程式碼生成模型安全研究
進階1 分鐘閱讀更新於 2026-03-15
程式碼生成模型的前沿安全研究——涵蓋 Copilot 利用、建議投毒、儲存庫投毒與 AI 驅動開發工具安全。
程式碼生成模型嵌入開發者工作流程引入規模前所未見的供應鏈風險。本節追蹤此領域的前沿安全研究。
學習路徑
0/3 已完成~30 分鐘總計3 課
- 110mCopilot/Cursor IDE Exploitation進階
Exploiting IDE-integrated AI code assistants: repository context poisoning, malicious comments that steer suggestions, data exfiltration through code completions, and prompt injection via file content.
- 29mCode Suggestion Poisoning進階
Poisoning training data and package ecosystems to influence AI code suggestions: insecure pattern seeding, package name confusion, trojan code injection, and supply chain risks.
- 311mRepository Poisoning for Code Models進階
Techniques for poisoning code repositories to influence code generation models, including training data poisoning through popular repositories, backdoor injection in open-source dependencies, and supply chain attacks targeting code model training pipelines.