Anthropic’s Claude Managed Agents now offers a self‑hosted sandbox and a Model Context Protocol (MCP) tunnel, letting enterprises keep authentication credentials at the network edge, run tool execution on their own infrastructure, and securely connect to internal APIs without exposing keys.
OpenAI's Codex now supports full‑screen mobile remote control via the ChatGPT app, letting developers monitor and approve tasks, switch models, and manage enterprise‑grade SSH environments from any device while maintaining a secure encrypted relay layer, sparking fierce rivalry with Claude Code.
The article examines the hidden governance gap of powerful enterprise AI agents, shares real‑world failures from the OpenClaw platform, and proposes a practical AAAA (Access, Authority, Audit, Abort) framework to safely deploy autonomous assistants in production environments.
The article proposes a hybrid architecture where Kimi Claw serves as the primary knowledge and search hub while a self‑hosted OpenClaw node supplements it for intranet security and multi‑model experiments, detailing scenarios, data boundaries, step‑by‑step implementation, and model‑tool selection.
In May 2021, a dismissed IT contractor exploited weak account deprovisioning at Waste Management, used a self‑written PowerShell script to reset thousands of passwords, shutting down the entire corporate network and causing over $860,000 in losses, highlighting the severe risk of insider threats.
A former IT contractor at Waste Management exploited his insider knowledge after being terminated, using a self‑written PowerShell script to reset thousands of accounts, causing a nationwide outage that cost over $860,000 and highlighted critical gaps in enterprise permission revocation processes.
The 2024 Cloud Conference showcased Alibaba Cloud's MaxCompute, detailing its four‑pillar roadmap—Data+AI integration, Lakehouse 2.0, near‑real‑time analytics, and enterprise‑grade capabilities—while highlighting performance breakthroughs, security features, and a real‑world case study from Juewei Group.
This article details the design and development of Baidu's Unified Permission Management Service (MPS), covering requirements analysis, technology selection, architecture, platform and node management, permission models (RBAC, ACL, DAC), functional modules, API integration, audit, and deployment strategies for enterprise-wide access control.
Unified Permission Management Service (MPS) at Baidu centralizes fragmented permission systems across internal platforms, integrating ACL, DAC, and RBAC models via Baidu's GDP framework, and provides modules for platform and node management, permission CRUD, workflow approvals, and audit/recovery, now serving over 20,000 users and managing more than 100,000 permission nodes.
The 2022 Cloud Native Security State Report reveals that while enterprises increased cloud usage by over 25% during the pandemic, many face security and compliance challenges, and highlights how strong security posture, DevSecOps integration, and automation dramatically reduce friction and boost operational efficiency.
At the CIS 2022 Cybersecurity Innovation Conference in Shanghai, ZTO Express’s security chief shared practical strategies for data security governance, highlighting legal compliance, management vs. technical controls, and the emerging role of privacy computing in sustaining business operations.
Unapproved software, known as shadow IT, can impose hidden personnel, business, and technical expenses on organizations, and CIOs must identify, prevent, and mitigate these costs to maintain smooth IT operations and avoid legal, security, and productivity risks.
The online Huolala Security Salon on August 19 featured eight expert sessions covering enterprise security foundations, purple‑team tactics, security training programs, data‑security compliance practices, LLSRC award recognitions, game vulnerability analysis, the evolution of code‑audit techniques, and the design of a flexible security operations platform.
This article describes the challenges of fragmented user management in enterprise applications and presents a unified, standardized account management solution based on token authentication, detailing OAuth2 password flow, JWT usage, system architecture, authorization processes, credential renewal, and interface design for secure, scalable access control.
This article examines the evolution from traditional perimeter‑based security to zero‑trust models, compares their advantages, presents industry case studies, and details Ant Financial’s integrated zero‑trust architecture—including SDP, IAM, and micro‑segmentation—along with implementation practices and future outlook.
The article presents a comprehensive case study of the Magic Butler system—a zero‑trust security management solution developed by 58 Group’s TEG department—detailing its business drivers, design principles, architecture, key technical features, deployment scale, and future outlook for enterprise network security.
This article provides a comprehensive overview of zero‑trust security, explaining its core principles, SDP‑based architecture, three main implementation models (application‑layer proxy, traffic‑layer proxy, and hybrid), various deployment scenarios, and practical guidance for enterprise adoption.
This article explains why enterprises need a unified, token‑based OAuth2 authentication system, outlines its advantages over session‑based methods, describes the standard OAuth2 password flow, JWT usage, and details the authorization, authentication, and credential‑renewal processes with architectural diagrams.
Google has open‑sourced a large‑scale vulnerability scanner called Tsunami, designed for enterprise networks with thousands of devices, featuring a two‑part architecture, extensible plugins, and a focus on accurate, high‑severity vulnerability detection to reduce false positives and alert fatigue.
This article shares practical experiences from building a zero‑to‑one information security management system for enterprises, outlining common security challenges, the role of such systems in risk governance, and detailed implementation approaches including security policies, penalty mechanisms, and management operations to achieve closed‑loop risk mitigation.
This article summarizes Liu Huan's presentation on data security in the DT era, covering the current security landscape, internal and external threats to enterprise data, and 58 Daojia's practical approaches to data discovery, classification, authentication, monitoring, and incident response.
The article recaps the fourth Enterprise DevOps Empowerment conference, highlighting DevSecOps as the core theme, expert presentations from China Academy of Information and Communications Technology, Huatai Securities, and Tencent, and a detailed Q&A covering threat modeling, security automation, scanning practices, and operational integration.
Boundary defense—protective measures at business and IT entry points such as firewalls, WAFs, and secure development lifecycles—provides early‑stage enterprises a clear perimeter through detection, response, protection, and policy, as illustrated by Youzan’s web‑gate WAF, SDL checkpoints, DNS monitoring, and automated security‑ticket processes, enabling a shift toward deeper, defense‑in‑depth strategies.
This article provides an in‑depth analysis of ransomware, detailing its typical propagation methods, common intrusion techniques, C2 communication behaviors, the defensive chain across reconnaissance, deployment and persistence stages, and highlights current enterprise security gaps and comprehensive protection strategies.
