生成式AI安全白皮书

1. Report Industry Investment Rating No relevant content provided. 2. Core Views of the Report - Generative AI is reshaping industries, but its security issues are becoming a key bottleneck for sustainable development. Future AI security will trend towards security left - shifting, system - and intelligence - based defense, and an open and shared - responsibility ecosystem [142][144] - Volcano Engine positions itself as a trusted and secure infrastructure provider for AI cloud - native, offering safe and compliant AI services and sharing security responsibilities with users [27][46] 3. Summary by Directory 3.1 Introduction - Industrial Trajectory and Inflection Point: The capabilities of foundational models are expanding rapidly, and enterprises are shifting from single - point trials to platform - based construction, requiring unified management of model services, data governance, etc. [16][17] - Core Issues and Challenges in Generative AI Security: There are risks in the model, data, and application layers, and governance and compliance need to be embedded in products [19][21][23][24] - Volcano Engine's AI Security Proposition: It aims to be a trusted and secure infrastructure provider for AI cloud - native, building AI security capabilities in technology, governance, and the ecosystem [27] 3.2 Generative AI Security Risks - Regulatory and Compliance Risks: Global regulatory bodies are strengthening laws and regulations for AI. Enterprises need to comply with relevant requirements in different regions [31][32][33] - Data Privacy Risks: There are risks in data collection, storage, training, and usage stages, and internal human factors can also cause risks [36][37][38] - Generative AI Security Risks: Risks exist in AI infrastructure, models, platforms, and intelligent agents, and along the "AI infrastructure → large model → intelligent agent" chain [40][41][42] 3.3 Volcano Engine's Generative AI Service Security Assurance System - Security Responsibilities in the Generative AI Wave: Security responsibilities in generative AI scenarios are shared between users and service providers, including compliance, privacy, and security responsibilities [46] - Compliance Qualifications and Certifications: Volcano Engine's large models have completed relevant filings and evaluations, and it participates in standard - setting to promote industry security [61][62] - Data Security and Privacy Protection Design Concept: The key challenges in large - model data and privacy security are addressed. The Ark TrustAI System provides a comprehensive protection plan [65][67][72] - Generative AI Security Technology Assurance System - AI Infrastructure Security: It combines platform - based and enhanced security solutions, covering governance, product protection, threat intelligence, and more [76][80][84] - AI Model and Platform Security: Volcano Ark ensures model and user information security. Model security has principles and lifecycle management, and the platform has a secure architecture [92][93][103] - AI Intelligent Agent Security: It includes identity and permission management, tool management and access control, and in - depth defense and reinforcement [114][120][124] 3.4 Summary - Generative AI Industry Security Outlook: Future AI security will trend towards security left - shifting, system - and intelligence - based defense, and an open and shared - responsibility ecosystem [142][144] - Volcano Engine's Commitment to Generative AI Security: Volcano Engine is committed to providing a trusted, controllable, and compliant AI cloud - native base and collaborating with partners to address security challenges [142]