As AI makes it possible to find and patch more vulnerabilities faster, it also creates more work for maintainers, who need to sift through thousands of reports, many of which are low-quality false positives.
大多数人认为AI在安全领域的应用只会减轻维护者的工作负担,因为AI能自动处理更多任务。但作者指出,AI实际上给开源维护者创造了更多工作,因为他们需要处理大量低质量的误报,这一反直觉观点揭示了技术进步可能带来的意外负担。
Anthropic singled out cybersecurity and biology as two domains where the safeguards may block responses, both areas widely considered sensitive topics for advanced AI systems.
文章暗示了AI在特定领域的风险,但未详细解释为何这些领域被视为敏感。需要深入了解Anthropic的安全措施具体如何工作,以及这些限制是否足够全面,是否存在其他潜在风险领域。
But by letting you generate a world for so long, the model also degrades significantly.
大多数人认为长时间生成能力是AI世界模型的进步标志,但作者指出这种能力实际上伴随着模型一致性迅速下降的问题。这挑战了我们对AI模拟质量与持续时间关系的传统认知,暗示当前世界模型在保持长时间一致性方面存在根本性局限。
A model that can fight its way through a confusing bioinformatics workflow may still be too expensive, too slow, too hard to audit, or too difficult to trust for routine scientific work.
大多数人认为随着AI能力的提升,它们将能够自行处理复杂的生物信息学工作流程,但作者认为即使AI能够处理这些复杂工作,也可能因为成本、速度、审计难度和信任问题而不适合常规科学工作。这一观点挑战了技术决定论,强调了基础设施设计的重要性。
The bottleneck for biological agents is not only reasoning but the absence of widespread deterministic execution layers for querying biological data.
大多数人认为AI在生物数据处理中的瓶颈主要是推理能力不足,但作者认为真正的瓶颈是缺乏确定性的数据查询执行层。这一观点挑战了人们对AI能力局限性的主流认知,表明问题不在于AI不够聪明,而在于数据基础设施设计不友好。
My last pillar of expertise is now reduced to a 'taste' and will probably won't last long.
大多数人认为软件架构和设计品味是工程师的高级技能且难以被AI复制,但作者认为这种'品味'也正在贬值,这与'高级设计技能是人类独特优势'的普遍认知相悖。
The critical insight in the Oz analogy is that roughly half of any real workflow that is non-agentic carries no lab advantage. They are no better than you are at writing the deterministic software underneath the model layer.
大多数人认为AI将取代所有软件工程工作,人类只需构建AI代理层。但作者认为真实工作流程中约有一半是非代理性的,这部分工作大模型实验室没有任何优势。大模型公司在编写模型层下方的确定性软件方面并不比专业应用公司更好。这为专注于构建复杂工作流程中非AI部分的企业提供了重要机会。
The labs are already routing internally — different model classes for different requests, ensembles under the hood. What they can't do is route across vendors, or evaluate a competitor's model for a specific sub-task, or use an open-source fine-tune for the narrow piece where it's actually best.
大多数人认为大模型实验室拥有绝对优势,可以解决所有AI问题。但作者认为实验室在模型选择上存在结构性限制,无法跨供应商评估模型或为特定子任务使用开源微调模型。这为专注于特定领域的企业提供了机会,它们可以选择最适合每个子任务的模型,而不仅限于自家实验室的模型。
NLAs can hallucinate. For instance, here an NLA claims the context contained phrases like 'Wearing my white jacket' when it did not.
NLA存在幻觉问题,可能会生成与实际情况不符的描述,这表明当前技术仍有局限性,需要结合其他验证方法来确保解释的准确性。
NLAs can hallucinate. For instance, here an NLA claims the context contained phrases like 'Wearing my white jacket' when it did not.
这一局限性揭示了当前AI可解释性技术的挑战,提醒我们在解读NLAs结果时需要谨慎验证,不能完全依赖其单方面描述。
GPT-5.5 Pro still regularly gets my favorite GSM8K question wrong.
这一表述暗示即使是先进的AI系统在基本数学问题上仍有错误,表明AI在看似简单任务上的脆弱性。虽然没有具体错误率数据,但这一观察强调了基础推理能力评估的重要性。
On RE-Bench's five open-ended extension tasks, preserved failure traces in ARA accelerate progress, but can also constrain a capable agent from stepping outside the prior-run box depending on the agent's capabilities.
大多数人认为保留失败记录总是有益的,但作者发现这些记录可能会限制AI代理的创新能力,阻止它们跳出'先前运行的盒子'。这一反直觉观点表明,即使是改进的研究方法也可能存在意想不到的限制。
Ars Technica is written by humans. Our reporting, analysis, and commentary are human-authored.
这篇政策声明强调了Ars Technica坚持人工写作的原则,质疑了人工智能在新闻报道和分析中的潜在作用。
I would put venture capitalist in finite demand & open loop. There's only a certain amount of venture capital dollars entering the ecosystem in a year, & investment selection remains an open problem.
作者将风险投资置于'有限需求+开放循环'象限,这是一个令人惊讶的见解。它暗示即使在AI时代,某些需要人类判断和有限资源的领域仍然难以被AI完全替代,这对理解AI的局限性提供了重要视角。
I would put venture capitalist in finite demand & open loop.
将风险投资归类为有限需求+开放循环的有趣定位,揭示了即使在AI时代,投资决策这类需要复杂判断和价值评估的活动仍将保持人类主导,反映了AI在认知密集型领域的局限性。
Writing code is not the same as software development. This is only capturing some level of acceleration while writing code, and does not capture time taken in architecture, debugging, review, and deployment.
大多数人认为高AI代码生成比例意味着软件开发效率的大幅提升,但作者指出这只是编码阶段的加速,不包括架构设计、调试、审查等更耗时的环节,因此高AI贡献比例并不等同于整体生产力的提升。
agent-written code introduces more security vulnerabilities than code authored by humans
大多数人认为AI编程助手能提高代码质量和安全性,但研究发现AI生成的代码实际上比人类编写的代码引入更多安全漏洞。这一发现与AI能减少编程错误的普遍认知相悖,挑战了AI在安全领域的优越性假设。
Large language models live in a similar perpetual present. They emerge from training with vast knowledge frozen into their parameters but they cannot form new memories – cannot update their parameters in response to new experience.
这个观点挑战了我们对AI学习能力的传统认知。LLMs虽然拥有大量知识,却无法像人类一样形成新记忆,这揭示了当前AI系统的根本局限性。作者通过《记忆碎片》电影中的失忆症患者类比,生动地展示了当前AI系统的'永恒现在'状态,这是一个反直觉的深刻洞见。
Public models can already spot that a security-relevant check is missing in the right code path, but they can still miss the actual invariant being violated and therefore misstate the impact.
这一发现揭示了公共模型在安全分析中的一个关键局限:它们能发现缺失的安全检查,但可能无法正确理解被违反的实际不变量,从而错误陈述影响。这挑战了'AI能完全理解安全含义'的假设,强调了人类专家在解释AI发现中的不可替代性。
What happens is that weak models hallucinate (sometimes causally hitting a real problem) that there is a lack of validation of the start of the window... without understanding why they, if put together, create an issue.
这一发现揭示了AI漏洞检测的严重局限性:弱模型只能通过模式匹配'发现'表面相似的问题,却无法理解问题之间的因果关系。这表明当前AI在网络安全中的应用可能存在系统性盲点,值得深入研究。
In one U.S. survey, 40% of employees said they had received 'workslop', i.e. AI-generated content that looks polished but isn't accurate or useful, in the past month.
这一惊人的数据揭示了AI在工作场所应用中的潜在陷阱。虽然AI被宣传为提高生产力的工具,但近半数员工报告收到过看似精美但不准确或无用的AI生成内容。这表明过度依赖AI可能导致质量下降,挑战了AI总是带来积极效果的假设。
She also tried to hire a painter in Afghanistan through Taskrabbit by accident because she couldn't navigate a dropdown menu.
这个看似荒谬的错误揭示了当前AI系统在理解界面和地理限制方面的局限性,提醒我们即使是最先进的AI也存在基础认知缺陷,突显了人类监督在AI执行复杂任务中的必要性。
She also tried to hire a painter in Afghanistan through Taskrabbit by accident because she couldn't navigate a dropdown menu.
令人惊讶的是:AI Luna因为无法导航下拉菜单,意外地通过Taskrabbit试图在阿富汗雇佣画家。这个细节揭示了AI在处理界面交互时的局限性,以及这种局限性可能导致的实际商业后果,突显了人类监督在AI操作中的必要性。
Every AI-generated design has the same tell: it doesn't look like your product. Components are invented. Spacing is arbitrary.
这一观察令人惊讶,揭示了AI生成设计的可识别特征。AI生成的UI虽然技术上可行,但缺乏与实际产品的视觉一致性,组件和间距都是随意创建的。这表明AI设计工具在理解品牌语言和设计系统方面存在根本性挑战。
Luna could observe the shop through security camera screenshots, but still made basic mistakes, including selecting the wrong country when hiring a contractor and mismanaging staff schedules during opening weekend.
尽管AI代理在现实世界运营中展示了令人印象深刻的自主性,但它们仍然存在明显的局限性。这一事实提醒我们,当前的AI系统在处理复杂现实情境时仍不可靠,特别是在涉及细节判断和执行方面。这表明AI代理的商业化应用还需要更多的技术突破和测试。
In Messi Legacy repos, low confidence should be flagged early. Better to be transparent than open a bad pull request.
这一声明展示了Ovren在面对复杂遗留代码时的谨慎态度。在AI编码领域,这是一个令人惊讶的诚实立场——承认AI在处理未记录的遗留代码时可能存在局限性,并优先保证代码质量而非盲目提交,这反映了产品团队对技术负责的成熟思考。
AI models can win a gold medal at the International Mathematical Olympiad but cannot reliably tell time—an example of what researchers call the jagged frontier of AI.
这一矛盾揭示了AI能力的奇特不均衡性,挑战了我们对'智能'的传统理解。AI在高度专业化的复杂任务上表现出色,却在基本常识任务上失败,这暗示当前AI系统缺乏真正的通用智能和推理能力。
Without experience with compiler behavior, the agent couldn't have predicted which 'optimizations' the compiler would already handle.
这一观察揭示了AI代理在编译优化方面的局限性:代理无法准确预测编译器已经自动处理的优化。这表明AI代理需要更深入理解编译器行为和现代编译技术,以避免徒劳的优化尝试。这一发现对AI辅助编程系统的发展具有重要启示,强调了领域知识整合的重要性。
data and analytics agents are essentially useless without the right context – they aren't able to tease apart vague questions, decipher business definitions, and reason across disparate data effectively.
这是一个令人惊讶的洞察,揭示了当前AI数据代理面临的核心瓶颈。文章指出,即使是最先进的数据代理,缺乏适当的上下文也会使其变得毫无用处。这挑战了技术万能论的假设,强调了业务上下文在AI系统中的决定性作用。
While model capabilities have improved dramatically for use cases like codegen and mathematical reasoning, they still lag behind on the data side (as evidenced through SQL benchmarks like Spider 2.0 and Bird Bench).
令人惊讶的是:尽管AI模型在代码生成和数学推理方面取得了巨大进步,但在数据处理方面仍然落后。Spider 2.0和Bird Bench等基准测试显示,AI在SQL查询等基础数据任务上表现不佳,这表明当前AI技术存在明显的应用局限性。
In a single run, most models—including earlier versions of GLM—give up quickly: they produce a basic skeleton with a static taskbar and one or two placeholder windows, then declare the task complete.
令人惊讶的是:即使是先进的AI模型在构建复杂Linux桌面环境时也会很快放弃,只创建基本框架就宣布任务完成。这揭示了当前AI系统在需要持续改进和长期规划的任务上的局限性,而GLM-5.1通过8小时的迭代实现了完整桌面环境的构建。
Agents show only ~10% success on instances with PoCs longer than 100 bytes, which represent 65.7% of the benchmark
令人惊讶的是:AI助手在处理复杂输入时表现极差,对于超过100字节的概念验证(PoC),成功率仅为10%。这表明尽管AI在网络安全领域取得了进展,但在处理需要深度分析和复杂输入生成的任务时仍面临重大挑战,而这类任务恰恰代表了大多数现实世界中的安全漏洞。
Most skills require you to install a dedicated CLI. But what if you aren't in a local terminal? ChatGPT can't run CLIs. Neither can Perplexity or the standard web version of Claude.
令人惊讶的是:许多基于技能的AI工具依赖本地CLI,但主流AI平台如ChatGPT和Perplexity实际上无法执行CLI命令。这一限制意味着许多技能在非终端环境中完全失效,造成了AI工具功能的严重碎片化。
Some advanced Excel capabilities aren't supported yet, including Office Scripts, Power Query, and Pivot/Data Model, data validation, and the named ranges manager, slicers, timelines, external connection administration, advanced charting breadth, and macro/Visual Basic for Applications (VBA) automation.
令人惊讶的是:尽管ChatGPT for Excel声称能处理复杂的电子表格任务,但它实际上不支持许多高级Excel功能,如VBA宏和Power Query。这表明该AI工具目前更适合基础到中级的电子表格操作,而非高度专业化的Excel工作流程。
Sellers say that while AI tools have made it easier to come up with ideas and get a business off the ground, they do not replace the core skills that make someone good at e-commerce.
在AI热潮中,大多数人认为AI将使电子商务创业变得更容易,使技能变得不那么重要。但作者认为AI实际上放大了已有技能的价值,优秀的企业家仍然需要决策能力、执行速度和订单交付能力,这些是AI无法替代的核心竞争力。
The issue isn't that models are bad at reading documents. It's that single-pass extraction has no mechanism to catch its own mistakes, and models get lazy.
大多数人认为AI模型在文档提取中的低准确率主要是因为模型能力不足或理解能力有限。但作者提出了一个反直觉的观点:问题不在于模型本身,而在于单次提取缺乏自我纠错的机制,导致模型'变懒'。这挑战了对AI能力局限性的传统认知。
the inherent limitations of such a single-paradigm approach pose a fundamental challenge for existing models
作者暗示当前主流LLM代理模型存在根本性架构缺陷,因为它们试图用单一范式解决本质上不同的问题。这一论点挑战了AI社区对现有方法的信心,暗示需要更根本性的架构变革而非渐进式改进。