安全运营

Search documents
API攻击激增,安全智能体何以安全?丨ToB产业观察
Tai Mei Ti A P P· 2025-07-17 11:36
Group 1: AI and Cybersecurity Risks - AI has introduced greater risks to enterprise cybersecurity, with 57% of privacy and data security issues and 55% of AI-driven cyberattacks being attributed to generative AI cloud security concerns, yet only 7% of IT decision-makers believe there are no related security risks [2] - The complexity of attack methods has increased, with attackers leveraging a larger internet exposure as an entry point, utilizing AI capabilities for social engineering phishing attacks and supply chain attacks, leading to full-chain attacks [3] - Gartner predicts that by 2025, the adoption of generative AI will increase the need for cybersecurity resources in enterprises, resulting in a more than 15% rise in application and data security spending [3] Group 2: API Security Concerns - In the past year, China spent the highest cost on resolving API security incidents, amounting to $778,000 (approximately 5.68 million RMB), with a total of 108 billion API attacks recorded in the Asia-Pacific region from January 2023 to June 2024, accounting for 15% of all web attacks [4] - Over 60% of web attack traffic is focused on API interfaces, with attack volume increasing by 23% year-on-year, driven by the new threat exposure brought by the large-scale implementation of generative AI technology [4] - Common API vulnerabilities include misconfigurations, network firewalls not intercepting, and authorization flaws, with API misconfiguration being the most prevalent at 22.3% [5] Group 3: Web Security Trends - Web vulnerability exploitation attacks are expected to increase by 68% in 2024, with a significant rise in attacks targeting AI application vulnerabilities [6] - The concept of using AI to combat AI is gaining traction, with security service providers launching corresponding large model services to enhance threat detection and response capabilities [7][8] - The evolution of web security defense has shifted from static rule-based defenses to dynamic game-theoretic defenses, with AI becoming the central component of security systems [9] Group 4: Systematic Defense Strategies - Enterprises are moving towards a systematic defense approach, integrating various security tools into a cohesive defense mechanism, breaking down data silos and policy fragmentation [11] - For API security, companies need to establish a comprehensive API security strategy, including continuous discovery of vulnerabilities, threat management systems, and proactive testing [12] - The demand for security operations is driving the development of security service providers, focusing on asset, vulnerability, threat, intelligence, and security policy operations [13]
北京市公安局举办“平安有我”安全宣讲走进出租车、网约车和汽车租赁行业主题活动
Yang Shi Wang· 2025-05-29 12:42
5月29日下午,北京市公安局联合北京市交通委等相关单位,开展了"平安有我"安全宣讲走进出租车、网约车和汽车租赁行业主题活动。北京市公安局、北 京市交通委、北京市交通运输综合执法总队、北京市出租汽车暨汽车租赁协会相关领导,以及出租车、网约车、汽车租赁行业管理人员和司机代表参加了活 动。 活动现场还设置了警民互动宣传区,通过发放宣传资料、展示实物模型、互动问答等形式,为行业从业人员答疑解惑。 "听了今天的'平安有我'安全宣讲我感触很深,回去我得跟车队的兄弟们好好念叨念叨。"出租车司机赵凤文说道,"平平安安回家,家人才能放心。"另一位 出租车司机高全也表示在现场学到了很多,"希望回去之后通过我的车厢将这些安全知识传递给更多的人"。 北京市公安局公交总队出租支队支队长杜爱华介绍,举办此次宣讲活动的主要目的是要在出租车、网约车和汽车租赁行业中传递安全运营理念,进一步提高 行业安全防范水平,让市民的每次出行都能成为可依赖的温暖旅程。 活动现场播放了《首都出租汽车驾驶员应知应会》安全宣传片;北京市公安局公交总队相关领导发表致辞并介绍了"平安有我"安全宣讲主题活动情况;北京 市出租汽车暨汽车租赁协会代表向广大从业人员发出倡议 ...