360 Security Technology (SH:601360) Zheng Quan Shi Bao Wang·2025-11-09 00:27Core Viewpoint - The 360 Digital Security Group released the "Large Model Security White Paper" at the World Internet Conference, outlining five key risks associated with large model operations and proposing a dual-track governance strategy for security [1][2]. Summary by Sections Key Risks Identified - The white paper identifies five critical risks threatening large model security: 1. Infrastructure security risks, including device control, supply chain vulnerabilities, denial-of-service attacks, and misuse of computing resources 2. Content security risks, involving non-compliance with core values, false or illegal content, model hallucinations, and prompt injection attacks 3. Data and knowledge base security risks, highlighting data breaches, unauthorized access, privacy abuse, and intellectual property issues 4. Agent security risks, where the increasing autonomy of agents blurs security boundaries in areas like plugin calls, computing resource scheduling, and data flow 5. User-end security risks, covering permission control, API call monitoring, malicious script execution, and MCP execution security [1][2]. Governance Strategy - The white paper proposes a dual-track governance strategy of "external security + platform-native security": - External security acts as an "external bodyguard" to flexibly respond to real-time risks, while platform-native security serves as an "internal armor" to strengthen the foundational security [2][3]. - External security focuses on monitoring and defending against risks related to computing hosts, software ecosystems, input/output content, and model hallucinations [2]. - Platform-native security embeds security capabilities into core components, enhancing the safety of supporting components and ensuring compliance throughout the process [3][4]. Product Capabilities - The company has developed a comprehensive solution for large model security, consisting of seven core product capabilities that combine external and platform-native security: - External security capabilities do not intrude on the original architecture of large models and provide flexible, rapid dynamic protection through external tools [3]. - Key products include the Large Model Guardian computing host security system, detection system, protection system, and hallucination detection and mitigation system, which together form an external barrier against infrastructure and content risks [3][4]. Implementation and Future Plans - The platform-native security approach is reflected in three major products: an enterprise-level knowledge base, an agent construction and operation platform, and an agent client, which collectively address internal security challenges [4]. - The company has successfully implemented these capabilities across various sectors, including government, finance, and manufacturing, transforming large model security from theory into practical solutions [4][5]. - Future plans involve collaboration with academia and industry to promote security standards and technology sharing, aiming to build a safe and trustworthy AI ecosystem [5].