Time to revival, ten years is too long
It has been ten years since I last devoted myself to technical research. Last time, I was working on a key R&D project for cloud computing, collaborating with professors from seven research institutes and universities to conduct in-depth research and exploration, proposing the SRv6 security service architecture, the application of the zero-trust model in carrier networks, and the linkage between SASE and business systems.
I need to apply for this year’s research projects at the end of this month. I’ve been quiet for a long time, unsure what meaningful research to do. Suddenly, over the weekend, an idea suddenly struck me: LLM is almost mature, and with multiple large-scale models vying for users, data security and privacy issues are similar to those faced ten years ago when cloud computing was first adopted. Could the security research approaches used in cloud computing be applied to LLM now? It seems feasible! I feel like I’ve found direction and motivation again. Let’s revive!
LLM is a tool to serve the business
Large language models have become very popular in recent years, but their application in the enterprise market is still relatively limited. Their explainability, predictability, integration with existing systems, and cost are all still insufficient for practical deployment; they primarily assist humans in improving efficiency. AI technology is still mainly applied in relatively repetitive and simple scenarios such as video analytics and predictive maintenance.
But nowadays, agent and some local deployed tools emerged. It’s time for some reflection, research, and experimentation; traditional risk modeling and protection methods can still be applied.
Every part of the eco-system should do what they should do
Basic LL Model, AI IaaS provider, Agent developer, business application, regulatory agency, every part of the eco-system should do their own job. As below:
table
The carrier shouldn’t do things out of their ablities.
Multi-Cloud, Privacy and orchestration, the basic logic also applies
In the past ten years,
OWASP top 10
What I will do
- Clarify project boundaries
- Set the research goal
- Define the expected outputs