360 Security Technology (SH:601360) Zhong Jin Zai Xian·2025-11-08 04:50Core Insights - The 360 Digital Security Group released the "Large Model Security White Paper" at the World Internet Conference, outlining five key risks associated with large model operations and proposing a dual-track security strategy to enhance AI safety and reliability [1][4][12] Risk Summary - The white paper identifies five critical risks to large model security: 1. Infrastructure security risks, including device control, supply chain vulnerabilities, denial-of-service attacks, and misuse of computing resources [5] 2. Content security risks, which involve non-compliance with core values, false or illegal content, model hallucinations, and prompt injection attacks [5] 3. Data and knowledge base security risks, highlighting issues like data leakage, unauthorized access, privacy abuse, and intellectual property concerns [5] 4. Intelligent agent security risks, where the increasing autonomy of agents blurs security boundaries in areas like plugin invocation and data flow [5] 5. User-end security risks, including permission control, API call monitoring, malicious script execution, and security in multi-cloud platforms [5] Security Strategy - The white paper proposes a dual-track governance strategy of "External Security + Platform Native Security" to address the identified risks: - External security acts as an "external bodyguard" for real-time risk management, while platform native security serves as an "internal armor" to strengthen foundational safety [7][10] Implementation of Security Measures - The external security approach focuses on proactive monitoring and defense against threats to computing hosts, software ecosystems, input/output content, and model hallucinations, offering adaptability and rapid response capabilities [9] - The platform native security embeds safety features into core components, ensuring compliance with national and industry standards while providing comprehensive protection for intelligent applications [9][10] Comprehensive Defense Capabilities - The company has developed a comprehensive solution comprising seven core product capabilities that integrate external and platform native security, addressing risks from infrastructure to content layers [10] - The external security products include systems for computing host security, detection, protection, and hallucination detection, while platform native products safeguard data, control intelligent agent behavior, and secure user endpoints [10][12] Industry Application - The security capabilities have been successfully implemented across various sectors, including government, finance, and manufacturing, transforming theoretical security measures into practical solutions [12]