[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTR0rbR88v4znVlxwFNl_6xYID8lvG1I9OaCiyl6LRv0":3},{"code":4,"msg":5,"data":6},200,"操作成功",{"id":7,"title":8,"content":9,"digest":10,"source":10,"coverPath":11,"thumbsCoverPath":12,"isTop":13,"isShow":14,"baseClick":13,"clickCount":15,"createTime":16,"typeId":17,"isNewest":18,"newsInfoTypeRespVo":19,"voiceUrl":22,"voiceSize":23,"taskId":24,"releaseTime":25,"titleEn":26,"contentEn":27,"voiceUrlEn":28,"taskIdEn":29,"voiceSizeEn":30},1394,"国内首次AI大模型众测结果揭晓：含腾讯阿里百度智谱等公司产品","\u003Cp class=\"ql-align-justify\">\u003Cstrong class=\"ql-lineHeight-1-75\" style=\"font-size: 18px; color: rgb(255, 153, 0);\">国内首次AI大模型众测结果揭晓：含腾讯阿里百度智谱等公司产品，累计发现各类安全漏洞281个。\u003C\u002Fstrong>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">IT之家 9 月 17 日消息，随着 AI 应用场景的不断扩展，新的漏洞和攻击手法将不断涌现，AI 大模型安全治理工作任重道远，亟需各方共同努力。\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">昨日，国内首次针对 AI 大模型的实网众测检验结果在第 22 届中国网络安全年会（暨国家网络安全宣传周网络安全协同防御分论坛）重磅揭晓。\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">IT之家注：本次活动由中央网信办网络安全协调局指导，国家计算机网络应急技术处理协调中心主办，网络安全众测平台、国家网络安全人才与创新基地提供技术和环境支持。\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">据官方介绍，此次活动共动员 559 名白帽子，涵盖网安企业专业人才、科研院校师生以及社会白帽子。他们从外部攻击者的视角，对大模型进行了多维度实战化测试，取得了丰富的测试成果。\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">测试产品中既有基础大模型产品，也有垂域大模型产品，还有智能体、模型开发平台等相关应用产品，其中既包含单模态大模型，也涵盖多模态大模型，具有较广泛的代表性。\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">据介绍，本次活动对国内 15 款大模型及应用产品进行了漏洞测试；累计发现各类安全漏洞 281 个，其中大模型特有漏洞 177 个，占比超过 60%。这一数据充分表明，当前 AI 大模型产品面临着大量传统安全领域之外的新兴安全风险。\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">活动中发现的典型漏洞风险包括：一是部分产品存在不当输出类漏洞且危害严重；二是信息泄露类漏洞多发，存在较大安全隐患；三是提示注入类漏洞普遍，是大模型最常见漏洞风险；四是部分大模型产品针对无限制消耗类攻击的防护措施有待加强；五是传统安全漏洞依然普遍存在，危害不容忽视。鉴于 AI 大模型产品普遍用户量大、使用率高，若上述漏洞被恶意攻击者利用，将对国内 AI 大模型产品生态造成较严重的影响。\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">在参与测试的主流大模型产品中，腾讯公司混元大模型、百度公司文心一言、阿里巴巴通义 App、智谱华章公司智谱清言等发现的漏洞风险较少，体现了较高的安全防护水平。\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">另外，本次活动涌现出梁宏宇、马宝新、刘铭等一批表现突出的优秀白帽子。本次活动测试对象主要是实时在线运行的 AI 大模型及应用产品，在产品厂商的防护下，各位白帽子能够挖掘出高危甚至严重等级的漏洞，说明他们有着出众的能力并付出了艰辛的努力。\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">官方还提出了四点 AI 大模型安全治理工作要求：\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">一是针对大模型面临的各类漏洞风险，需持续加强安全防护措施。\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">二是加快制定 AI 漏洞分类分级标准，并按应用场景划分风险等级。\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">三是通过众测模式广泛汇聚社会白帽力量，构筑 AI 共治生态。\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">四是加强内生安全治理，将安全融入到 AI 系统全生命周期，从源头筑牢安全基石。\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp>\u003Cspan style=\"color: rgb(187, 187, 187);\">【新闻来源】IT之家 \u003C\u002Fspan>\u003Ca href=\"https:\u002F\u002Ftech.ifeng.com\u002Fc\u002F8mhcTq8bkQQ\" rel=\"noopener noreferrer\" target=\"_blank\" style=\"color: rgb(187, 187, 187);\">https:\u002F\u002Ftech.ifeng.com\u002Fc\u002F8mhcTq8bkQQ\u003C\u002Fa>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"color: rgb(187, 187, 187);\">（本网转发此文章，旨在为读者提供更多的信息资讯，所涉内容不构成投资、消费建议。文章事实如有疑问，请与有关方核实，文章观点非本网观点，仅供读者参考。）\u003C\u002Fspan>\u003C\u002Fp>","","https:\u002F\u002Fimage.51xinwei.com\u002F2025\u002F09\u002Fe89fbe9ac37c405991be0d12185c9e5a\u002FAI领域.jpg","https:\u002F\u002Fimage.51xinwei.com\u002F2025\u002F09\u002Fthumbs\u002Fe89fbe9ac37c405991be0d12185c9e5a\u002FAI领域.jpg",0,1,50,"2025-09-24 18:51",2,false,{"id":17,"name":20,"enName":21},"芯位视野","Xinwei Vision","https:\u002F\u002Fxinwei-dev-test.oss-cn-shenzhen.aliyuncs.com\u002Fintelligent\u002Faudio%3A75e01739-e259-4fdc-b770-2f479396f2b8%3A0.wav?Expires=1758722933&OSSAccessKeyId=LTAI5tNvY2RkKjZw4LLWsrPK&Signature=Zj4RoE6XPCgsc0Bkum4W8rzdhx0%3D",6049580,"75e01739-e259-4fdc-b770-2f479396f2b8","2025-09-24 18:49","Domestic first AI large model crowd testing results revealed: including products from companies such as Tencent, Alibaba, Baidu, and Zhipu.","\u003Cp class=\"ql-align-justify\">\u003Cstrong class=\"ql-lineHeight-1-75\" style=\"font-size: 18px; color: rgb(255, 153, 0);\">Domestic first AI large model crowd testing results revealed: including products from companies such as Tencent, Alibaba, Baidu, and Zhipu, a total of 281 security vulnerabilities of various types were found.\u003C\u002Fstrong>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">IT Home September 17 report, with the continuous expansion of AI application scenarios, new vulnerabilities and attack methods will continue to emerge, and the work of AI large model security governance is arduous, requiring joint efforts from all parties.\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">Yesterday, the results of the real network crowd testing for AI large models were officially announced at the 22nd China Cybersecurity Annual Conference (and the National Cybersecurity Publicity Week Cybersecurity Collaborative Defense Forum).\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">IT Home Note: This activity was guided by the Cybersecurity Coordination Bureau of the Central Cyberspace Administration, hosted by the National Computer Network Emergency Response Technology Coordination Center, and supported technically and environmentally by the Cybersecurity Crowd Testing Platform and the National Cybersecurity Talent and Innovation Base.\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">According to the official introduction, this activity mobilized 559 white hats, including professionals from network security enterprises, teachers and students from scientific research institutions, and social white hats. They conducted multi-dimensional practical tests from the perspective of external attackers, achieving rich test results.\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">The tested products include both basic large model products and vertical domain large model products, as well as intelligent agents, model development platforms, and related application products. Among them, there are single-modal large models as well as multi-modal large models, which have a relatively broad representativeness.\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">According to the introduction, this activity tested 15 large model and application products in China, and a total of 281 security vulnerabilities of various types were found, among which 177 were specific to large models, accounting for more than 60%. This data fully indicates that current AI large model products face a large number of emerging security risks beyond traditional security fields.\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">The typical vulnerability risks discovered during the activity include: first, some products have improper output-type vulnerabilities with serious consequences; second, information leakage-type vulnerabilities are common, posing significant security risks; third, prompt injection-type vulnerabilities are widespread, being the most common vulnerability risk for large models; fourth, some large model products need to enhance protective measures against unlimited consumption-type attacks; fifth, traditional security vulnerabilities still exist widely, and their hazards should not be ignored. Considering that AI large model products have a large user base and high usage rates, if these vulnerabilities are exploited by malicious attackers, it could cause serious impacts on the domestic AI large model product ecosystem.\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">Among the mainstream large model products participating in the test, Tencent's Huan Yuan large model, Baidu's Wen Xin Yi Yan, Alibaba's Tongyi App, and Zhipei Huazhang's Zhipei Qingyan had fewer vulnerability risks, reflecting a high level of security protection.\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">In addition, this activity has produced outstanding white hats such as Liang Hongyu, Ma Baoxin, and Liu Ming. The test objects of this activity mainly included AI large models and application products running in real time. Under the protection of the product manufacturers, these white hats were able to uncover high-risk or even serious-level vulnerabilities, indicating that they have exceptional abilities and made great efforts.\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">The official also proposed four requirements for AI large model security governance:\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">First, regarding the various vulnerability risks faced by large models, it is necessary to continuously strengthen security protection measures.\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">Second, accelerate the development of AI vulnerability classification and grading standards, and divide risk levels according to application scenarios.\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">Third, widely gather social white hat forces through the crowd testing model to build an AI co-governance ecosystem.\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"font-size: 18px;\" class=\"ql-lineHeight-1-75\">Fourth, strengthen internal security governance, integrate security into the entire lifecycle of AI systems, and establish a solid security foundation from the source.\u003C\u002Fspan>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cbr>\u003C\u002Fp>\u003Cp>\u003Cspan style=\"color: rgb(187, 187, 187);\">【News Source】IT Home \u003C\u002Fspan>\u003Ca href=\"https:\u002F\u002Ftech.ifeng.com\u002Fc\u002F8mhcTq8bkQQ\" rel=\"noopener noreferrer\" target=\"_blank\" style=\"color: rgb(187, 187, 187);\">https:\u002F\u002Ftech.ifeng.com\u002Fc\u002F8mhcTq8bkQQ\u003C\u002Fa>\u003C\u002Fp>\u003Cp class=\"ql-align-justify\">\u003Cspan style=\"color: rgb(187, 187, 187);\">（This article is reprinted by this website to provide readers with more information and news. The content involved does not constitute investment or consumption advice. If there are any questions about the facts of the article, please verify with the relevant party. The views of the article are not the views of this website, and are for reference only.）\u003C\u002Fspan>\u003C\u002Fp>","https:\u002F\u002Fxinwei-dev-test.oss-cn-shenzhen.aliyuncs.com\u002Fintelligent\u002Faudio%3A99f2754e-572c-4053-8630-0392ec6620a9%3A0.wav?Expires=1774838464&OSSAccessKeyId=LTAI5tNvY2RkKjZw4LLWsrPK&Signature=gq%2FSjGg1LjFB9gyri564wnzpt4c%3D","99f2754e-572c-4053-8630-0392ec6620a9",8207756]