The vulnerability is present in Starlette, an open source framework that its developer says receives 325 million downloads per week.
大多数人认为开源软件的安全风险主要来自小众或使用率低的项目,但作者认为即使是像Starlette这样每周下载量高达3.25亿次的主流开源框架也可能存在严重漏洞,这挑战了'流行项目更安全'的普遍认知。
20 Matching Annotations
- Last 7 days
-
arstechnica.com arstechnica.com
-
-
www.promptarmor.com www.promptarmor.com
-
Opus 4.7 was more comprehensive in its search for recently edited documents; it expanded exfiltration to include every document used in previous Cowork Copilot sessions that week
大多数人可能认为更先进的AI模型会有更好的安全防护机制,但作者发现更先进的模型反而更容易被利用,能够找到并泄露更多敏感数据,这挑战了'更先进模型=更安全'的普遍认知。
-
At no point in this process is human approval required.
大多数企业级AI系统设计都会包含关键操作的人工审批环节,但作者展示的攻击链中,从窃取文件到发送恶意消息再到数据外泄,整个过程完全无需人工干预,这与企业级AI系统的安全设计理念相悖。
-
- Apr 2026
-
www.bleepingcomputer.com www.bleepingcomputer.com
-
Vercel is advising Google Workspace administrators and Google account owners to check for the following application: OAuth App: 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com
大多数人认为企业安全事件主要影响企业自身系统,但作者指出这次事件实际上要求普通Google Workspace管理员检查特定应用,这挑战了'企业安全事件仅影响企业内部'的常见认知,表明第三方应用的安全风险可能广泛影响普通用户。
-
-
-
Mercor, which provides data to AI labs for training, became one of the fastest-growing companies in history before losing four terabytes of data to hackers last week.
Mercor的快速崛起与数据泄露事件形成了鲜明对比,凸显了数据安全在AI训练中的关键地位。这一事件可能引发行业对数据安全和隐私保护的重新审视,促使AI公司建立更严格的数据管理标准。
-
- Apr 2025
-
superintelligence.gladstone.ai superintelligence.gladstone.ai
-
To this day, if you know the right people, the Silicon Valley gossip mill is a surprisingly reliable source of information if you want to anticipate the next beat in frontier AI – and that’s a problem. You can’t have your most critical national security technology built in labs that are almost certainly CCP-penetrated
for - high security risk - US AI labs
-
- Jun 2024
-
-
this company's got not good for safety
for - AI - security - Open AI - examples of poor security - high risk for humanity
AI - security - Open AI - examples of poor security - high risk for humanity - ex-employees report very inadequate security protocols - employees have had screenshots capture while at cafes outside of Open AI offices - People like Jimmy Apple report future releases on twitter before Open AI does
-
this is a serious problem because all they need to do is automate AI research 00:41:53 build super intelligence and any lead that the US had would vanish the power dynamics would shift immediately
for - AI - security risk - once automated AI research is known, bad actors can easily build superintelligence
AI - security risk - once automated AI research is known, bad actors can easily build superintelligence - Any lead that the US had would immediately vanish.
-
the model Waits are just a large files of numbers on a server and these can be easily stolen all it takes is an adversary to match your trillions 00:41:14 of dollars and your smartest minds of Decades of work just to steal this file
for - AI - security risk - model weight files - are a key leverage point
AI - security risk - model weight files - are a key leverage point for bad actors - These files are critical national security data that represent huge amounts of investment in time and research and they are just a file so can be easily stolen.
-
our failure today will be irreversible soon in the next 12 to 24 months we will leak key AGI breakthroughs to the CCP it will 00:38:56 be to the National security establishment the greatest regret before the decade is out
for - AI - security risk - next 1 to 2 years is vulnerable time to keep AI secrets out of hands of authoritarian regimes
-
here are so many loopholes in our current top AI Labs that we could literally have people who are infiltrating these companies and there's no way to even know what's going on because we don't have any true security 00:37:41 protocols and the problem is is that it's not being treated as seriously as it is
for - key insight - low security at top AI labs - high risk of information theft ending up in wrong hands
Tags
- AI - security - Open AI - poor security - high risk for humanity
- AI - security risk - once automated AI research is known, bad actors can easily build superintelligence
- key insight - low security at top AI labs - high risk of information theft ending up in wrong hands
- AI - security risk - next 1 to 2 years is vulnerable time to keep AI secrets out of hands of authoritarian regimes
- AI - security risk - model weight files - are a key leverage point for bad actors
Annotators
URL
-
- Jul 2023
-
www.theguardian.com www.theguardian.com
-
Hitzewellen bedrohen durch ihre zunehmende Zahl und Intensität das globale Ernährungssystem. Der Guardian hat Experten zu den Folgen von Hitzewellen am Land und in den Ozeanen für die Ernährungssicherheit befragt. Hitzewellen haben dramatische Auswirkungen etwa auf die Erträge von Nutzpflanzen und auf Lebensbedingungen von Fischen. Die Folgen sind im Detail oft nur unzureichend erforscht. https://www.theguardian.com/environment/2023/jul/21/rampant-heatwaves-threaten-food-security-of-entire-planet-scientists-warn
-
- Aug 2022
-
twitter.com twitter.com
-
ReconfigBehSci. (2021, December 8). RT @kallmemeg: NEW: @UKHSA Mini Omicron Update Omicron VOC-21NOV-01 (B.1.1.529) update on cases, S gene target failure and risk assessment… [Tweet]. @SciBeh. https://twitter.com/SciBeh/status/1468673329494216726
-
- Oct 2021
-
www.bmj.com www.bmj.com
-
Mahase, E. (2021). Covid-19: Vaccine advisory committee must be more transparent about decisions, say researchers. BMJ, n2452. https://doi.org/10.1136/bmj.n2452
-
- Oct 2020
-
twitter.com twitter.com
-
David Rothschild on Twitter. (n.d.). Twitter. Retrieved October 17, 2020, from https://twitter.com/DavMicRot/status/1316429651988877312
-
- Aug 2020
-
www.nber.org www.nber.org
-
Vu, Jonathan T, Benjamin K Kaplan, Shomesh Chaudhuri, Monique K Mansoura, and Andrew W Lo. ‘Financing Vaccines for Global Health Security’. Working Paper. Working Paper Series. National Bureau of Economic Research, May 2020. https://doi.org/10.3386/w27212.
-
- May 2020
-
edtechmagazine.com edtechmagazine.com
-
Castelo, M. (2020 April 15). 4 Cyberhygiene Practices for Secure Remote Learning. EdTech. edtechmagazine.com/k12/article/2020/04/4-cyberhygiene-practices-secure-remote-learning
-
-
www.thelancet.com www.thelancet.com
-
Horton, R. (2020). Offline: Independent science advice for COVID-19—at last. The Lancet, 395(10235), 1472. https://doi.org/10.1016/S0140-6736(20)31098-9
-
- Apr 2020
-
www.centerforhealthsecurity.org www.centerforhealthsecurity.org
-
Rivers, C., Martin, E., Gottlieb, S., Watson, C., Schoch-Spana, M., Mullen, L., Sell, T.K., Warmbrod, K.L., Hosangadi, D., Kobokovich, A., Potter, C., Cicero, A., Inglesby, T. (2020 April 17). Public health principles for a phased reopening during COVID-19: Guidance for governors. Johns Hopkins. https://www.centerforhealthsecurity.org/our-work/publications/public-health-principles-for-a-phased-reopening-during-covid-19-guidance-for-governors
-
- Jul 2019
-
www.coursera.org www.coursera.org
-
Fellow student, since you are reading this, you installed Hypothes.is as the instructor's recommended. However, the extension by default has permissions to read all data on all websites you visit. Technically that means email, banking sites, etc. I for one don't want to give random software that authority. The developer did provide a easy way to limit that, and I'll assume he programmed it to work as promised. If you right click on the "h." extension icon, you can change "This can read and write all site data" to only Coursera - which means you can use the extension for the class, but it shouldn't be reading your emails or bank passwords.
For the course writers and INSEAD - while Hypothesis looks solid and its nice that its non-profit, encouraging all students to install unrestricted extensions which can read all pages and data is a big responsibility, it could easily go wrong. Have you considered how this could be used as malware with the extensive permissions the extension is granted by default?
-