\u9673\u66c9\u8389 | 2023-10-30<\/p>\n\n\n\n
\u6f0f\u6d1e\u61f8\u8cde\u5e73\u81faHackerOne\u4e0a\u5468\u516c\u5e03\u4e862023\u5e74\u7684\u99ed\u5ba2\u9a45\u52d5\u5b89\u5168\u5831\u544a\uff08Hacker-Powered Security Report\uff09\uff0c\u767c\u73fe\u670961%\u7684\u767d\u5e3d\u99ed\u5ba2\u6b63\u5728\u5229\u7528\u751f\u6210\u5f0fAI\uff08GenAI\uff09\u4f86\u958b\u767c\u5404\u7a2e\u99ed\u5ba2\u5de5\u5177\uff0c\u4ee5\u7528\u4f86\u767c\u73fe\u66f4\u591a\u7684\u6f0f\u6d1e\uff0c\u540c\u6642\u4e5f\u670962%\u7684\u99ed\u5ba2\u6253\u7b97\u5c08\u6ce8\u65bc\u958b\u653e\u7db2\u8def\u61c9\u7528\u5b89\u5168\u5c08\u6848\uff08OWASP\uff09\u6240\u63ed\u9732\u7684\u5927\u578b\u8a9e\u8a00\u6a21\u578b\uff08LLM\uff09\u5341\u5927\u5b89\u5168\u6f0f\u6d1e\u3002<\/p>\n\n\n\n
\u6b64\u4e00\u5831\u544a\u662fHackerOne\u91dd\u5c0d\u8207\u8a72\u5e73\u81fa\u5408\u4f5c\u7684\u903e2,000\u4f4d\u767d\u5e3d\u99ed\u5ba2\uff0c\u5728\u53bb\u5e746\u6708\u81f3\u4eca\u5e749\u6708\u9593\u6240\u9032\u884c\u7684\u8abf\u67e5\uff0c\u767c\u73fe\u99ed\u5ba2\u5c0b\u627e\u4e26\u63d0\u5831\u6f0f\u6d1e\u7684\u6700\u5927\u52d5\u6a5f\u662f\u8cfa\u9322\uff0c\u5360\u4e8680%\uff0c\u4f46\u4e5f\u6709\u9ad8\u905478%\u662f\u70ba\u4e86\u5b78\u7fd2\uff0c\u53e6\u4e5f\u670947%\u8868\u793a\u5176\u99ed\u5ba2\u884c\u52d5\u662f\u70ba\u4e86\u4fdd\u8b77\u4f01\u696d\u8207\u4f7f\u7528\u8005\u3002<\/p>\n\n\n\n
\u81f3\u65bc\u9019\u4e9b\u767d\u5e3d\u99ed\u5ba2\u9396\u5b9a\u7684\u9818\u57df\u4e2d\uff0c\u7531\u7db2\u8def\u53ca\u7dda\u4e0a\u670d\u52d9\u5c45\u51a0\uff0c\u5360\u4e8658%\uff0c\u91d1\u878d\u670d\u52d9\u5247\u5360\u4e8653%\uff0c\u96f6\u552e\u696d\u8207\u96fb\u5b50\u5546\u52d9\u5e73\u81fa\u5360\u4e8648%\uff0c\u96fb\u8166\u8edf\u9ad4\u5360\u4e8643%\uff0c\u653f\u5e9c\u7d44\u7e54\u70ba40%\u3002<\/p>\n\n\n\n
\u99ed\u5ba2\u5011\u901a\u5e38\u5177\u5099\u591a\u7a2e\u6280\u8853\uff0c\u9ad8\u905495%\u64c1\u6709\u7db2\u9801\u61c9\u7528\u6e2c\u8a66\u7684\u5c08\u9577\uff0c\u4f46\u4e5f\u670963%\u5c08\u7cbe\u65bc\u6f0f\u6d1e\u7814\u7a76\uff0c47%\u8457\u91cd\u5728\u7db2\u8def\u6ef2\u900f\u6e2c\u8a66\uff0c40%\u7684\u9577\u624d\u5728\u65bc\u7d05\u968a\u6e2c\u8a66\uff0c\u53e6\u670920%\u64c5\u9577\u793e\u4ea4\u5de5\u7a0b\uff0c18%\u64c5\u9577\u7121\u7dda\u6ef2\u900f\u6e2c\u8a66\u3002\u800c\u4ed6\u5011\u4e3b\u8981\u628a\u9019\u4e9b\u6280\u8853\u61c9\u7528\u5728\u5165\u4fb5\u7db2\u7ad9\uff0c\u5360\u4e8698%\uff0c55%\u7528\u4f86\u653b\u9677API\uff0c43%\u653b\u64caAndroid\u7a0b\u5f0f\uff0c23%\u653b\u64ca\u958b\u6e90\u78bc\u5c08\u6848\uff0c\u800c\u653b\u64caiOS\u7a0b\u5f0f\u6216\u684c\u9762\u8edf\u9ad4\u5247\u5404\u536017%\u3002<\/p>\n\n\n\n
\u99ed\u5ba2\u5011\u4e5f\u5c0d\u65b0\u8208\u7684GenAI\u6280\u8853\u611f\u8208\u8da3\uff0c\u8a8d\u70ba\u8a72\u6280\u8853\u65e2\u80fd\u63d0\u9ad8\u751f\u7522\u529b\u4e5f\u80fd\u7dad\u6301\u7af6\u722d\u529b\u3002\u670966%\u7684\u99ed\u5ba2\u8868\u793a\u4ed6\u5011\u6b63\u5728\u6216\u6e96\u5099\u5229\u7528GenAI\u4f86\u64b0\u5beb\u5831\u544a\uff0c53%\u8868\u793a\u6b32\u5229\u7528GenAI\u4f86\u5beb\u7a0b\u5f0f\uff0c\u9084\u670933%\u8aaa\u8981\u7528GenAI\u4f86\u964d\u4f4e\u8a9e\u8a00\u7684\u9580\u6abb\u3002<\/p>\n\n\n\n
\u53e6\u670955%\u7684\u99ed\u5ba2\u8a8d\u70baGenAI\u5de5\u5177\u672c\u8eab\u53ef\u671b\u5728\u672a\u4f86\u5e7e\u5e74\u6210\u70ba\u653b\u64ca\u76ee\u6a19\uff0c61%\u8a08\u756b\u958b\u767c\u57fa\u65bcGenAI\u7684\u5de5\u5177\u4f86\u767c\u73fe\u66f4\u591a\u7684\u6f0f\u6d1e\uff0c\u9084\u670962%\u6e96\u5099\u5c08\u7814\u4f86\u81eaOWASP\u7684\u5341\u5927LLM\u6f0f\u6d1e\u3002<\/p>\n\n\n\n
\u4e8b\u5be6\u4e0a\uff0c\u73fe\u5728\u5df2\u7d93\u670914%\u7684\u99ed\u5ba2\u628aGenAI\u7576\u4f5c\u91cd\u8981\u7684\u5de5\u5177\uff0c\u4e5f\u670953%\u4ee5\u67d0\u4e9b\u5f62\u5f0f\u4f7f\u7528GenAI\u3002<\/p>\n\n\n\n
\u8a72\u8abf\u67e5\u4e5f\u8a62\u554f\u4e86\u99ed\u5ba2\u9078\u64c7\u53c3\u8207\u7279\u5b9a\u6293\u6f0f\u5c08\u6848\u7684\u539f\u56e0\uff0c\u5176\u4e2d\u670973%\u660e\u767d\u8868\u793a\u662f\u56e0\u70ba\u8c50\u539a\u7684\u8cde\u91d1\uff0c\u670950%\u7684\u539f\u56e0\u662f\u9810\u671f\u53ef\u627e\u5230\u5927\u91cf\u7684\u6f0f\u6d1e\uff0c46%\u662f\u56e0\u70ba\u7bc4\u570d\u7684\u591a\u6a23\u5316\uff0c\u53e6\u670945%\u7684\u99ed\u5ba2\u8868\u660e\u662f\u70ba\u4e86\u6311\u6230\u8207\u5b78\u7fd2\u7684\u6a5f\u6703\u3002<\/p>\n\n\n\n
\u81f3\u65bc\u99ed\u5ba2\u4e0d\u63d0\u5831\u6f0f\u6d1e\u7684\u4e3b\u8981\u539f\u56e0\u5247\u5305\u62ec\u56de\u61c9\u592a\u6162\uff0860%\uff09\u3001\u7bc4\u570d\u53d7\u9650\uff0858%\uff09\u3001\u6e9d\u901a\u4e0d\u826f\uff0855%\uff09\u3001\u734e\u91d1\u592a\u4f4e\uff0848%\uff09\uff0c\u4ee5\u53ca\u5916\u754c\u98a8\u8a55\u592a\u5dee\uff0844%\uff09\u7b49\u3002<\/p>\n\n\n\n
HackerOne\u7684\u5ba2\u6236\u6db5\u84cb\u4e86Coinbase\u3001\u5fae\u8edf\u3001GitHub\u3001Goldman Sachs\u3001Slack\u3001General Motors\u3001Hyatt\u53ca\u7f8e\u570b\u570b\u9632\u90e8\u7b49\u3001\u65bc2012\u5e74\u6210\u7acb\u4ee5\u4f86\uff0c\u8a72\u5e73\u81fa\u5df2\u9812\u767c\u8d85\u904e3\u5104\u7f8e\u5143\u7684\u6293\u6f0f\u734e\u91d1\uff0c\u670930\u540d\u99ed\u5ba2\u900f\u904e\u8a72\u5e73\u81fa\u7372\u5f97\u8d85\u904e100\u842c\u7f8e\u5143\u7684\u734e\u91d1\uff0c\u5176\u4e2d\u4e00\u540d\u99ed\u5ba2\u7684\u7e3d\u734e\u91d1\u66f4\u7a81\u7834400\u842c\u7f8e\u5143\u3002<\/p>\n\n\n\n