With the help of the big model of artificial intelligence, a new round of global scientific and technological revolution and industrial transformation is brewing, but some concerns have also been derived. Data security, terminal security and personal digital sovereignty are facing greater challenges.
"Attack organizations, with the help of AI's learning and analysis capabilities, continue to deeply analyze the defense mechanism, constantly optimize and refine their attack strategies, and even realize the automatic deployment and execution of attack strategies, which has exacerbated the challenges in the field of network security." A network security industry practitioner said, If the capability of AI big model cannot be used in good faith, the security threat will undoubtedly double.
Recently, several experts pointed out at the 6th C3 Security Conference that AI network security requires us to re-examine the traditional security protection measures to deal with more subtle and accurate network attacks launched by AI algorithms - "use AI to make AI, use magic to break magic", and use AI technology to respond to AI driven network security threats.
Zhang Sheng, the second level inspector of the Network Security Coordination Bureau of the Central Cyberspace Office, said that in recent years, the Central Cyberspace Office and relevant departments have successively issued a series of laws and regulations such as the Network Security Law, the Data Security Law, the Personal Information Protection Law, the Security Protection Regulations on Key Information Infrastructure, the Network Security Review Measures, and the generative AI Management Measures As well as hundreds of national standards for network security, it has basically built a network security policy and regulation system with four beams and eight pillars. He believes that the deep integration of artificial intelligence and network security should continue from strengthening network security talents and innovation, emphasizing the construction and sharing of data resources and other aspects.
"Data is becoming the most important asset. The big model, like a modern smelter, is casting the 'steel' of this era. The operating system, the industry big model and the 'cloud network security' together constitute the data infrastructure of the new era." Tian Suning, the co-founder of CICA, said that the new era of data economy is opening a new round of global competition.
AI technology helps thousands of industries to upgrade intelligently, but any science and technology that transcends the times may become a double-edged sword between justice and evil. While encouraging AI innovation, we should also standardize its healthy development. How to make it a favorable tool and make AI good has become a heated topic in the industry.
According to Zhang Yaqin, academician of the Chinese Academy of Engineering and president of the Institute of Intelligent Industry of Tsinghua University, the scope of information security needs to be expanded, including AI model security, data security, parameter security, as well as controllability, interpretability, and AI boundaries.
When it comes to the impact of AI on the industry, he believes that it has actually built a new ecosystem and a new operating system. The AI big model is the operating system in the era of artificial intelligence, on which there will be many new applications. "In addition to the general big model, every industry will also have a deep vertical big model. This ecosystem will be two orders of magnitude higher than PC Internet and at least one order of magnitude higher than mobile Internet."
Zhang Yaqin believes that the new AI is the integration of information intelligence, physical intelligence and biological intelligence. The AI big model is extremely powerful. It may create many development opportunities in the future, but it also contains many potential risks - such as the risks of information intelligence, the security risks implied in AI itself, and controllability, credibility, boundaries and other issues; For example, the problem of hallucination, deep forgery, or the risk of losing control and being used when the application scope of large model technology expands to a broader and deeper field.
He suggested that while promoting the technical progress related to the large model, we should also take precautions to ensure that the technology is good. Specifically, the AI model should be graded. The larger the parameters are, the higher the governance requirements of the large model will be. The content generated by AI should be accurately identified. Industry entities should be called on to use at least 30% of their investment for risk research and security assurance, and set up very specific red line boundaries.
Wang Shaolan, president of Zhipu AI, also appeared at the C3 safety conference. He said that as a new generation technology, the technology breakthrough and application speed of the big model is very fast, which may be 10 times or 100 times of the previous speed, and the industrial transformation brought by the big model will also be 100 times higher than the traditional speed. He said that the application of large models in various industries is not linear, but fission, and frontier technology research and large-scale application are parallel, which depends on the emergence ability of large models.
Turning to the future of AI big model, Wang Shaolan believes that multimodality is an important trend, and another important trend is the ability of big model agents. Maybe big models will learn PDCA cycle, train themselves, and make big model agents become productive.
To deal with the data security problem in the era of the big model, there are two parallel schemes in the industry. One is to focus on the security of the big model algorithm, such as the fairness, interpretability, antagonism and alignment of the algorithm; Second, the big model applies security protection technology to provide red team attack and defense services for vulnerability protection, path detection and response, agent framework security, data leakage and other issues.
CICA Security Chen Fen, senior vice president, analyzed the recent continuously upgraded cyber attacks and cyber crimes driven by AGI technology. He pointed out that AGI tool reduced the time for hackers to generate new threats from "several months" to several hours or even minutes; At the same time, attackers began to use the big model to quickly discover vulnerabilities in software and services; There are more and more cases of network fraud committed by deep facial forgery. More seriously, the target of attackers is shifting from traditional digital assets to AI computing infrastructure and large models. According to Chen Fen, CICA security monitors that 40 different types of attacks have emerged against the big model in just one year.
"The attack and defense of network security has upgraded from the original confrontation between people to the confrontation between AI and AI. Only AI driven network security protection detection technology can identify AI driven hacker attack technology." Chen Fen said that the object of network security protection has also changed, and the future protection of enterprise assets will evolve from traditional assets to the protection of enterprise AI center.
The AI community is already in action. Microsoft Copilot for Security was officially launched by Microsoft in May this year, aiming to "help users defend at the speed of the machine"; Google also released a proprietary model of network security last year, which has been applied to the Cloud Security Competency Center; Paloalto and Crowdstrike, the global network security giants, have integrated the security operation capabilities of large models on the security operation platform. Driven by the AI wave, Paloalto has become the world's first security company whose market value has exceeded 100 billion dollars. Crowdstrike's market value has more than doubled since last year, approaching 100 billion dollars.
"In China, more than 80% of network security companies are integrating big model technology into network security products, and 30% of companies have begun to do research on big model security, and there have also been some waves of security entrepreneurship." Chen Fen said that AsiaInfo Security is no exception, and its Security for AI plan includes the newly developed protection of computing cloud infrastructure security Large model application security protection, large model red blue confrontation test and other services; The AI for Security program focuses on the research and development of the vertical large model of the network security industry and the agents and security applications running on it.
AsiaInfo Security has released a self researched model in the field of network security industry - Reliance Cube. It is understood that the big model of Reliance Cube can implement specific scenarios such as accurate question and answer, complex alarm log interpretation, in-depth network security event analysis in the network security industry.
In addition, other domestic security manufacturers are also testing large vertical models in the field of water security, such as Qianxin Launched Q-GPT and big model guard Convinced With safety GPT2.0, Enlighten the stars Other manufacturers have also launched related products.
With the rapid development of AI technology, AI security issues are of vital importance. But even a giant like OpenAI is exposed to be disbanded as a "super alignment team", which does not allocate sufficient resources and attention to AI security. Other AI enterprises that catch up with the rest face greater economic pressure on balancing technology and security.
It is worth noting that AI security is not an option, but a must, for which the industry has to invest more energy and money.
Massive information, accurate interpretation, all in Sina Finance APP
