This topic describes the feature and documentation updates for Secure Access Service Edge (SASE) in July 2025.
Feature updates
| Module | Update description | Release date | References |
|---|---|---|---|
| Log audit | Added custom delivery rules for the log center. These rules let the log center generate statistical reports for Internet access management and OneData. | 2025-07-31 | Use the log audit feature |
| Dynamic decision-making | Enhanced response capabilities: added an action to disable non-compliant software. Violation notifications now support scheduled pushes and rich text links, which helps non-compliant users resolve issues on their own. | 2025-07-31 | Dynamic decision-making |
| Office data protection | Added built-in rules for data classification and categorization (large model keys). Added built-in channels for outbound data management, including QR code generation service channels and AI community channels. | 2025-07-16 | Configure detection rules for outbound file classification and categorization |
| Private access security | Added trusted process configurations for intranet access. Released a cloud-native database asset management feature that lets you connect to ApsaraDB applications with one click, organize application assets, reduce Internet exposure risks, and implement end-to-end protection for database applications. | 2025-07-11 | Deploy business resources on a VPC-connected instance (CEN-associated scenario) |
Client version updates
| Operating system | Client version | Update description | Release date |
|---|---|---|---|
| Windows / macOS | 4.8.1 | Fixed some issues. | 2025-07-14 |
| Windows / macOS | 4.8.0 | Added trusted process configurations for intranet access. Added blocking of web channels for data loss prevention (DLP). Optimized the access control feature. Fixed some issues. Unpublished the security baseline feature. Important After you upgrade to this version, configure a trigger template to implement this feature. | 2025-07-01 |
| Mobile | 4.5.3 | Added support for HarmonyOS. | 2025-07-01 |
Recommended best practice
This month's recommended best practice: Implement end-to-end protection for database applications using SASE.
Integrate your database applications with the SASE Zero Trust protection system to control access to database applications, audit outbound database file downloads, and block them when necessary. This delivers end-to-end protection for all data flowing through your databases.
External risk case study: prevent AI from becoming a data leakage vector
Case details
Researcher data leakage via AI tool: A researcher at a scientific institute used an AI application to accelerate writing a research report. Without authorization, the researcher uploaded core data and experimental results as source material. This led to the leakage of confidential research information, with serious consequences for the researcher.
Policy draft leak (August 2023): An employee uploaded a provincial "Draft Adjustment for New Energy Vehicle Subsidies" to an AI platform during its public comment period. Forty-eight hours later, the full text appeared in a competitor analysis report from Tesla China. This directly resulted in the loss of bargaining power for the country in international negotiations on new energy vehicles.
Recommendations for enterprise AI security
Establish AI usage policies
Manage AI applications using a classification system. Define which data types can be used with AI and which cannot be uploaded or processed. For highly sensitive data — including personal identification information, financial data, and intellectual property — establish stricter access controls and usage limits. Do not process confidential files, images, audio, or video using generative AI tools. Require employees to use legally compliant domestic large models, promote risk awareness, and ensure they follow standard procedures.
Train employees regularly
Run training sessions on documented AI-related data leakage cases to raise data security awareness. Train employees to use authorized AI tools correctly so they can work efficiently without exposing confidential information. Establish an emergency response mechanism to handle violations promptly and prevent further losses.
Use SASE to block sensitive data from reaching AI platforms
Alibaba Cloud SASE now includes AI-related channels in its outbound data detection feature, enhancing its ability to detect and block sensitive data before it reaches AI applications. For details, see Ensure data security by detecting outbound files.