中国工程科学2026,Vol.28Issue(2):97-112,16.DOI:10.15302/J-SSCAE-2025.06.016
面向安全治理的大语言模型风险分析与应对策略研究
Risk Analysis and Response Strategies of Large Language Models for Security Governance
摘要
Abstract
To address the challenges of fragmented understanding of Large Language Model(LLM)security risks and the inadequacy of LLM risk classification and grading frameworks,this study aims to construct a comprehensive framework that integrates risk mechanism analysis,quantitative assessment,and governance practices.Theoretically,this study synthesizes and reconstructs multiple foundational theories,including socio-technical systems,social systems theory,and safety science,to reveal that risks originate from a dual trigger mechanism of the model's"internal complexity"and"external interaction."It consequently dissects risks into two primary dimensions—"internal safety"and"application security"—providing a unified theoretical foundation for a systematic governance framework.Methodologically,the study introduces"Risk Label Cards"as a standardized tool and employs an"Artificial Intelligence+Human Expert Collaboration"approach to structurally analyze real-world security incidents.Combined with an improved DREAD(damage,reproducibility,exploitability,affected users,discoverability)risk matrix model,it establishes a complete assessment methodology that spans from qualitative identification to quantitative grading.The research culminates in the construction of a systematic risk classification system and a three-tiered(high,medium,low)risk landscape covering major risk types.The"dual-dimensional driven"risk analysis and governance framework constructed in this study provides a systematic theoretical tool for the precise assessment and governance of LLM risks,effectively bridging the"theory-practice gap"in governance.Furthermore,with its theoretical compatibility and dynamic characteristics,the framework provides a reference for continuously tracking and understanding the evolution of LLM security risks and for security policy research.关键词
大语言模型/安全风险/安全治理/风险评估/分类分级/风险图谱Key words
large language model/security risk/security governance/risk assessment/classification and grading/risk landscape分类
信息技术与安全科学引用本文复制引用
贾堃,张钰歆,陈继昀,齐佳音,方滨兴..面向安全治理的大语言模型风险分析与应对策略研究[J].中国工程科学,2026,28(2):97-112,16.基金项目
中国工程院咨询项目"国家级大模型监管保险箍模式研究"(2025-XZ-08),"广东省人工智能大语言模型的安全合规监管战略研究"(2024-GD-04) (2025-XZ-08)
教育部哲学社会科学重大课题研究项目(24JZD040) (24JZD040)
国家自然科学基金项目(72293583,72293580) Chinese Academy of Engineering preject"Security and Compliance Regulatory Strategies for Artificial Intelligence Large Language Models in Guangdong Province"(2025-XZ-08),"Research on the National Guardrails and Governance Framework for Large Model Regulation"(2024-GD-04) (72293583,72293580)
Major Project of Philosophy and Social Sciences Research of the Ministry of Education(24JZD040) (24JZD040)
The National Natural Science Foundation of China Projects(72293583,72293580) (72293583,72293580)
