In 2022, the release of ChatGPT marked a breakthrough in the application of large models; in 2023, the “Hundred Model War” initiated the era of AIGC.
As one of the scenarios for the implementation of large models, the security industry has seen rapid development of vertical large models. Meanwhile, the capability boundaries of security large models are gradually becoming apparent, and the expectation for the industry is to “operate security like an expert” with these models.
As a result, AI Agents have entered the public eye, and with the empowerment of large model-based AI Agents, the security industry has ushered in the era of intelligentism.
The development of security large models has entered a deep water zone.
2023 is referred to as the AIGC era, with the wave of large models sweeping the globe. The B-end industry vertical large models have gradually become the main battlefield. According to IDC research, cybersecurity is one of the industries most affected by generative artificial intelligence, and security vendors both domestically and internationally are actively exploring the application of large models, leading to a flourishing of security large models.
However, after a period of development, the capability boundaries of security large models are becoming increasingly evident.
In terms of functionality, security large models with only single functions such as security Q&A and alert interpretation are insufficient to address user pain points;
In terms of cognition, large models lacking training on vast security corpora face knowledge bottlenecks, resulting in subpar security expertise;
In terms of cost, the resource consumption for training, fine-tuning, and deploying security large models remains high, making it difficult for small and medium-sized enterprises to bear the substantial investment.
Based on this, the promotion and implementation of security large models urgently require optimization and upgrading, leading to the emergence of AI Agents. AI Agents based on large models demonstrate the ability to autonomously think, make decisions, and execute security tools, which is expected to fundamentally resolve user pain points, thus entering the era of intelligentism.
Making large models work like humans
AI Agents
Open a new paradigm of intelligent security services
AI Agent
01
AI Agent: More Independent and Intelligent AI Applications
AI Agents are intelligent entities capable of perceiving the environment, making decisions, and executing actions. The advent of the large model era has accelerated the democratization of AI technology and provided opportunities for breakthroughs in Agents, transitioning them into the stage of large model-based intelligent entities.
Currently, most AI-human interaction modes have evolved from tool-based AI to assistant-style AI, where various AI copilots no longer mechanically execute human commands but can participate in human workflows and collaborate with humans. Large model-based AI Agents are even more independent, capable of autonomously calling resources to complete tasks in certain business scenarios, with humans playing a more supervisory and evaluative role. Although AI Agents will bear most of the workload, humans still play a leading role.
Compared to the strong correlation between large model responses and user instructions, AI Agents only need to be given a goal to independently think, acquire knowledge, make judgments, and take action towards that goal. They will break down the given task into detailed steps and, relying on external feedback and expert guidance, create their own instructions through autonomous thinking to achieve the goal.
AI Agent
02
Security Agent: The Core Driving Force of Automated Operations
Intelligent entities can be divided into four components: large model, planning, memory, and tool usage. The large model serves as the “brain” capable of understanding tasks and making decisions; the planning module is responsible for breaking down tasks, formulating action plans, and checking, supervising, and improving plans; the memory module stores contextual information, expert knowledge, user intervention information, etc., ensuring consistency of goals throughout the task execution process; the tool usage module acts as the “hands” of the intelligent entity, utilizing external resources or tools to execute tasks.
As large models demonstrate various capabilities similar to human thinking, such as contextual learning, reasoning, and thinking chains, security intelligent entities centered around security large models make it possible to solve complex problems in vertical fields and achieve natural language interaction tasks.
Security intelligent entities comprehensively utilize the generative capabilities of large models and the experience of experts to flexibly and adaptively orchestrate task plans, enabling the invocation of security tools and thus forming the capability for intelligent operations.
Compared to simple AI tools, AI intelligent entities possess broader applications, more flexible interactions, and more powerful capabilities, allowing them to comprehensively meet user needs and adapt to ever-changing environments, helping users free themselves from routine tasks and repetitive labor.
At the same time, trained security vertical intelligent entities can achieve low-cost scalable replication, with their advantages in independent analysis, planning, and problem-solving, further lowering the technical threshold and genuinely helping users enhance security capabilities and improve operational efficiency.
AI Agent
03
Intelligent Security Services Open a New Paradigm in Digital Security
In intelligent systems based on intelligent entities, humans are responsible for setting goals, providing resources, and supervising results; intelligent entities are responsible for task breakdown, tool selection, and progress control. The combination of intelligent entities and various tools can achieve scene automation capabilities.
In the security field, the combination of security intelligent entities and security tools forms an automated security operation service based on intelligent entities, officially opening a new paradigm of digital security based on “intelligentism”.
In this, security intelligent entities are responsible for planning breakdown, task execution, tool invocation, memory enhancement, and other tasks; security tools are responsible for implementing specific functions such as vulnerability scanning, sample detection, and traffic analysis. Together, they form an organic whole, with the continuous improvement of intelligent entity levels and the ongoing expansion of security tools, the overall security capability of the system continues to enhance.
1
For security intelligent entities, large amounts of high-quality security data, samples, features, and other data corpora that feed the security large model are the foundation for intelligent entities to produce correct security knowledge. Based on large models, intelligent entities break down and plan tasks, continuously optimizing and improving through reflection and introspection;
2
Secondly, experts with extensive practical confrontation capabilities provide intervention and guidance to intelligent entities, helping them optimize orchestration scripts and continuously enhance their handling capabilities;
3
Thirdly, combining a rich tactical knowledge graph that has been distilled from practical experience with large models can help intelligent entities ensure accuracy in solving known security issues;
4
Finally, the biggest difference between intelligent entities and large models is the ability to use external tools to extend model capabilities, so rich and high-quality security tools are key to helping intelligent entities systematically solve complex security problems.
The future is here
360 Security Intelligent Entities Lead Security into a New Era
AI Agent
01
The Leap from Security Large Models to Security Intelligent Entities
In June 2023, 360 released the cognitive general large model 360 Smart Brain 4.0 and announced that it has integrated with the entire suite of 360 products; in August, 360 launched the first deliverable security industry large model in China—360 Security Large Model.
In 2024, “In just one minute, the 360 Security Intelligent Entity completed intelligent APT hunting” brought the 360 Security Intelligent Entity into the public eye.
A financial institution was suspected of being attacked by an APT organization, and almost simultaneously, security operation personnel received alert information from the 360 Security Intelligent Entity along with a complete analysis report containing attack tracing, affected assets, and more.
The 360 Security Intelligent Entity is an intelligent entity system based on the 360 Security Smart Brain large model, capable of providing abilities such as goal understanding, logical reasoning, effect evaluation, and knowledge memory, supporting the connection, configuration, driving, and collaboration of various security tool products, significantly enhancing the security capabilities of individual products and the overall system.
Thus, 360 has taken the lead in the leap from security large models to security intelligent entities.
AI Agent
02
360 Security Intelligent Entity: Leading Intelligent Security Services
The 360 Security Intelligent Entity is centered around the 360 Security Smart Brain large model, with components including task orchestration engine, task generation engine, supervision and evaluation engine, instruction scheduling engine, memory storage, execution feedback, etc. It comprehensively utilizes the generative capabilities of the 360 Security Smart Brain large model and expert experience to flexibly and adaptively orchestrate task plans, achieving accurate invocation of security tools, thereby forming the capability for intelligent security operations.
When discussing the three key elements that influence security intelligent entities—“data, experts, and tools”, 360 has accumulated these over many years and has been tested in the market. To elaborate:
1
First, 360 has accumulated the world’s largest security big data, the most extensive samples, and the richest threat behavior features, and has trained these data, samples, and features into the large model, giving the 360 Security Intelligent Entity an inherent advantage in security genes;
2
Secondly, 360 security experts have nearly 20 years of offensive and defensive practical experience, forming a tactical knowledge graph that is internalized into the capabilities of the security large model and stored in the memory module of the security intelligent entity, continuously enhancing the orchestration capabilities of the security intelligent entity;
3
Finally, based on 360’s deep engagement in security vertical scenarios, the 360 Security Intelligent Entity can adapt, control, and collaborate with various types of security tools, systematically solving complex security operation problems.
AI Agent
03
Small Cuts, Deep Depth: Security Intelligent Entities Progress Steadily
As large models enter deep waters, the development of security intelligent entities faces many challenges. Therefore, 360 adopts the “small cuts, deep depth” methodology, using “security scenario applicability” as a metric to construct high-value security scenarios suitable for the characteristics of large models, promoting the practical application of security intelligent entities.
Currently, the 360 Security Intelligent Entity has overcome various challenging steps in scenarios such as automated threat hunting and automated security operations, achieving scene automation. Operation personnel are responsible for setting goals, providing resources, and supervising results, while the security intelligent entity completes task breakdown, tool selection, and progress control, returning execution results to the operation personnel, further lowering the security technical threshold and truly enhancing security capabilities and operational efficiency.
For further inquiries, please contact: Phone: 400-0309-360;Email: [email protected]
On the path of artificial intelligence development
Intelligent entities are emerging
360 Security Intelligent Entities lead security into the intelligent era
360’s exploration of digital security has never stopped
Time will be the best answer
Previous Recommendations
|
|||
|
|||
|
|||
|