Ch12 安全与治理¶
Agent 权限越大,安全责任越重:凭据、审计、合规
本章收录 113 篇实体,按深度递增排列。
本章导航¶
| Level | 含义 | 篇数 |
|---|---|---|
| ⭐ 入门 | 零基础可读 | 8 |
| ⭐⭐ 工程师 | 需编程基础 | 103 |
| ⭐⭐⭐⭐ 科学家 | 需研究背景 | 1 |
| ⭐⭐⭐⭐⭐ 大师 | 前沿/哲学 | 1 |
导读¶
AI Agent 正在获得越来越多的权限——执行代码、访问数据库、发送邮件、操作文件系统。
权限越大,攻击面越大。本章覆盖 Agent 安全的完整谱系:凭据管理(1Password 的机器身份方案)、Prompt 注入防御、供应链攻击(TanStack npm 事件)、恶意软件分析(GlassWASM WebAssembly 恶意代码)、逆向工程(Themida 脱壳)。
你还会看到 100 万+ AI 服务暴露在公网的扫描报告,以及 Google 与国际特赦组织联手打击商业间谍软件的行动。
安全不是"做完再考虑"的事——它应该内嵌在 Agent 架构的第一天。
本章内容¶
- 001. CISA urges critical infrastructure firms to 'fortify' before it's too late | Cybersecurity Dive
- 002. A Framework for AI Threat Readiness
- 003. From SSH to REST: A Security-Driven Modernization of Slack's EMR Data Pipelines
- 004. Mozilla warns UK: Breaking VPNs will not magically fix Britain's age-check mess
- 005. Offensive Security Blog
- 006. Sandworm Hackers Shift From IT Breaches to Critical OT Targets
- 007. 5 Things to Know about the CLARITY Act
- 008. fedora hummingbird brings the container security model to a linux host os
- 009. Mythos finds a curl vulnerability
- 010. 飞来汇借助 AWS Security Agent 构建跨境支付应用的智能安全防线
- 011. Canvas Hackers ShinyHunters Say Their Official Domain Was Suspended
- 012. Hermes Agent v0.14.0 核心架构与快速上手
- 013. bleeding-llama-critical-unauthenticated-memory-leak-in-ollama
- 014. SHub Reaper: macOS Stealer Spoofs Apple, Google, and Microsoft in a Single Attack Chain
- 015. Resecurity | CVE-2026-20182: Unauthenticated Cisco SD-WAN Control-Plane Compromise via vHub Authentication Bypass
- 016. LLMReaper - DOM Based AI Conversation Exfiltration via Browser Extensions
- 017. Static Devirtualization of Themida
- 018. Static Devirtualization 2024
- 019. What My Privacy and Security Stack Actually Looks Like
- 020. How an image could compromise your
- 021. Alliance for Critical Infrastructure (ACI): US Critical Infrastructure Cybersecurity Coalition
- 022. Static Devirtualization of Themida
- 023. Inference Theft as AI Endpoint Attack Surface — Vercel Token Theft Defense 2026
- 024. Apple corecrypto formal verification blueprint — post-quantum ML-KEM/ML-DSA in iMessage
- 025. OpenClaw 安全和功能增强实践
- 026. Optimize blueprint extraction accuracy in Amazon Bedrock Data Automation"
- 027. xz-utils Backdoor 2 Years On — Maintainer Trust Hijack Pattern Beyond CVE Scanners
- 028. Disgruntled researcher releases two more Microsoft zero-days
- 029. Disgruntled researcher releases two more Microsoft zero-days
- 030. Where OpenClaw Security Is Heading — OpenClaw Blog
- 031. Canvas Breach Disrupts Schools & Colleges Nationwide
- 032. 别让你的 Amazon Bedrock 模型为他人打工——API 调用安全防护指南
- 033. Postmortem: TanStack npm supply-chain compromise | TanStack Blog
- 034. 100万+AI服务暴露在公网——HackerNews扫描报告
- 035. Canvas Hackers ShinyHunters Say Their Official Domain Was Suspended
- 036. Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access
- 037. Disgruntled researcher releases two more Microsoft zero-days
- 038. GitLab CI/CD Kill Chain Audit — Black Hills InfoSec 2026 大规模审计研究
- 039. INTERPOL Operation Ramz MENA Cybercrime Networks
- 040. Cyberscammers are bypassing banks' security with illicit tools sold on Telegram
- 041. Securing AI Agents and Machine Identities
- 042. A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens
- 043. U of T AI Worm:CleverHans Lab 展示可自适应的 AI 蠕虫威胁
- 044. Canvas LMS 攻击者 ShinyHunters 官方域名被暂停:转向暗网的运营安全转向
- 045. NGINX Rift: Achieving NGINX Remote Code Execution via an 18-Year-Old Vulnerability | depthfirst
- 046. Fake Job Interview Apps Drop JobStealer Malware on Windows and macOS
- 047. ICO 对 South Staffordshire 处以 96.3 万英镑罚款:2022 年 Cl0p 勒索软件攻击暴露的安全失败
- 048. AI in Cybersecurity Training Resources | SANS Institute
- 049. bagel — Fleet 级 Secret Scanning 守护开发工作站
- 050. Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
- 051. Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total
- 052. Autonomous Vulnerability Hunting with MCP
- 053. A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens
- 054. Static Devirtualization of Themida
- 055. TeamPCP Claims Sale of Mistral AI Repositories Amid Mini Shai-Hulud Attack
- 056. Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
- 057. Meta U-turns on encryption push for Instagram as DMs go plaintext
- 058. AI Voice Cloning: The Technology Behind It, Who's Building It, and Where It's Headed
- 059. Google and Amnesty International teamed up to make Android spyware detectable
- 060. RFC 9958: Post-Quantum Cryptography for Engineers
- 061. Disgruntled researcher releases two more Microsoft zero-days
- 062. OpenAI launches Daybreak to combat cyber threats
- 063. Funnel Builder 漏洞正被利用于 WooCommerce 支付 skimming
- 064. The down fall of bug bounties
- 065. Mozilla warns UK: Breaking VPNs will not magically fix Britain's age-check mess
- 066. JetBrains Marketplace Ecosystem Security Update: Malicious AI Plugins
- 067. GlassWASM: WebAssembly Malware Found in Trojanized Open VSX Extensions
- 068. ai detection and response aidr a zero impact operating model
- 069. GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos
- 070. Exploiting vulnerabilities in Johnson & Johnson web apps
- 071. The IT and security field guide to AI adoption | Tines
- 072. Mythos for Offensive Security: XBOW's Evaluation
- 073. Getting a CVE Without Shipping Slop
- 074. Fedora Hummingbird brings the container security model to a Linux host OS
- 075. Meet Bluekit: The AI-Powered All-in-One Phishing Kit
- 076. Building is just the beginning: Introducing Discoverability | Lovable
- 077. Scammers Send Physical Phishing Letters to Steal Ledger Wallet Seed Phrases
- 078. LLMReaper: 浏览器扩展的对话窃取攻击
- 079. How Unified EDR and ITDR Stop Attacks Before They Spread
- 080. Cyberscammers are bypassing banks' security with illicit tools sold on Telegram
- 081. Guide to Security Operations at Machine Speed
- 082. Discord 全平台端到端加密
- 083. A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens
- 084. Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
- 085. Forward launches Predict to verify network changes before they reach production - SiliconANGLE
- 086. Static Devirtualization of Themida
- 087. GitHub Breached — Employee Device Hack Led to Exfiltration
- 088. CyberSecQwen-4B
- 089. Mystery Microsoft bug leaker keeps the zero-days coming
- 090. AI phishing attacks are on the rise — Are you prepared? | Bitwarden
- 091. cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
- 092. semgrep intercom php security
- 093. A DOD contractor’s API flaw exposed military course data and service member records
- 094. Anthropic's bug-hunting Mythos was greatest marketing stunt ever, says cURL creator
- 095. incendium fuzzing ms rpc
- 096. How Semgrep Cut Taint Analysis Time by 75%
- 097. Sandworm Hackers Shift From IT Breaches to Critical OT Targets
- 098. On Post-Quantum Security Adoption
- 099. Jane Street — 形式化方法与编程的未来
- 100. semgrep intercom php supply chain
- 101. ICO fines Cl0p victim South Staffs Water over data breach
- 102. peerd: 浏览器原生的 AI Agent Harness
- 103. Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
- 104. Cyberscammers are bypassing banks’ security with illicit tools sold on Telegram
- 105. Hackers accessed BWH Hotels reservation system for months
- 106. ICO fines South Staffordshire £963K over 2022 breach
- 107. 中国用户安全高性能访问海外 Bedrock
- 108. ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed
- 109. Temporarily disabling new user registrations
- 110. Romanian Man Faces Up to 30 Years in US Prison Over Vishing Scams
- 111. GitHub Secret Scanning: AI/ML 驱动的大规模误报降低
- 112. U of T researchers demonstrate AI worm: self-spreading malware using open-weight models
- 113. Japan’s PM orders cybersecurity review to defend against Anthropic Mythos