二、政策与技术环境 一、背景与核心诉求 随着人工智能技术飞速发展，AI 基础设施成为产业智能化变革的核心支撑，在国家 "十四五" 数字经济发展规划与 "东数西算" 工程推动下，我国算力中 心建设呈现政策驱动显著、智能化需求爆发、应用场景深化三大特征。但与此同时，AI 基础设施面临合规要求收紧、云平台漏洞频发、大模型新型攻击 涌现等多重安全挑战，构建高效、安全、可靠的 AI 基础设施成为行业刚需。 （一）整体安全架构 百度构建了以合规为纲、技术为骨、管理为翼的全方位多层级安全防护体系，涵盖合规与标准规范、核心安全域分层防护、管理与运行体系三大维度，形 成 "边界 - 平台 - 租户 - 密码 - 模型 - 运营" 六层联动防护，适配 AI 基础设施特性。 （二）关键安全域防护 模型应用安全：从语料安全清洗、输入输出安全管控、数据安全保护、安全评测能力建设四方面入手，通过 prompt 审核、回复干预、数据加密、蓝军评 测等手段，覆盖大模型训练、部署、推理全生命周期。 云平台安全：以 "治理 - 防护 - 合规 - 运营" 为主线，涵盖安全治理（漏洞、基线）、计算 / 存储 / 网络安全、等保与密评合规、物理安全 ...

Core Insights - The importance of AI infrastructure security is increasingly highlighted as the global digital economy enters an AI-driven era, with challenges such as compliance pressure and security vulnerabilities emerging [1][2] - Baidu Smart Cloud has released a comprehensive security framework for AI infrastructure, emphasizing compliance, technology, and management as foundational elements [2][3] Group 1: AI Infrastructure Security Challenges - The rapid development of computing power centers in China is driven by policy guidance and a surge in intelligent demand, but it faces challenges like compliance pressures and new attack methods targeting large models [1] - National regulations such as the Cybersecurity Law and Data Security Law have been introduced to establish basic security standards for AI infrastructure [1] Group 2: Baidu's Security Framework - Baidu has built a comprehensive security protection system based on compliance with various laws and standards, ensuring the safety of model applications, cloud services, and computing power scheduling platforms through layered defense strategies [2] - In the realm of large model application security, Baidu implements multiple measures, including strict filtering of training data and auditing input and output [2] Group 3: Security Management and Operations - Baidu emphasizes real-time awareness and end-to-end response in security management, focusing on accurate data collection, timely alert assessment, and continuous improvement mechanisms [3] - Practical case studies demonstrate Baidu's effective security solutions across various industries, addressing numerous security pain points and achieving a balance between security and business development [3][6]

Core Insights - The report emphasizes the critical importance of AI infrastructure security in the context of rapid advancements in artificial intelligence technology and the digital economy [1][2] - Baidu has developed a comprehensive AI infrastructure security framework based on extensive operational experience, addressing various security challenges faced by the industry [1][2] Group 1: Industry Background and Challenges - The global digital economy is entering a new phase driven by AI, characterized by policy-driven development, explosive demand for intelligent solutions, and deepening application scenarios [1][14] - However, the industry faces significant security challenges, including tightening compliance regulations, frequent vulnerabilities in cloud platforms, and emerging new types of attacks on large models [1][14] - National regulations such as the Cybersecurity Law and Data Security Law have been introduced to establish a baseline for AI infrastructure security [15][17] Group 2: Baidu's AI Infrastructure Security Framework - Baidu's AI infrastructure security architecture is built on compliance, technology, and management, creating a multi-layered defense system [31][35] - The framework includes compliance with various laws and standards, layered protection for core security domains, and a management system that ensures operational safety [31][35] - Key security domains include model application security, cloud service security, and security for computing resource scheduling platforms [31][35] Group 3: Large Model Application Security - Baidu focuses on large model application security through three main areas: safety barriers, data security, and security assessment [2][62] - Safety barriers involve filtering training data and auditing input/output to ensure compliance [2][65] - Data security measures cover the entire lifecycle of data, employing advanced technologies to protect sensitive information [2][73] Group 4: Compliance and Regulatory Requirements - AI infrastructure must meet various compliance requirements, including security assessments and model registration [2][4] - Baidu's cloud platform has established a compliance system that aligns with national regulations and industry standards [2][4] - The compliance framework includes measures for data classification, encryption, and access control to safeguard sensitive information [2][4]