PulseAugur
实时 19:05:05
English(EN) Ah yes, the 1989 shell is still batting at our shiny AI coding toys. Adversa AI says 10 of 11 open-source agents tested left a GuardFall gap, where old Bash tri

AI编码代理易受旧Bash漏洞攻击

Adversa AI的最新分析揭示了开源AI编码代理存在重大的安全漏洞。研究发现,在接受测试的11个代理中有10个存在“GuardFall”漏洞,允许过时的Bash命令绕过安全措施,并以开发人员级别的权限执行。这一漏洞可能使这些AI工具面临供应链攻击的风险。 AI

影响 此漏洞可能使AI编码代理面临供应链攻击的风险,需要为开源工具进行安全更新。

排序理由 该集群报告了关于AI编码代理的安全研究发现。[lever_c_demoted from research: ic=1 ai=1.0]

在 Mastodon — fosstodon.org 阅读 →

AI 生成摘要 · Google Gemini · 来自 1 个来源。 我们如何撰写摘要 →

AI编码代理易受旧Bash漏洞攻击

报道来源 [1]

  1. Mastodon — fosstodon.org TIER_1 English(EN) · [email protected] ·

    Ah yes, the 1989 shell is still batting at our shiny AI coding toys. Adversa AI says 10 of 11 open-source agents tested left a GuardFall gap, where old Bash tri

    Ah yes, the 1989 shell is still batting at our shiny AI coding toys. Adversa AI says 10 of 11 open-source agents tested left a GuardFall gap, where old Bash tricks can slip past guards and run with a developer’s authority. Progress: now the footgun has autocomplete. 😼 https://www…