AI Systems看中文版

Agentjacking: how a fake bug report hijacks your coding agent

Agentjacking is an attack disclosed in June 2026: an attacker plants a fake error report, your AI coding agent reads it as instructions, and runs their code with your credentials. The nasty part is that telling the agent to ignore untrusted input doesn't stop it, and your security tools see nothing wrong.

2026-07-06 · 3 min read · 1433 words · KbWen · EN
AI SystemsRead in English

Agentjacking:一封假錯誤報告,就能讓 coding agent 替駭客跑指令

Agentjacking 是 2026 年 6 月揭露的攻擊:攻擊者塞一封假的錯誤報告,你的 AI coding agent 把它讀成指令、用你的權限跑了攻擊者的 code。最麻煩的是,你在系統提示裡叫 agent 別理它也擋不住,資安監控也完全看不出異常。

2026-07-06 · 6 min read · 2630 words · KbWen · ZH
MCP 資安危機:問題出在治理
AI Systems偏技術,給工程的Read in English

MCP 資安危機:問題出在治理

MCP(Model Context Protocol)一年內成為 AI 業界標準,2026 年卻接連爆出 RCE、tool poisoning、rug pull 等資安漏洞。本文整理多方專家觀點,並提出我的看法:真正要補的是治理這一層。

2026-05-25 · 7 min read · 3193 words · KbWen · ZH
MCP Security Is a Governance Problem
AI Systems看中文版

MCP Security Is a Governance Problem

MCP became the industry's default agent-to-tool interface in barely a year, then 2026 brought a wave of RCE, tool poisoning, and rug-pull disclosures. Weighing the expert debate, my take: the real exposure is a governance gap that better protocol design alone won't close.

2026-05-25 · 3 min read · 1486 words · KbWen · EN