AI Installed the Backdoor. Now What?
カートのアイテムが多すぎます
カートに追加できませんでした。
ウィッシュリストに追加できませんでした。
ほしい物リストの削除に失敗しました。
ポッドキャストのフォローに失敗しました
ポッドキャストのフォロー解除に失敗しました
AI Installed the Backdoor. Now What?
-
ナレーター:
-
著者:
概要
Imagine this. A developer opens their laptop. Gets a routine VS Code update notification. Clicks install. Goes back to work.
What they don't know is that an AI triage bot the kind built to make their team more efficient just read a manipulated GitHub Issue title, followed hidden instructions, stole three publishing tokens, and silently installed a rogue AI agent on their machine. One that survives reboots. One that takes remote commands. One that they never heard of, never evaluated, and never consented to.
This wasn't a nation-state. This wasn't a zero-day. This was one sentence in a GitHub Issue title and it compromised 4,000 developer machines in 8 hours.
We are living in a moment where AI is installing AI and our security tools were not built for this.
Special guest: Liran Baron, CPO of SaaS Alerts.
Article: https://www.cremit.io/blog/ai-supply-chain-attack-clinejection