By Ouyang Xin, General Manager of Security Products, Alibaba Cloud Intelligence
There is no doubt that the rapid growth of the artificial intelligence (AI) Large Language Models (LLMs) market has brought both new opportunities and challenges. Safety is the most concerning issue in the development of LLMs, along with elements like ethics, content safety, and the use of AI by bad actors to transform and optimize attacks.
As we have seen recently, one significant risk is the rise of deepfake technology, which can be used to create highly convincing forgeries of influencers or those in power.
For example, phishing and ransomware attacks sometimes leverage the latest generative AI (GenAI) technology. An increasing number of hackers are using AI to quickly compose phishing emails that are even more deceptive. Sadly, leveraging LLM tools for ransomware optimization is a new trend that’s expected to increase, adding to an already challenging cyber threat landscape.
However, we should take comfort in knowing that AI also offers powerful tools to enhance security. It can significantly improve the efficiency and accuracy of security operations, providing users with advanced methods to detect and prevent such threats. This sets the stage for an ongoing battle where cutting-edge AI technologies are employed to counteract the malicious use of the same technology. In essence, it’s a battle of using “magic to fight magic,” where both warring parties are constantly raising their game.
The latest AI applications to boost security
Recently, we have seen a huge uptake in the application of AI assistants to further enhance security features. For example, Alibaba Cloud Security Center has launched a new AI assistant for users in China. This innovative solution leverages Qwen, Alibaba Cloud’s proprietary LLM, to enhance various aspects of security operations, including security consultation, alert evaluation, and incident investigation and response. By the end of 2024, the AI assistant has already covered 99% of alert events and served 88% of users in China.
Specifically, in the area of malware detection, by leveraging the code understanding, generation, and summarization capabilities of LLMs, it is possible to effectively detect and defend against malicious files. At the same time, by utilizing the inferencing capabilities of LLMs, anomalies can be quickly identified, reducing false positives and enhancing the accuracy of threat detection, which helps security engineers significantly increase their work efficiency.
The common cloud security failures businesses face today
Nowadays, a growing number of organizations are adopting multi-cloud and hybrid cloud environments, leading to increased complexity in IT infrastructure. A recent survey from Statista revealed that, as of 2024, 73% of enterprises reported using a hybrid cloud setup in their organization. An IDC report also indicates that almost 90% of enterprises in the Asia Pacific are embracing multiple clouds.
This trend, however, has a notable downside: it drives up the costs associated with security management. Users must now oversee security products spread across public and private clouds, as well as on-premises data centers. They must address security incidents that occur in various environments. This complexity inevitably leads to extremely high operational and management costs for IT teams.
Moreover, companies are facing significant challenges with data silos. Even when they use products from the same cloud provider, achieving seamless data interoperability is often difficult. Security capabilities are fragmented, data cannot be integrated, and security products become isolated islands, unable to coordinate. This fragmentation results in a disjointed and less effective security framework.
Additionally, in many enterprises, the internal organizational structure is often fragmented. For example, the IT department generally handles office security, whereas individual business units are responsible for their own production network security. This separation can create vulnerabilities at the points where these distinct areas overlap.
Cloud security products — a resolution to these issues
We found it effective to apply a three-dimension integration strategy for our security products. It means that we adopt a unified approach that addresses three key scenarios: integrated security for cloud infrastructure, cohesive security technology domains, and seamless office and production environments.
The integrated security for cloud infrastructure is designed to tackle the challenges posed by increasingly complex IT environments, with a primary focus on the unified security management of diverse infrastructures, including public and private clouds. Advanced solutions enable enterprises to manage their resources through a single, centralized console, regardless of where those resources are located. This approach ensures seamless and efficient security management across all aspects of an organization’s IT infrastructure.
Unified security technology domains bring together security product logs to create a robust security data lake. This centralized storage enables advanced threat intelligence analysis and the consolidation of alerts, enhancing the overall security posture and response capabilities.
The integrated office and production environments aim to streamline data and processes across departments. This integration not only boosts the efficiency of security operations but also minimizes the risk of cross-departmental intrusions, ensuring a more secure and cohesive working environment.
Cloud security trends in the AI era
We believe that the integration of AI with security is becoming increasingly vital for data protection, wherever it is stored. This is why we are dedicated to advancing AI’s role in the security domain, aiming for more profound, extensive, and automated applications. For example, using AI to discover zero-day vulnerabilities and more efficient automation based on Agents.
In response to the growing trend of enhancing AI security and compliance, cloud service providers are offering comprehensive support for AI, ranging from infrastructure to AI development platforms and applications. Cloud service providers can assist users in many aspects of AI security and compliance, such as data security protection and algorithmic compliance. Among them, the focus must always be on helping users build fully connected data security solutions and providing customers with more efficient content security detection products.
Established in 2009, Alibaba Cloud Intelligence Group is a cloud computing and artificial intelligence company.