本文结构In This Post
一、持续验证原则I. Continuous Verification Principle
AI 请求链路可能在一次会话中跨越多个服务和数据域。零信任要求每次关键动作都重新校验主体身份、权限和风险状态。AI request chains can span many services and data domains in one session. Zero trust requires re-validating identity, authorization, and risk posture at each critical step.
二、上下文信号体系II. Context Signal System
有效信号通常包括设备可信度、访问位置、行为基线偏差、提示词风险等级、目标资源敏感度。单一信号不可靠,组合评分更稳健。Useful signals include device trust, geolocation, behavior deviation, prompt risk level, and resource sensitivity. Single signals are weak; combined scoring is more robust.
三、策略即运行时III. Policy as Runtime
策略不应只存在文档里,而应直接驱动运行时决策:允许、拒绝、降级、升级认证。这样安全策略才能与业务流同步变化。Policies should not live only in documents. They must drive runtime decisions: allow, deny, downgrade, or step-up authentication in real time.
四、弹性与回滚IV. Resilience and Rollback
AI 运行时必须预置回滚路径:当策略触发高风险告警时,系统应能立即终止会话、撤销令牌、回退到人工审批模式。AI runtime needs built-in rollback paths. When high-risk triggers fire, the system should terminate sessions, revoke tokens, and fall back to human approval mode.
这不仅提升安全性,也提高业务韧性,因为异常不会扩散成系统性事故。This improves both security and resilience by preventing abnormal behavior from escalating into systemic incidents.