Why do gambling and investment funds always explode first in the AI era?

Use a secure model to guard the insecure model, and use an intelligent system to resist attacks from intelligence. This article is from an article written by Windrush and reprinted by TechFlow Deep Tide. (Synopsis: Pakistan announces 2,000 megawatts of electricity for "Bitcoin Mining and AI Center" Prime Minister appoints special assistant for blockchain and cryptocurrencies) (Background supplement: Hon Hai internal experiment: AI can replace 80% of jobs, chairman Liu Yangwei exposed the trinity blueprint of the future factory) Geeks are starting businesses, Xiaobai is buying classes, and painters are unemployed, but an embarrassing reality is: AI landing is hot, but the plot is not taking the advent route, but rolling the dice. Moreover, in the early days of the industry, the first surface of this dice to land is often either yellow or gray. The reason is also very simple, huge profits generate momentum, not to mention the early stage of development, always full of loopholes. Looking at this set of data, it is clear: Currently, more than 43% of MCP service nodes have unverified shell call paths, and more than 83% of deployments have MCP (Model Context Protocol) configuration vulnerabilities; 88% of AI component deployments do not have any form of guardrails enabled at all; 150,000 lightweight AI deployment frameworks such as Ollama are currently exposed on the global public network, and more than $1 billion in computing power has been hijacked for mining...... Ironically, attacking the smartest big models requires minimal tactics — just a set of default open ports, an exposed YAML profile, or an unverified shell call path, and even, as long as the prompts are typed accurately enough, the big model itself can help gray produce the direction of the attack. The door of enterprise data privacy is so arbitrarily entered and exited in the AI era. But the problem is not unsolvable: AI has more than just generating and attacking. How to use AI for protection has increasingly become the main theme of this era; At the same time, on the cloud, making rules for AI has also become the focus of top cloud vendors, and Alibaba Cloud Security is one of the most typical representatives. At the moment of the release of Aliyun Feitian that has just ended, Aliyun officially announced its two paths of cloud security: Security for AI and AI for Security, and released the "Cloud Shield for AI" series products to provide customers with "end-to-end security solutions for model applications", which is a best example of the exploration of the current industry. 01 AI roll dice, why is gray and yellow always facing up first? In the history of human technology, AI is not the first new species to "be tested by the yellow storm first", gray and yellow first outbreak, is also the law of technology popularization rather than an accident. In 1839, silver plate photography came out, and the first wave of users was the industry; In the early days of the Internet, e-commerce did not start, and adult websites have begun to ponder online payment; Today's big model wool party, to some extent, is also recreating the myth of the "domain name era" of getting rich. The dividends of the times are always touched first by gray and yellow. Because they do not pay attention to compliance, do not wait for supervision, and the efficiency is naturally super high. Therefore, every technology outbreak period is first a pot of "muddy soup", and AI is naturally no exception. In December 2023, a hacker used only a prompt word - "$1 offer" - to induce a customer service robot in a 4S store to almost sell a Chevrolet for $1. This is the most common "Prompt Injection" in the AI era: no permission verification is required, no log traces are left, and the entire logical chain can be replaced only by "speaking smartly". One step further is the "jailbreak." The attackers used rhetorical questions, role-plays, detour prompts, etc., to successfully get the model to say things it shouldn't have said: pornography, drug manufacturing, false warning messages...... In Hong Kong, some people even stole HK$200 million from corporate accounts by falsifying executive voices. In addition to scams, AI also has the risk of "unintentional output": in 2023, a large model system of an education giant mistakenly exported "poisonous teaching materials" with extreme content when generating lesson plans, and in just 3 days, parents' rights protection, public opinion broke out, and the company's stock price lost 12 billion yuan. AI doesn't understand the law, but it has the ability, and the ability to do harm, once out of oversight, is harmful. But from another point of view, AI technology is new, but the final flow and means of gray production and yellow are unchanged, and to solve it, it depends on safety. 02 Security for AI Let's first talk about a cold knowledge that has been collectively avoided by the AI industry: The essence of large models is not "intelligence" or "understanding", but semantic generation under probability control. Therefore, once the training context is exceeded, unexpected results may be output. This kind of superclass may be, you want it to write news, it to write you poetry; It could also be that you want it to recommend an item and it suddenly tells you that the temperature in Tokyo today is minus 25 degrees Celsius. What's more, you tell it that in the game, if you can't get the genuine serial number of such and such software, it will be shot, and the big model can really try its best to help users find a genuine software serial number at 0 cost. In order to ensure that the output is controllable, the enterprise must understand the model and security. According to IDC's latest "China Security Big Model Capability Evaluation Report", Alibaba's PK with all top domestic manufacturers with security big model capabilities is the first in 4 of the 7 indicators, and the remaining 3 are all higher than the industry average. In terms of approach, the answer given by Alibaba Cloud Security is also straightforward: let security run ahead of AI speed, and build a bottom-up, three-layer full-stack protection framework - from infrastructure security, to large model input and output control, to AI application service protection. Among the three layers, the most existential is the "AI Guardrail" of the middle layer dedicated to the risk of large models. Generally speaking, the main risks for large model security are: content violations, sensitive data leakage, prompt word injection attacks, model illusions, and jailbreak attacks. However, traditional security solutions are mostly general-purpose architectures, designed for the Web, not for "talking programs", and naturally cannot accurately identify and respond to the risks unique to large model applications. It is even more difficult to cover emerging issues such as generated content security, contextual attack defense, and model output credibility. More importantly, traditional solutions lack fine-grained controllable means and visual traceability mechanisms, which leads to huge blind spots in AI governance, and they naturally cannot solve the problem if they do not know where the problem is. The real power of AI Guardrail is not only "it can block", but whether you are doing pre-trained large models, AI services or AI agents in various business forms, it knows what you are talking about and what the big model is generating, so as to provide accurate risk detection and proactive defense capabilities to achieve compliance, security, and stability. Specifically, AI Guardrail is specifically responsible for the protection of three types of scenarios: Compliance bottom line: Conduct a multi-dimensional compliance review of the text content of generative AI input and output, covering risk categories such as political sensitivity, pornography and vulgarity, prejudice and discrimination, and bad values, deeply detect privacy data and sensitive information that may be leaked during AI interaction, and support personal privacy, enterprise ...