tenfold increase year-on-year, with 60% of web attacks focusing on API interfaces [4] Group 2: AI-Driven Threats - The report identifies that AI applications have seen a 36% year-on-year increase in CVE vulnerabilities, with 250 new vulnerabilities reported in 2024 [3][6] - Prompt injection attacks have evolved from leaking sensitive information to high-risk behaviors that exploit system permissions, underscoring the need for robust defense mechanisms for large models [3] Group 3: Defensive Strategies - The report advocates for a three-pronged dynamic defense architecture comprising exposure surface convergence, depth defense, and intelligent operations [6] - It suggests utilizing Managed Security Services (MSS) for dynamic risk governance and employing cutting-edge frameworks like WAAP and SASE for comprehensive threat detection and defense [6] - The report proposes a partitioned defense strategy for large model applications, emphasizing cloud-native security technologies and zero-trust mechanisms for dynamic control [6] Group 4: Case Studies and Implementation - Successful case studies were presented, demonstrating the effectiveness of the proposed security framework, such as intercepting 99% of abnormal order traffic for a toy mall and reducing incident response time for state-owned enterprises from 8 hours to 10 minutes [7] - The company aims to continuously iterate on its proactive security capabilities to support the stable development of the digital ecosystem [9]