大模型智能体背景下数据跨境交易安全分析:风险谱系、制度约束与治理框架综述

Journal: Advances in Computer and Autonomous Intelligence Research DOI: 10.32629/acair.v4i2.20505

林飞

山东大学继续教育学院

Abstract

随着数据要素市场化配置持续推进以及跨境数据流成为数字贸易、全球研发和平台 协同的重要基础,数据跨境交易已由静态的数据包转移和接口授权,扩展为面向模型 训练、智能决策与跨域协同的数据服务交易。大模型智能体借助任务规划、工具调 用、检索增强生成、长期记忆和多智能体协作等能力,显著提升了跨境数据利用效率 ,但也同步放大了提示注入、工具越权、记忆污染、交易后用途失控、跨法域责任不 清等复合风险。本文在梳理数据跨境流动制度演进和智能体技术特征的基础上,从概 念边界、作用机制、风险谱系、制度约束和安全技术五个层面综述相关研究,并提出 涵盖Data、Agent、Compliance、Transaction的DACT全生命周期治理框架。研究认 为,在大模型智能体背景下,数据跨境交易安全的分析对象已经由“数据是否出境”扩 展为“数据、模型、工具、记忆与衍生结果能否被分类识别、最小化调用、持续审计 并实现跨境可追责治理”。

Keywords

大模型智能体;数据跨境交易;数据出境;数据安全;提示注入;隐私增强技术;合规治理;数据要素

References

[1] 中共中央,国务院.中共中央国务院关于构建数据基础制度更好发挥数据要素作用的 意见[EB/OL].(2022-12-19)[2026- 05-20].https://www.gov.cn/zhengce/2022-12/19/content_5732695.htm.
[2] 国家数据局等17部门.“数据要素×”三年行动计划(2024—2026年)[EB/OL].(2023- 12-31)[2026-05-20].https://www. cac.gov.cn/2024-01/05/c_1706119078060945.htm.
[3] 国家互联网信息办公室.数据出境安全评估办法[EB/OL].(2022-07-07)[2026-05- 20].https://www.cac.gov.cn/2022-07/07/c_1658811536396503.htm.
[4] 国家互联网信息办公室.促进和规范数据跨境流动规定[EB/OL].(2024-03- 22)[2026-05-20].https://www.cac.gov.cn/2024-03/22/c_1712776611775634.htm.
[5] 中华人民共和国国务院.网络数据安全管理条例[EB/OL]. (2024-09-30)[2026-05-20].https://www.cac.gov.cn/2024- 09/30/c_1729384452307680.htm.
[6] 国家互联网信息办公室.个人信息出境标准合同办法[EB/OL].(2023-02-24)[2026- 05-20].https://www.cac.gov.cn/2023-02/24/c_1678884830036813.htm.
[7] 国家互联网信息办公室,国家市场监督管理总局.个人信息出境认证办法[EB/OL].( 2025-10-17)[2026-05-20].https:// www.cac.gov.cn/2025-10/17/c_1762449728720008.htm.
[8] European Union.Regulation(EU)2016/679 of the Europe an Parliament and of the Council of 27 April 2016 on the prote ction of natural persons with regard to the processing of pers onal data and on the free movement of such data[EB/OL].(2016 -04-27)[2026-05-20].https://eur-lex.europa.eu/eli/reg/2016/679/oj.
[9] European Union.Regulation (EU)2024/1689 of the Europ ean Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence[EB/OL].(2024-06 -13)[2026-05-20].https://eur-lex.europa.eu/eli/reg/2024/1689/oj.
[10] European Union. Regulation(EU)2023/2854 of the Euro pean Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data[EB/OL]. (2023-12-13)[2026-05- 20].https://eur-lex.europa.eu/eli/reg/2023/2854/oj.
[11] OECD.Fostering Cross-Border Data Flows with Trust [R].Paris:OECD Publishing,2022:OECD Digital Economy Papers, No.343.https://doi.org/10.1787/139b32ad-en.
[12] OECD.Sharing Trustworthy AI Models with Privacy- Enhancing Technologies[R].Paris:OECD Publishing,2025:OECD Ar tificial Intelligence Papers,No.38.https://doi.org/10.1787/a 266160b-en.
[13] WANG L,MA C,FENG X,et al.A Survey on Large Language Model based Autonomous Agents[J].Frontiers of Computer Scie nce,2024,18(6):186345.https://doi.org/10.1007/s11704-024-40231-1.
[14] GUO T,CHEN X,WANG Y,et al.Large Language Model based Multi-Agents:A Survey of Progress and Challenges[C]//Proceed ings of the Thirty-Third International Joint Conference on Artificial Intelligence.2024:8048-8057. https://doi.org/10.24 963/ijcai.2024/890.
[15] GAN Y,YANG Y,MA Z,et al.Navigating the Risks: A Survey of Security, Privacy, and Ethics Threats in LLM-Based Agents [EB/OL].(2024-11-14)[2026-05-20].https://arxiv.org/abs/2411.09523.
[16] OWASP.AI Agent Security Cheat Sheet[EB/OL].[2026- 05- 20].https://cheatsheetseries.owasp.org/cheatsheets/AI_Agent_Security_Cheat_S heet.html.
[17] OWASP. OWASP Top 10 for Agentic Applications for 2026[EB/OL].(2025-12- 09)[2026-05-20].https://genai.owasp.org/resource/owasp-top-10-for-agentic- applications-for-2026/.
[18] NIST.Artificial Intelligence Risk Management Framew ork(AI RMF 1.0)[R].Gaithersburg: National Institute of Standa rds and Technology,2023.https://doi.org/10.6028/NIST.AI.100-1.
[19] NIST.Artificial Intelligence Risk Management Framew ork:Generative Artificial Intelligence Profile[R].Gaithersburg: National Institute of Standards and Technology,2024.https:// doi.org/10.6028/NIST.AI.600-1.
[20] NIST.Guidelines for Evaluating Differential Privacy Guarantees: NIST SP 800-226[R].Gaithersburg: National Instit ute of Standards and Technology,2025.https://doi.org/10.6028/ NIST.SP.800-226.
[21] ISO.ISO/IEC 42001:2023 Information technology—Art ificial intelligence—Management system[S/OL].2023[2026-05 -20].https://www.iso.org/standard/81230.html.
[22] ISO.ISO/IEC 27001:2022 Information security, cyberse curity and privacy protection—Information security managem ent systems—Requirements[S/OL].2022[2026-05-20].https:// www.iso.org/standard/27001.
[23] 国家市场监督管理总局,国家标准化管理委员会.GB/T 43697- 2024数据安全技术数据分类分级规则[S/OL].2024[2026- 05- 20].https://std.samr.gov.cn/gb/search/gbDetailed?id=14156507D2210337E06397BE 0A0AE656.
[24] 国家互联网信息办公室.数据出境安全管理政策法规问答(2026年1月)[EB/OL].(2 026-01-30)[2026-05-20].https:// www.cac.gov.cn/2026-01/30/c_1771505108953002.htm.

Copyright © 2026 林飞

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License