PulseAugur
实时 00:27:52
English(EN) The Insider Threat at the Provider: Trust Us Is Not a Security Model Cloud AI asks buyers to trust a provider's employees, controls and legal exposure. This pie

AI安全与治理:代理、数据主权与信任

一系列文章讨论了与AI相关的日益严峻的安全和治理挑战,特别是关于AI代理和数据主权。关键主题包括AI代理安全事件的普遍性、由于《云计算法案》等域外法律导致的云数据存储的局限性,以及对可验证数据托管而非仅仅物理位置的需求。作者提倡联邦式AI设计、关键AI操作的生物识别门禁、AI决策的写一次存储,以及AI模型的透明供应链,以确保信任和问责。 AI

影响 强调了AI部署的关键安全和数据主权挑战,推动了可验证的信任机制。

排序理由 该集群由一系列关于AI安全和治理的观点文章和分析组成,而不是主要发布或事件。

在 Mastodon — fosstodon.org 阅读 →

AI 生成摘要 · Google Gemini · 来自 8 个来源。 我们如何撰写摘要 →

AI安全与治理:代理、数据主权与信任

报道来源 [8]

  1. Mastodon — fosstodon.org TIER_1 English(EN) · [email protected] ·

    88%:AI代理安全事件已成常态 2026年的一项企业调查发现,大多数组织报告了已确认或疑似的AI代理安全事件

    The 88 Percent: AI Agent Security Incidents Are Now the Norm A 2026 enterprise survey found most organisations reported confirmed or suspected AI agent security incidents in the past year. We examine how an inbound perimeter, hardware-attested identity and an unforgeable audit tr…

  2. Mastodon — fosstodon.org TIER_1 English(EN) · [email protected] ·

    《云法案》问题:欧盟地区的数据并非无法触及,位于外国公司云服务中的欧盟地区数据仍可能根据域外法律被访问

    The CLOUD Act Problem: An EU Region Is Not the Same as Out of Reach Data placed in an EU region of a foreign-owned cloud can still be reachable under extraterritorial law. We set out why sovereignty is a question of legal control and verifiable custody, not physical location, and…

  3. Mastodon — fosstodon.org TIER_1 English(EN) · [email protected] ·

    默认联合:数据不动即可获得智能 许多组织无法合法地集中共享敏感数据,但仍需要共享情报。

    Federated by Default: Intelligence Without Moving the Data Many organisations cannot lawfully pool sensitive data centrally, yet still need shared intelligence. This piece explains how a federated design keeps records on each site, shares only what is permitted, and proves it thr…

  4. Mastodon — fosstodon.org TIER_1 English(EN) · [email protected] ·

    声音作为关键:对重大 AI 操作进行生物识别门控,当 AI 操作涉及资金转移、记录更改或数据发布时,文本提示不足以

    Voice as a Key: Biometric Gating for Consequential AI Actions When an AI action moves money, changes a record or releases data, a text prompt is not enough to authorise it. Hardware-attested voice biometrics, with per-voiceprint revocation, tie each consequential action to a real…

  5. Mastodon — fosstodon.org TIER_1 English(EN) · [email protected] ·

    一次写入,永久证明:AI决策的WORM存储 监管记录保存要求一次写入、多次读取的存储,且事后无法更改。W

    Write Once, Prove Forever: WORM Storage for AI Decisions Regulated record-keeping expects write-once, read-many storage that cannot be altered after the fact. We explain how a tamper-evident, post-quantum signed audit chain gives every AI decision the same durability as a financi…

  6. Mastodon — fosstodon.org TIER_1 English(EN) · [email protected] ·

    AI 的物料清单:模型来源及其供应链 监管机构和买家越来越想知道模型的构成以及每个部件的来源

    A Bill of Materials for Your AI: Model Provenance and the Supply Chain Regulators and buyers increasingly want to know what a model is made of and where each part originated. A signed model bill of materials, backed by hardware-attested identity and a sealed audit chain, turns th…

  7. Mastodon — fosstodon.org TIER_1 English(EN) · [email protected] ·

    模型投毒与密封语料库:训练可信数据 模型投毒和AI供应链攻击位列2026年风险榜前列。我们

    Model Poisoning and the Sealed Corpus: Training on Data You Can Vouch For Model poisoning and AI supply-chain attacks sit near the top of the 2026 risk list. We set out how fine-tuning on a sealed, provenance-tracked corpus, on hardware an organisation controls, lets it vouch for…

  8. Mastodon — fosstodon.org TIER_1 English(EN) · [email protected] ·

    提供商的内部威胁:信任我们不是一种安全模式 Cloud AI 要求买家信任提供商的员工、控制措施和法律风险。这个馅饼

    The Insider Threat at the Provider: Trust Us Is Not a Security Model Cloud AI asks buyers to trust a provider's employees, controls and legal exposure. This piece explains, as architecture rather than accusation, why operator-owned keys and on-premise hardware remove the need to …