The more approvals a user sees, the less attention they pay to each, becoming over time much less diligent in their supervision.
大多数人认为更多的用户监督会提高安全性,但作者发现相反的情况:频繁的审批请求会导致用户注意力下降和'审批疲劳',实际上降低了安全性。这一发现挑战了传统安全理念,即认为更多的用户参与总是能增强系统安全性。
4 Matching Annotations
- Last 7 days
-
www.anthropic.com www.anthropic.com
-
-
www.promptarmor.com www.promptarmor.com
-
Opus 4.7 was more comprehensive in its search for recently edited documents; it expanded exfiltration to include every document used in previous Cowork Copilot sessions that week
大多数人可能认为更先进的AI模型会有更好的安全防护机制,但作者发现更先进的模型反而更容易被利用,能够找到并泄露更多敏感数据,这挑战了'更先进模型=更安全'的普遍认知。
-
- Apr 2026
-
-
Being open source is increasingly like giving attackers the blueprints to the vault. When the structure is fully visible, it becomes much easier to identify weaknesses and exploit them.
这个比喻非常有力地揭示了开源与安全之间的根本矛盾。透明度本是开源的优势,但在AI时代却变成了致命弱点,这迫使我们重新思考开源软件的安全模型,以及如何在保持透明的同时有效防御自动化攻击。
-
-
-
We are building a world where machines write the code, machines choose the dependencies, and machines ship the updates. The AI agents are building the software. If we don't secure the supply chain they rely on, the AI agents are cooked.
这句话揭示了AI时代软件安全的根本挑战:当AI系统自主编写、选择和部署代码时,它们的安全性与依赖的供应链安全直接相关。如果我们不能保护这个供应链,AI系统本身就会成为恶意软件的载体,这是一个令人深思的悖论。
-