360 Security Technology (SH:601360) Zhong Zheng Wang·2025-11-09 03:29Core Insights - The 360 Digital Security Group released the "Large Model Security White Paper" at the World Internet Conference, outlining five key risks associated with large model operations and proposing a dual-track governance strategy for security [1][2] Group 1: Key Risks Identified - The white paper identifies five critical risks threatening large model security: 1. Infrastructure security risks, including device control, supply chain vulnerabilities, denial-of-service attacks, and misuse of computing resources 2. Content security risks, involving non-compliance with core values, false or illegal content, large model hallucinations, and prompt injection attacks 3. Data and knowledge base security risks, highlighting issues like data leakage, unauthorized access, privacy abuse, and intellectual property concerns 4. Intelligent agent security risks, where the boundaries of security become blurred due to increased autonomy in agent operations 5. User-end security risks, which encompass permission control, API call monitoring, execution of malicious scripts, and security in MCP execution [1] Group 2: Proposed Security Solutions - The white paper advocates a "plug-in security + platform-native security" dual governance strategy, which offers two main advantages: 1. High adaptability and low deployment costs, allowing for quick integration into various enterprise environments without redundant development 2. Rapid response capabilities with independent monitoring and interception mechanisms that can identify and block real-time threats, such as abnormal computing consumption or malicious content, in milliseconds [2] Group 3: Implementation and Future Plans - 360 has successfully implemented these security capabilities across various sectors, including government, finance, and manufacturing, transforming large model security from theoretical concepts into practical, actionable solutions - The company plans to collaborate with academia and industry to promote the establishment of security standards and technology sharing, aiming to build a safe and trustworthy AI ecosystem [2]