@Security_Yunshu: The current wave of large models won't dramatically disrupt the domestic cybersecurity market landscape, and broadly speaking, it won't change the domestic B2B market landscape either. Taking cybersecurity as an example, here are a few brief reasons.
First, code has never been the core competitiveness; the key lies in rules and business logic. Take NDR, for example: there are only a few mainstream players in China. With large models, can competitors quickly build the same product? Actually, excellent open-source products like Zeek and Suricata have always existed; do we need to wait for large models to write code from scratch? The basic frameworks have always been there; what's lacking are excellent rules. Large models don't help much in writing rules and verifying them through long-term operation. The same goes for IAST, WAF, and EDR. Writing an empty shell isn't difficult, and empty shells have always existed; the hard part is the rules and data. Some might argue that large models can replace rules, but this is completely unfeasible in most scenarios because the speed is far too slow—off by several orders of magnitude. In security products, large models are primarily used for noise reduction and managed operations after rule-based alerts are triggered.
Second, in the domestic B2B market, accumulated brand equity and customer relationships are also very important. If you start a new venture and build something, why should customers buy from you? Is it because you use large models for development and thus offer lower prices? Everyone uses large models for development, so their prices won't be much higher than yours. Ultimately, the result brought by large models is that everyone lowers costs together and continues to compete on low prices—not to mention that established competitors have longer brand accumulation and deeper customer relationships. Cost reduction, efficiency enhancement, rapid iteration, and rapid validation are the most significant outcomes brought by large models.
Third, do large models bring absolutely no disruption to the cybersecurity industry? No, it's just not that much. The most typical example is SAST white-box products. Previously, all white-box products worldwide were crap—some were just packaged nicely, while others were more raw. Companies that spent great effort polishing a turd will be out of luck; overnight, everyone's white-box products work, having stepped up a significant level, and new companies without legacy baggage might even rise faster. But overall, everyone is about the same because none of them have core technology; the improvement comes entirely from the underlying large model's capability. At most, your skills are a bit better and theirs are a bit worse, but it doesn't create a generational gap. Additionally, things like logical vulnerability detection suddenly aren't as hard to do anymore, though this is just a detail.
Secondly, the security services market has the potential for disruption. But can agents truly replace on-site personnel or operations and maintenance staff? I hope so, but realistically, it's probably still very difficult; clients might still prefer having a few people sitting right in front of them.
In summary, the likelihood of large models bringing a complete, from-scratch disruption in China isn't that high. I've always believed that having the business first and then adopting new technology is easier than getting new technology first and then trying to build a business around it. The core change brought by large models is still low-cost rapid trial and error, and rapid iteration. BTW, for those who have never learned to code, don't expect large models to help you write enterprise-grade stuff; it's completely unfeasible—at most, you can build small B2C apps.
微信扫一扫打赏 
支付宝扫一扫打赏 
Comments (0)