Author: Guo Si
Editor: Chen Caixian
As large models continue to mature, enterprises are increasingly inclined to apply AI technology on a large scale in the cloud. In this process, data resources that may have been ignored in the past have become more strategic than ever, and the value assessment of data has been dynamically adjusted. At the same time, after enterprises move to the cloud, their security architecture and business operation model are transformed and upgraded simultaneously, which derives a series of new security requirements.
Just like the philosophy of "health is everything", digital security also plays a cornerstone role for businesses – without security, everything is empty. Building a strong digital security immune system is not a temporary idea, but a necessary project for the long-term development of enterprises.
On January 17, under the guidance of the News and Publicity Center of the Ministry of Industry and Information Technology (People's Posts and Telecommunications), Tencent Security, Tencent Research Institute, China Information Security, and more than 30 industry experts, scholars, and business leaders jointly compiled the "Digital Security Immunity Construction Guide" was officially released.
As pointed out at the highest decision-making level, "security is the premise of development, and development is the guarantee of security". In view of the widespread application of advanced technologies such as large models in enterprise operations, Tencent Security proposes the "Digital Security Immunity" framework, which is committed to building an integrated theory and tool platform for enterprises based on the dual core of data and business, and taking into account security and development strategies.
The latest release of the Digital Security Immunity Building Guide at this industry seminar is a concrete implementation tool of this framework at the practical level, like a navigation map in the hands of explorers, to help enterprises navigate the complex and ever-changing digital security jungle, ensure a clear path forward, and effectively resist various security risks.
New challenges in data security in the context of AIGC
As the process of digitalization advances at an unprecedented speed around the world, all walks of life are enjoying the convenience and efficiency brought by information technology, but at the same time, they are also facing increasingly severe security risks and challenges.
The rapid development of digitalization not only greatly expands the boundaries of data, enables the high-speed flow of massive information in cyberspace, but also provides more entry points and hidden ways for potential malicious attackers, which undoubtedly poses a huge pressure on the existing security protection mechanism of enterprises.
The traditional idea of security construction mainly relies on the "strict defense" of the physical boundary and the post-event response mechanism to known security incidents.
However, in the stage of rapid digitization of enterprise assets, the concept of boundaries is diluting and blurring. This static, perimeter-based approach is no longer effective in dealing with information breaches within an organization and sophisticated attacks from outside. Through advanced persistent threats (APTs), hackers can bypass traditional firewalls and infiltrate the core of the corporate network to steal sensitive information or disrupt critical business processes.
Whether it was the NotPetya ransomware incident in 2017 or the SolarWinds supply chain attack in 2020, it was a very influential attack based on APT methods, and in 2021, a zero-day vulnerability attack on Microsoft Exchange Server shook the world, affecting thousands of institutions in at least ten countries.
Nowadays, with the evolution of AIGC technology, digital security is facing many dynamic and unknown threats. Second, with the increasing complexity of AI processing content, it is not only necessary to fine-label the basic features in the model construction process, but also to have unprecedented high standards for the coherence, logical rationality and overall consistency of the generated text.
In the content creation and application stage, advanced AI technology has accelerated the breeding of all kinds of illegal content, such as deepfakes, fake news, and unethical materials, especially the frequency of data breaches is increasing dramatically.
At the same time, AI-driven Q&A systems can generate highly specialized text content, which further expands the scope of traditional content risk control, putting the existing risk control mechanism to a severe test, and urgently needs to expand response capabilities to cover these emerging risk areas.
Previously, Cyberhaven conducted a statistical analysis of 1.6 million employees using ChatGPT, and the results showed that 3.1% of employees chose to directly input internal data into ChatGPT to improve work efficiency or seek solutions. Against this backdrop, there was a typical incident in which Samsung employees accidentally submitted information containing sensitive code and internal meeting details to the AI model in an attempt to improve their work efficiency with the help of ChatGPT, resulting in three confidential data breaches in just a few weeks.
On the other hand, in the eyes of industry insiders, enterprises of different sizes, industries, and degrees of digitalization encounter different personalized security challenges, and with the rapid changes in external threats and the market environment, digital security immunity that can dynamically grasp their own security level has become the top priority.
The discussion sparked by digital security immunity: the spear of AI against the shield of AI
While AIGC is rapidly sweeping the market, the ensuing data security issues have aroused deep public concern. In addition to the AIGC technology we mentioned is maliciously used to carry out security attacks.
In the process of discussing the "Guidelines for the Construction of Digital Security Immunity", many experts have made in-depth reflections on the security attack and defense changes caused by AIGC.
Guo Haozhe, Senior Vice President of Donghua Software Group and Chairman and CEO of Donghua Cloud Computing Co., Ltd., pointed out that the industry cannot wait for large models to develop into global adoption before taking action. On the contrary, at the beginning of this transformation, the construction of business systems should be actively integrated with large-scale model technology. Although the security risks and vulnerabilities that may arise in this process are a challenge that cannot be ignored, the key is to have the courage to practice and explore. There needs to be loophole regulation, which is another issue, and the key is to do it.
This also indicates that in the future, there are only two choices in front of the industry: to do and not to do. If an enterprise chooses to go all out, the difficulties it faces can actually be imagined.
At the offensive and defensive levels, AIGC and its application in generalized open network security are relatively weak in terms of strategic orientation due to its extremely high openness. Whether it is traditional AI technology or large models, there are still some immaturity in terms of accuracy and training optimization.
This means that in terms of data security in narrow domains, it is quite challenging to apply large models in such open attack and defense scenarios due to the high uncertainty of attack and defense confrontation, such as the unknown attack source, target, behavior, and characteristics.
The uncertainty of the source of the attack means that the attacker can come from any corner: it could be an accidental operation by an internal employee, a deliberate attack by an external hacker, or even a state-level APT (Advanced Persistent Threat) operation. Tracking and prevention can be difficult due to the various methods attackers can use to hide their true identities and locations.
On the other hand, attackers may launch attacks against different data types, different system components, or different business processes, which makes it difficult to take comprehensive protection measures, and large models may have blind spots in predicting and defending against unknown targets.
In addition, the diversity and complexity of attack behavior is one of the challenges. Attackers may use a variety of novel and hard-to-identify attack methods, such as zero-day exploits and social engineering attacks, which are not reflected in the sample set that the large model has not yet touched, so it is difficult to train accurate defense strategies from historical data.
The unknown nature of the attack signature means that even the most advanced large models cannot fully foresee all possible attack patterns. Especially in the field of data security, many attack methods and exploits are emerging for the first time, and traditional feature matching methods are difficult to work, and large models need to have stronger learning ability and generalization performance to adapt to this changing threat environment.
Although large models have demonstrated excellent performance in specific scenarios, they still need to be continuously developed and optimized in the face of a highly dynamic and uncertain attack-defense confrontation environment, in order to better integrate expert intelligence, real-time threat intelligence, and efficient anomaly detection mechanisms, so as to effectively solve a series of security challenges and fully unleash the potential of large models in the field of data security.
However, at the seminar, Li Bin, the current general manager of Tencent Cloud Security, also pointed out that in data security application scenarios, when the access subject, object and behavior rules are sufficiently comprehensible and predictable, it will create an extremely favorable premise for the application of large model technology. At present, Tencent has made substantial breakthroughs in this field, using large models to carry out detailed classification and grading optimization of data, especially in the dimension of semantic recognition, which has significantly improved the classification accuracy. This mature technology has been successfully integrated into Tencent's product security service system, which has strongly promoted the progress and development of data security assurance capabilities.
In order to solve the balance between data security and data liquidity, the traditional coping strategy usually relies on plugging technology and large-scale tag library for data comparison, which undoubtedly increases the load on the system. In contrast, Tencent has successfully achieved near-real-time data relationship extraction without labels and plug-ins by using large models to conduct in-depth analysis of data semantic attributes, which has greatly improved the efficiency of data security assurance.
When focusing on the analysis of data security incidents within a limited and controllable scope, Tencent has achieved a significant leap in the accuracy of data security analysis within a specific scope by integrating multiple technologies because the legitimate subjects and objects in the data field are relatively clear.
In terms of data security, the Guidelines for Building Digital Security Immunity put forward that data classification and grading are the key to data security construction. In terms of business security, the guidelines point out that businesses that lack security capabilities may become "ATMs" in the black and gray industry, and that human-machine identification, risk control engine, content security, and business security compliance are necessary inputs.
epilogue
In the field of data security, although the application of large models is bringing remarkable results, in highly uncertain attack and defense confrontation scenarios, it is still necessary to continuously deepen R&D and optimization, combine expert knowledge, real-time threat intelligence, and efficient anomaly detection mechanisms to cope with new security challenges and maximize the potential of large models in the field of data security.
The Digital Security Immunity Building Guide is like a doctor customizing a health care plan for a patient. The system encourages organizations to build a "digital shield" that can automatically detect, quickly resist, and recover from attacks. When confronted with internal and external "digital germs" (i.e., security threats), organizations can react quickly like the body's immune system, not only to repair the damage in a timely manner, but also to learn from them to continuously improve their security defenses and ensure that they are on track to thrive on their digital journey.
The wind extinguishes the candle, but it makes the fire burn brighter and brighter. The same is true for randomness, uncertainty and chaos: take advantage of them, not avoid them. To become a fire, eager to get the wind blowing, large model technology to bring data security protection in addition to the efficiency of the great improvement, more is the uncertainty of unknown risks, at this intersection, Tencent with its unique methodology and toolset, brought an excellent enlightenment to the industry, whether it is people or enterprises encounter danger, real security in essence, in fact, is their own spontaneous immunity, in the face of uncertainty, everyone is afraid, but benefit from uncertainty, perhaps is the real competitiveness of Tencent security.
Leifeng.com, Leifeng.com, Leifeng.com