In 2022, the release of ChatGPT led to breakthroughs in the application of large models; in 2023, the “Battle of Hundreds of Models” marked the beginning of the AIGC era.
As one of the scenarios for the implementation of large models, the security industry has rapidly developed vertical large models. Meanwhile, the capabilities of security large models have gradually become apparent, with the expectation of “operating security like an expert” emerging as a new industry demand.
Thus, AI Agents have entered the public eye, and under the empowerment of large model-based AI Agents, the security industry has ushered in the era of intelligentism.
NEWS TODAY
The Development of Security Large Models Enters Deep Water
2023 is known as the AIGC era, with the wave of large models sweeping across the globe. The B-end industry vertical large models have gradually become the main battlefield. According to IDC research, cybersecurity is one of the industries most affected by generative artificial intelligence, and domestic and foreign security vendors are actively exploring the application of large models, leading to a flourishing of security large models.
However, after a period of development, the capability boundaries of security large models have gradually emerged.
In terms of functionality, security large models with only single functions such as security Q&A and alert interpretation struggle to address user pain points;
In terms of cognition, large models lacking training on massive security corpora face knowledge bottlenecks, resulting in subpar security expertise;
In terms of cost, the resource consumption for training, fine-tuning, and deploying security large models remains high, making it difficult for small and medium-sized enterprises to bear such expenses.
Based on this, the promotion and implementation of security large models urgently require optimization and upgrading, leading to the emergence of AI Agents in people’s view. AI Agents based on large models demonstrate the capability for autonomous decision-making and execution of security tools, potentially fundamentally solving user pain points and entering the era of intelligentism.
NEWS TODAY
Making Large Models Work Like Humans
AI Agents
Open a New Paradigm of Intelligent Security Services
1
AI Agents: More Independent and Intelligent AI Applications
AI Agents are intelligent entities capable of perceiving the environment, making decisions, and executing actions. The arrival of the large model era has accelerated the democratization of AI technology and provided opportunities for breakthroughs in Agents, leading them into the stage of large model-based intelligent entities.
Currently, most AI-human interaction modes have evolved from tool-based AI to assistant-style AI, where various AI copilots no longer mechanically execute human commands but can participate in human workflows and collaborate with humans. Large model-based AI Agents are even more independent, capable of autonomously calling resources to complete tasks in certain business scenarios, with humans playing more of a supervisory and evaluative role. Although AI Agents will bear most of the workload, humans still maintain a leading role.
Compared to the strong correlation between large model responses and user commands, AI Agents only need to be given a goal to independently think, acquire knowledge, make judgments, and take actions regarding the goal. They will detail the planning steps based on the given task and, relying on feedback from the external environment and expert guidance, create their own instructions through independent thinking to achieve the goal.
2
Security Agents: The Core Driving Force of Automated Operations
Intelligent entities can be divided into four components: large models, planning, memory, and tool usage. The large model serves as the “brain” capable of understanding tasks and making decisions; the planning module is responsible for decomposing tasks, formulating action plans, and checking, supervising, and improving plans; the memory module stores contextual information, expert knowledge, user intervention information, etc., ensuring consistency in objectives throughout the task execution; the tool usage module serves as the “hands” of the intelligent entity, utilizing external resources or tools to execute tasks.
As large models demonstrate various capabilities akin to human thinking, such as contextual learning, reasoning, and thinking chains, security intelligent entities centered on large security models make it possible to solve complex problems in vertical fields and achieve natural language interaction tasks.
Security intelligent entities comprehensively leverage the generative capabilities of large models and the experience of experts to flexibly and adaptively orchestrate task plans, enabling the invocation of security tools and forming intelligent operational capabilities.
Compared to simple AI tools, AI intelligent entities possess broader applications, more flexible interactions, and more powerful capabilities, allowing them to meet user needs more comprehensively and adapt to changing environments, helping users free themselves from daily tasks and repetitive labor.
Simultaneously, through trained vertical intelligent entities in security, low-cost scalable replication can be achieved. Their advantages in independent analysis, planning, and problem-solving further lower the technical threshold, genuinely helping users enhance security capabilities and improve operational efficiency.
3
AI Agents: More Independent and Intelligent AI Applications
In intelligent systems based on agents, humans are responsible for setting goals, providing resources, and supervising results; intelligent entities are responsible for task decomposition, tool selection, and progress control. The combination of intelligent entities and various tool calls can achieve scene automation capabilities.
In the security field, the combination of security intelligent entities and security tools forms an automated security operation service based on intelligent entities, officially opening a new paradigm of digital security based on “intelligentism.”
In this setup, security intelligent entities are responsible for planning decomposition, task execution, tool invocation, memory enhancement, and other tasks; security tools are responsible for implementing specific functions such as vulnerability scanning, sample detection, and traffic analysis. Together, they form an organic whole, as the level of intelligent entities continues to improve and security tools are continuously expanded, the overall security capabilities of the system are constantly enhanced.
01
For security intelligent entities, large amounts of high-quality security data, samples, features, and other data corpora that feed the security large model are the foundation for the intelligent entity to produce correct security knowledge. Based on large models, intelligent entities decompose and plan tasks, continuously optimizing and improving through reflection and introspection;
02
Secondly, experts with extensive practical combat capabilities provide intervention and guidance to intelligent entities, helping them optimize orchestration scripts and continuously enhance handling capabilities;
03
Thirdly, combining the rich tactical knowledge graph accumulated from practical experience with large models can help intelligent entities ensure accuracy in solving known security issues;
04
Finally, the main difference between intelligent entities and large models lies in their ability to utilize external tools to extend model capabilities. Therefore, rich and high-quality security tools are key to helping intelligent entities systematically solve complex security issues.
NEWS TODAY
The Future Has Arrived
360 Security Intelligent Entities Lead Security into a New Era
1
The Leap from Security Large Models to Security Intelligent Entities
In June 2023, 360 released the cognitive general large model, 360 Smart Brain 4.0, and announced that it has been integrated into all products under 360; in August, 360 released the first deliverable security industry large model in China—360 Security Large Model.
In 2024, “In just one minute, the 360 Security Intelligent Entity completed intelligent APT hunting” brought the 360 Security Intelligent Entity into the public eye.
Click here for details
A certain financial unit was suspected of being attacked by an APT organization. Almost simultaneously, the security operation personnel received alert information from the 360 Security Intelligent Entity along with a complete analysis report containing attack tracing, affected assets, and more.
The 360 Security Intelligent Entity is an intelligent entity system based on the 360 Security Smart Brain large model, capable of providing abilities such as goal understanding, logical reasoning, effect evaluation, and knowledge memory, supporting the connection, configuration, driving, and collaboration of various security tool products, significantly enhancing the security capabilities of individual products and the overall system.
Thus, 360 has taken the lead in completing the leap from security large models to security intelligent entities.
2
360 Security Intelligent Entity: Leading Intelligent Security Services
The 360 Security Intelligent Entity centers around the 360 Security Smart Brain large model, utilizing components such as task orchestration engine, task generation engine, supervision and evaluation engine, instruction scheduling engine, memory storage, and execution feedback to flexibly and adaptively orchestrate task plans, achieving precise invocation of security tools, thereby forming intelligent security operational capabilities.
When mentioning the three key elements affecting security intelligent entities—”data, experts, tools”—360 has accumulated over many years and has been tested in the market. Specifically:
01
First, 360 has accumulated the world’s largest security big data, the most extensive samples, and the richest threat behavior characteristics, training these data, samples, and features into the large model, giving the 360 Security Intelligent Entity an inherent advantage in security genes;
02
Secondly, 360 security experts possess nearly 20 years of offensive and defensive practical experience, forming a tactical knowledge graph that, on one hand, internalizes into the capabilities of the security large model, and on the other hand, is stored in the memory module of the security intelligent entity, continuously enhancing its orchestration capabilities;
03
Finally, based on 360’s deep involvement in security vertical scenarios, the 360 Security Intelligent Entity can adapt, control, and collaborate with various types of security tools, systematically solving complex security operational issues.
3
Small Cuts, Deep Depth: Security Intelligent Entities Move Forward Steadily
As large models enter deep waters, the development of security intelligent entities faces challenges. Therefore, 360 is based on the “Small Cuts, Deep Depth” methodology, using “Applicability of Security Scenarios” as the index basis to construct high-value security scenarios suitable for large model characteristics, promoting the practical application of security intelligent entities.
Currently, the 360 Security Intelligent Entity has already overcome various difficulties in scenarios such as automated threat hunting and automated security operations, achieving scene automation. Operational personnel are responsible for setting goals, providing resources, and supervising results, while the security intelligent entity completes task decomposition, tool selection, and progress control, returning execution results to the operational personnel, further lowering the security technical threshold and genuinely enhancing security capabilities and operational efficiency.
For further inquiries, please contact: Phone: 400-0309-360; Email: [email protected]
On the Road of AI Development
Intelligent Entities Emerge
360 Security Intelligent Entities Lead Security into the Intelligent Era
360’s Exploration of Digital Security Never Stops
Time Will Be the Best Answer
This article is reprinted from 360 Digital Security. Click to read the original text for the complete content.