360 Security Technology (SH:601360) Huan Qiu Wang·2025-08-11 04:17Core Viewpoint - The security industry is transitioning from a rapid integration model of general large models to a specialized and in-depth development phase, necessitating the creation of dedicated vertical large models tailored for the security field [1][3]. Industry Trends - The exploration of large models in the security sector has shifted significantly from an initial model that combined general large models with security knowledge bases and tools to a more specialized approach [3]. - The unique characteristics of the security field demand higher technical requirements, including the deep transformation and absorption of high-value professional data and the localization of expert experience [3][4]. Methodology - The "fast and slow thinking" methodology is central to 360's approach, categorizing security tasks into "fast thinking" and "slow thinking" tasks to redefine the capabilities of large models [5]. - "Fast thinking" corresponds to intuitive judgments based on vast training data, while "slow thinking" involves complex reasoning tasks that require factual knowledge and external tools [5]. Practical Breakthroughs - 360 has focused on various security tasks, aiming for specialized models that outperform general large models in practical effectiveness [6]. - The first phase involved exploring vertical model structures and training methods tailored to specific security tasks, achieving a 99.42% accuracy rate in endpoint behavior analysis [6]. - The second phase introduced a "multi-expert collaborative (CoE)" large model architecture to address the challenges of multi-model collaboration and application costs [6]. - The third phase involved the development of the RL-LoRA training framework in collaboration with Berkeley BAIR, significantly reducing training costs and improving efficiency [7]. Intelligent Agent Development - 360's intelligent agent practice has evolved through two phases, focusing on the precise implementation of complex expert experiences and enhancing autonomous decision-making capabilities [8]. - The first phase utilized a workflow platform to integrate expert experiences with large model capabilities, achieving results comparable to human experts [8]. - The second phase involved the creation of a "Monte Carlo associative tree intelligent agent," enabling strategic thinking and dynamic problem-solving capabilities [8].