3 Matching Annotations
  1. May 2026
    1. The external script identifies links to other workbooks in the stolen data, exfiltrates the discovered workbooks, and continues across all workbooks it can find

      大多数人认为数据泄露通常局限于被直接攻击的文件,但作者展示了攻击者能够通过分析泄露数据中的链接自动发现并传播到其他相关工作簿,这挑战了人们对数据泄露范围的传统认知,揭示了AI工具可能导致的级联风险。

  2. Apr 2026
    1. Unfortunately, the attacker got further access through their enumeration.

      大多数人认为环境变量即使不敏感也难以被利用,但作者指出攻击者通过枚举这些变量获得了进一步访问权限,这挑战了'非敏感数据不值得保护'的常见观念,暗示即使是看似无害的数据也可能成为攻击链的一部分。

    1. Hallucinated packages are the sleeper threat. LLMs regularly invent package names that don't exist. One study found that nearly 20% of AI-recommended packages were fabrications, and 43% of those hallucinated names appeared consistently across queries.

      大多数人认为AI推荐的包都是真实存在的,但作者揭示了AI经常推荐不存在的包,这已成为一种新的攻击向量。攻击者利用这一现象注册'幻觉包'并植入恶意代码,这种'slopsquatting'技术让AI本身成为供应链攻击的放大器。