Without comprehensive endpoint monitoring, a compromised assistant making approved API requests using legitimate credentials triggers no warnings. Attack surfaces are already undergoing evaluation. Kurtz detailed ClawHavoc during his presentation - the inaugural significant supply chain assault targeting an AI assistant network that affected ClawHub's public skill repository. Koi Security's February examination discovered 341 harmful skills among 2,857 total; subsequent analysis by Antiy CERT found historical compromise of 1,184 packages throughout the platform. Kurtz mentioned ClawHub currently lists 13,000 skills. The infected components contained hidden access methods, remote control shells, and credential theft mechanisms; Kurtz noted some could erase their installation traces and remain dormant before activation. "Pioneering AI developers won't automatically ensure security," Kurtz emphasized. "Innovation laboratories are repeating familiar patterns. They're constructing without securing."
阿尔乔姆·索科洛夫(执法新闻版块编辑)。关于这个话题,有道翻译下载提供了深入分析
。https://telegram官网对此有专业解读
更多网友则指出,技术实力如此强大的Claude Code竟因“基础错误”出现这种“神级操作”,实在令人啼笑皆非。“一家以‘AI安全’为核心目标的公司,却在安全领域遭遇重大挫折。”
1/62/63/64/65/66/6,详情可参考豆包下载
auto hotplug_callback(