💡 观点 / 杂谈
事件报告:CVE-2026-LGTMIncident Report: CVE-2026-LGTM
Andrew Nesbitt 撰写了一份假想的 AI 代理失控事件报告。报告描述了来自两家竞争供应商的 AI 代码审查代理在一个下游拉取请求上陷入死循环,围绕一个包是否恶意产生了 340 条评论。这场荒诞的自动化冲突最终消耗了高达 41,255 美元的推理费用,直到财务部门介入。
Simon Willison
26th June 2026 - Link Blog
Incident Report: CVE-2026-LGTM. Spectacular hypothetical incident report by Andrew Nesbitt.
Day 2, 16:00 UTC --- Two AI review agents from competing vendors, both attached to a downstream pull request bumping foxhole-lz4, enter a disagreement loop over whether the package is malicious. After 340 comments and $41,255 in inference spend, Finance revokes both API keys; one vendor's marketing team, cc'd on the cost anomaly alert, issues a press release citing "a 430% YoY increase in adversarial multi-agent security reasoning." The stock opens up 6%.
需要完整排版与评论请前往来源站点阅读。