Alibaba’s AI Red Team Lead Unveils New Safety Framework for Agents

Alibaba Group has confirmed that Song Qizhao, also known as 'Pang Zan', will speak at the upcoming AICon 2026 in Shanghai. As the head of the AI Red Team at Alibaba's AAIG Lab, Song will present critical insights on securing autonomous AI agents.

The session focuses on the REAL Unified Risk Matrix and practical approaches to automated red teaming. This marks a significant step toward standardizing safety protocols for production-grade AI systems.

The Shift from Lab to Production

The past year has witnessed a dramatic transformation in the AI landscape. The term 'Agent' has moved beyond theoretical research into real-world production environments. Engineers are no longer asking if AI can perform tasks but rather how to run them stably and at scale.

This transition introduces complex engineering challenges. Developers must now address architectural design, memory management, and multi-agent coordination. These issues require a fundamental restructuring of traditional R&D workflows.

• Stability: Ensuring consistent performance under load
• Scalability: Managing resources across distributed systems
• Coordination: Orchestrating interactions between multiple agents
• Security: Preventing adversarial attacks and data leaks
• Reliability: Maintaining accuracy over long-running processes
• Governance: Implementing oversight and audit trails

AICon 2026 aims to address these exact pain points. The conference centers on building trustworthy, scalable, and commercializable Agentic operating systems. It brings together experts from top institutions and companies to solve these emerging problems.

Key Speakers and Conference Scope

The event is scheduled for June 26-27 in Shanghai. It features a diverse lineup of technical leaders from major global and Chinese tech firms. Participants include professors from Tsinghua University and Fudan University, alongside experts from Alibaba, Tencent, Ant Group, ByteDance, Kuaishou, Xiaohongshu, Huawei, and Google Cloud.

The agenda is extensive, covering 13 major topics and nearly 60 keynote sessions. Attendees will engage in deep discussions about the engineering aspects of agent deployment. A dedicated hands-on lab will provide practical experience with current tools and frameworks.

Song Qizhao’s presentation is part of the 'Agent Security, Evaluation, and Trusted Governance'专题. His talk, titled 'Alibaba AI Red Team - REAL Agent Unified Risk Matrix and Automated Red Team Practice', will outline a structured approach to safety.

Understanding the REAL Risk Matrix

Song’s speech will dissect the construction of an AI red team system for production use. He will introduce the REAL risk matrix, a three-dimensional classification system denoted as R×E@L. This framework provides a coordinate system to map and categorize agent risks comprehensively.

Unlike traditional security models that focus solely on input/output filtering, the REAL matrix considers the entire lifecycle of an agent. It evaluates risks based on specific dimensions relevant to autonomous behavior. This allows teams to identify vulnerabilities before they manifest in live environments.

Core Components of the Matrix

• R (Risk Type): Categorizes threats such as prompt injection or data exfiltration
• E (Execution Context): Assesses risks during runtime operations and tool usage
• L (Lifecycle Stage): Evaluates vulnerabilities from training through to deployment

By using this coordinate system, developers can pinpoint exactly where an agent might fail. It shifts the focus from reactive fixes to proactive risk mitigation. This structured approach is essential for enterprises deploying agents in sensitive sectors like finance or healthcare.

Automated Red Teaming Practices

Beyond theory, the session will cover practical implementations of automated red teaming. Manual testing is insufficient for modern AI systems due to their complexity and speed. Automation allows for continuous security validation without slowing down development cycles.

Alibaba’s approach integrates automated tests directly into the CI/CD pipeline. This ensures that every update to an agent model undergoes rigorous security checks. The system simulates various attack vectors to stress-test the agent’s defenses.

This practice mirrors strategies used by Western giants like OpenAI and Anthropic. However, Alibaba’s implementation is tailored for large-scale, multi-agent ecosystems common in Asian markets. It addresses unique challenges such as high-concurrency interactions and complex tool chains.

Industry Context and Market Impact

The focus on agent safety reflects a broader industry trend. As Generative AI matures, regulatory scrutiny increases. Companies in the US and EU face strict compliance requirements under laws like the AI Act.

Standardized risk matrices help organizations meet these legal obligations. They provide auditable records of safety measures taken. This transparency builds trust with customers and regulators alike.

Furthermore, robust security is a competitive advantage. Enterprises hesitate to adopt AI agents due to fear of hallucinations or breaches. Proven safety frameworks reduce this friction, accelerating adoption rates across industries.

What This Means for Developers

For engineering teams, the availability of standardized frameworks simplifies development. Instead of building security tools from scratch, developers can leverage existing matrices like REAL. This reduces time-to-market and lowers operational costs.

Developers should prioritize integrating automated red teaming early in the design phase. Waiting until post-deployment leads to costly refactoring. Early detection of vulnerabilities ensures smoother scaling and higher reliability.

Business leaders must also recognize the value of these practices. Investing in AI safety protects brand reputation and prevents financial losses from incidents. It transforms security from a bottleneck into an enabler of innovation.

Looking Ahead

The AICon 2026 Shanghai event signals a maturation of the AI agent ecosystem. The focus is shifting from raw capability to reliable operation. We can expect more companies to adopt similar risk frameworks in the coming year.

Future developments may see the REAL matrix evolve into an open standard. Collaboration between tech giants could lead to unified safety protocols. This would benefit the entire global AI community by raising the baseline for security.

As agents become more autonomous, the need for sophisticated governance grows. Tools that automate monitoring and enforcement will become indispensable. The industry is moving toward self-healing systems that can detect and correct anomalies in real-time.

Gogo's Take

• 🔥 Why This Matters: Standardized risk matrices like REAL are crucial for enterprise adoption. Without clear safety frameworks, businesses cannot confidently deploy agents in critical workflows, stifling innovation and keeping AI confined to low-stakes experiments.
• ⚠️ Limitations & Risks: Automated red teaming is not foolproof. Adversaries constantly develop new attack vectors that may bypass existing matrices. Over-reliance on automation can create a false sense of security, leading to complacency in manual oversight.
• 💡 Actionable Advice: Start implementing automated security checks in your CI/CD pipelines now. Compare your current safety protocols against frameworks like REAL to identify gaps. Prioritize testing for multi-agent coordination errors, as these are often overlooked in single-model assessments.