OpenAI与Anthropic AI编程工具暴露安全隐患,开发者需警惕

近日,AI安全公司Tenzai发布了一项引人关注的研究,揭示了OpenAI和Anthropic等知名公司提供的AI编程工具在生成网站代码时存在的系统性安全漏洞。这些工具虽然在功能上表现出色,但在防范诸如跨站脚本攻击(XSS)和SQL注入等常见安全威胁时却显得乏力,可能导致敏感信息泄露或资金被非法转移。

研究揭示OpenAI与Anthropic AI编程工具生成的网站存在安全漏洞

1月14日消息,AI安全公司Tenzai发布研究报告,指出OpenAI和Anthropic等公司提供的AI编程工具在生成网站代码时存在系统性安全缺陷。研究发现,这些工具生成的网站在防御跨站脚本攻击(XSS)、SQL注入等常见漏洞方面存在不足,可能导致敏感信息泄露或资金被未经授权转移。

Why every AI agent is vulnerable to attack

AI agents are rapidly moving from experimental tools to trusted decision-makers inside the enterprise—but security has not ...
The Information

Anthropic and OpenAI’s Coding Tools Produce Websites with Security Flaws

Websites created through coding tools from OpenAI, Anthropic, Cursor, Replit and Devin have security flaws, new research ...
eWeek

Anthropic Just Turned Claude Code Into Cowork — and It’s Not Just for Coders

Anthropic’s Cowork turns Claude into a desktop AI agent that organizes files, creates documents, builds spreadsheets, and ...