On May 17, Tencent Cloud announced a series of progress in the development of large models and application products at the Generative AI Industry Application Summit held in Beijing. Tang Daosheng, Senior Executive Vice President of Tencent Group and CEO of Cloud and Smart Industry Business Group, said that Tencent has always taken "industrial practicality" as the core strategy of developing large models, and built AI closest to the industry by building high-performance models, efficient tool platforms, highly agile scenario applications, high-availability computing infrastructure, and a strong and secure model environment.
Focusing on the new security challenges brought about by AI, Tencent Cloud released the AI security protection framework, as well as the full-link content security solution and data security solution at the conference, to escort enterprises to embrace the security construction of generative AI throughout the entire process from model training, content generation to post-event operation, and escort the development of the industry.
(Zhou Bin, General Manager of Tencent Security, delivered a keynote speech at the conference)
Attack and defense are mutually beneficial, and AI reshapes the security protection framework
Generative AI provides new tools and perspectives for innovation and development in many industries, but the security threats it poses are also a concern for many businesses. Research data shows that after the release of ChatGPT, phishing emails increased by 260% month-on-month and the average language complexity increased by 17%, and attackers used generative AI to increase the volume of social engineering attacks by 135%, all of which led to a surge in enterprise security requirements. According to a PwC survey, 77% of CEOs are concerned about AI increasing cybersecurity risks.
Zhou Bin, general manager of Tencent Security, believes that AI and security have always influenced each other, especially since the explosion of generative AI, both attackers and defenders have been using AI to improve the level of intelligence. In this process, new risks will also arise that are exclusive to large models, especially AI ontology security, as well as the derivative security impact of generative AI "intelligent emergence" on digital content, copyright, etc.
Therefore, the defender should re-establish the AI application protection framework for AI ontology security, AI application security, and AI content security, covering the entire process of AI security from the first data training to the final online operation. At the same time, enterprises should also improve the AI content of the security system, so that security experts and machines can work together to intelligently respond to security threats.
Zhou Bin said that no matter what kind of technology is associated with security, in fact, it requires multi-party collaboration. In the process of enterprises embracing generative AI, large model builders represented by Tencent need to ensure the security of AI ontology. When building native AI applications based on Tencent's large models, enterprises need to pay attention to application security throughout the model's entire life cycle, including development, testing, deployment, and operation.
Tianyu AIGC content security solution has served mainstream generative AI applications
Zhou Bin believes that compared with other technologies and formats, generative AI is characterized by always revolving around "data" and "content", and each piece of training data and generated content is testing whether the full set of security systems is effective. Among them, content security not only tests the bottom line of illegal content such as pornography and violence, but also has to deal with new challenges such as the proliferation of false information, copyright infringement of personal content, cultural bias and discrimination, and ethical and moral deviations.
Tencent Cloud has built a full-link content security solution for Tianyu AIGC, which provides five service systems, including review services, security expert services, machine review services, copyright protection services, and customer experience management, including risk scenario definition, risk corpus services, corpus copyright detection, output value detection, and business communication risk monitoring, covering the content security construction of generative AI applications throughout the entire process from model training to content generation to post-event operation.
Relying on more than 20 years of security operation experience, Tencent Security has accumulated a wealth of violation samples and more than a dozen customized identification services, which can be tailored to the content security construction of enterprises based on industry scenarios. Tencent Cloud Tianyu Risk Control is also connected to cloud tools such as object storage, cloud live broadcast, cloud VOD, and real-time audio and video, so that enterprises can complete a complete set of audits with a single access to the cloud, greatly improving efficiency.
At present, Tencent Cloud Tianyu AIGC content security solution has been implemented in various scenarios such as AI Q&A, digital human, creation assistant, code generation, entertainment and social networking, and AI customer service, covering the mainstream generative AI application ecosystem and escorting content security in all walks of life.
The end-to-end data security solution achieves 99.99% accuracy in sensitive data identification
In addition to content compliance requirements, generative AI also faces data security risks, with models and data becoming potential attack targets, and the diversity and scale of data types also make it more difficult to govern data security. Compared to traditional protections that filter out harmful data, the "from nothing" nature of generative AI significantly exacerbates data security challenges.
Therefore, in order to prevent a series of problems such as privacy violations, economic losses, legal liabilities, and reputation losses caused by data security issues, it is necessary to do a good job in identity authentication, data access control, and operation control for data engineers, algorithm engineers, and other personnel, and do a good job in data tampering, sensitive data de-identification, data behavior auditing, and abnormal monitoring.
Tencent Cloud has developed a data security governance solution based on AIGC scenarios and data characteristics, and implements hierarchical access control for users, entities, and model files of large models to achieve permission separation. At the same time, Tencent Cloud uses product capabilities such as the Data Security Governance Center, Data Security Protection Gateway, and Confidential Computing Platform to ensure the integrity and confidentiality of massive data and large models throughout the entire process of large model business, from data collection, data processing, training, fine-tuning, publishing, inference, to application.
At present, the solution has achieved 99.99% accuracy in sensitive data identification, accumulated more than 200 data classifications and more than 300 risk detection models, and can support the sensitivity identification and security protection and audit traceability of massive data of enterprises.
In addition, Zhou Bin also announced Tencent Cloud's exploration of security scenarios based on large models such as security operations, risk control modeling, and vulnerability repair, and is committed to helping enterprises improve the efficiency of security attack and defense. Zhou Bin said that in the future, Tencent Cloud will use leading technologies to enable thousands of industries to embrace AI without fear of security threats and stimulate application value.