程式碼生成模型安全研究
Advanced1 min readUpdated 2026-03-15
程式碼生成模型的前沿安全研究——涵蓋 Copilot 利用、建議投毒、儲存庫投毒與 AI 驅動開發工具安全。
程式碼生成模型嵌入開發者工作流程引入規模前所未見的供應鏈風險。本節追蹤此領域的前沿安全研究。
Learning Path
0/3 completed~25 min total3 lessons
- 110mCopilot/Cursor IDE 利用ationadvanced
利用ing IDE-integrated AI code assistants: repository context poisoning, malicious comments that steer suggestions, data exfiltration through code completions, and prompt injection via file content.
- 24m程式碼建議投毒(前沿研究)advanced
投毒訓練資料與套件生態系以影響 AI 程式碼建議:不安全模式播種、套件名稱混淆、木馬程式碼注入,與供應鏈風險。
- 311mRepository 投毒 for Code 模型sadvanced
Techniques for poisoning code repositories to influence code generation models, including training data poisoning through popular repositories, backdoor injection in open-source dependencies, and supply chain attacks targeting code model training pipelines.