Evolution of Ant Group's Risk Control Platforms and Data Security Strategies

Ant Group’s Chief Technical Architect Chen Luobin discusses the progression of the company’s risk control platforms from the first generation, which split risk functions from the transaction system into a standalone service, through to the fifth generation, which emphasizes full‑chain intelligent automation powered by AI.

The transition to the third generation introduced platformization, while the fourth generation (UCT) addressed layered operations, component reuse, a feature‑variable system, and multi‑data‑center deployment to support global scalability and high‑traffic events like Double 11.

The fifth generation, AlphaRisk, aims for autonomous, AI‑driven risk decisions, enabling one‑click strategy recommendations that balance security and user experience.

Key challenges highlighted include international expansion with differing infrastructure, increasing user‑experience expectations, the need for wireless‑era security capabilities, and maintaining uninterrupted service during massive traffic spikes.

Additional projects such as the Real‑Time Risk Data Platform and the Ant Intrusion Detection and Response Platform (AlphaSec) provide high‑performance real‑time computation, unified data services, and SOAR‑based automated response.

Ant Group’s data security framework covers the full data lifecycle—classification, collection, transmission, storage, usage, sharing, and destruction—enforced through encryption, access controls, audit systems, and strict compliance with laws like the Cybersecurity Law and Data Security Law.

Network security measures include traffic cleansing, segmentation, bastion host controls, and comprehensive security education and testing.

Emerging technologies such as graph risk modeling, blockchain, privacy‑preserving computation, Web3 decentralized identity, interactive digital humans, large language models, and data lakes are being explored to enhance risk detection and mitigation.

The future “IMAGE” framework—Interactive proactive security, Multi‑party security, Adversarial intelligence, Graph security, and Edge‑cloud collaboration—represents Ant Group’s vision for next‑generation, large‑scale intelligent security.