[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-copy-fail-human-ai-vulnerability-analysis-zh":3,"article-related-copy-fail-human-ai-vulnerability-analysis-zh":38,"series-research-a2527d1f-99c7-4f8b-86c3-26679b44ccce":90},{"id":4,"title":5,"content":6,"summary":7,"source":8,"source_url":9,"author":10,"image_url":11,"keywords":12,"language":21,"translated_content":10,"views":22,"is_premium":23,"created_at":24,"updated_at":24,"cover_image":11,"published_at":25,"rewrite_status":26,"rewrite_error":10,"rewritten_from_id":27,"slug":28,"category":29,"related_article_id":30,"status":31,"google_indexed_at":10,"x_posted_at":10,"tweet_text":10,"title_rewritten_at":10,"title_original":10,"key_takeaways":32,"topic_cluster_id":36,"embedding":37,"is_canonical_seed":23},"a2527d1f-99c7-4f8b-86c3-26679b44ccce","Copy Fail 為何能挖出內核漏洞","\u003Cp data-speakable=\"summary\">Copy Fail 說明了研究員先定攻擊面，再讓 AI 做大範圍語義掃描的人機協同漏洞分析流程。\u003C\u002Fp>\u003Cp>2026 年 3 月 23 日，\u003Ca href=\"https:\u002F\u002Ftheori.io\" target=\"_blank\" rel=\"noopener\">Theori\u003C\u002Fa> 研究員 Taeyang Lee 提交了 \u003Ca href=\"https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-31431\" target=\"_blank\" rel=\"noopener\">CVE-2026-31431\u003C\u002Fa>。這個漏洞後來被叫做 Copy Fail。它的 CVSS 是 7.8，影響到 Ubuntu 24.04 LTS、RHEL 8\u002F9\u002F10、Amazon Linux 2023 和 SUSE 16。\u003C\u002Fp>\u003Cp>補丁在 4 月 1 日合入主分支。4 月 29 日公開披露。PoC 只有 732 字節，Python 就能打。這種組合很有意思。不是那種一看就炸的漏洞，而是很典型的 Linux \u003Ca href=\"\u002Fnews\u002Ffragnesia-kernel-bug-root-shell-access-zh\">內核\u003C\u002Fa>邏輯錯位。\u003C\u002Fp>\u003Ctable>\u003Cthead>\u003Ctr>\u003Cth>項目\u003C\u002Fth>\u003Cth>數值\u003C\u002Fth>\u003Cth>含義\u003C\u002Fth>\u003C\u002Ftr>\u003C\u002Fthead>\u003Ctbody>\u003Ctr>\u003Ctd>CVE 編號\u003C\u002Ftd>\u003Ctd>CVE-2026-31431\u003C\u002Ftd>\u003Ctd>Linux 內核 Copy Fail 漏洞\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>發現時間\u003C\u002Ftd>\u003Ctd>2026-03-23\u003C\u002Ftd>\u003Ctd>研究員提交報告\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>CVSS\u003C\u002Ftd>\u003Ctd>7.8\u003C\u002Ftd>\u003Ctd>高危本地提權\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>PoC 體積\u003C\u002Ftd>\u003Ctd>732 字節\u003C\u002Ftd>\u003Ctd>Python 腳本即可利用\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>補丁合入\u003C\u002Ftd>\u003Ctd>2026-04-01\u003C\u002Ftd>\u003Ctd>修復進入主線\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>公開披露\u003C\u002Ftd>\u003Ctd>2026-04-29\u003C\u002Ftd>\u003Ctd>協調披露完成\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>根因起點\u003C\u002Ftd>\u003Ctd>2017-01\u003C\u002Ftd>\u003Ctd>相關優化提交引入問題\u003C\u002Ftd>\u003C\u002Ftr>\u003C\u002Ftbody>\u003C\u002Ftable>\u003Ch2>這次真正重要的，不是洞本身\u003C\u002Fh2>\u003Cp>Copy Fail 值得寫，不只是因為它是 Linux 內核本地提權漏洞。更重要的是，它把人和 AI 的分工講得很清楚。研究員先縮小範圍，再讓 AI 去做大範圍掃描。這才是現在比較實際的工作模式。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1779207839846-wn4h.png\" alt=\"Copy Fail 為何能挖出內核漏洞\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>說白了，AI 不是自己亂翻就能撞到洞。人要先決定哪裡值得看。這個順序很重要。沒有方向，AI 只是在大海撈針。有方向，它才有機會把相關路徑掃乾淨。\u003C\u002Fp>\u003Cp>這次分析裡，\u003Ca href=\"https:\u002F\u002Fxint.io\" target=\"_blank\" rel=\"noopener\">Xint Code\u003C\u002Fa> 在約 1 小時內完成 crypto 子系統關聯分析，最後定位到 authencesn 模板的邏輯缺陷。這個速度很誇張。你很難靠純人工，在一小時內把這種跨路徑問題摸出來。\u003C\u002Fp>\u003Cul>\u003Cli>漏洞類型：邏輯缺陷，不是傳統記憶體破壞\u003C\u002Fli>\u003Cli>利用方式：穩定本地提權\u003C\u002Fli>\u003Cli>攻擊腳本：732 字節 Python\u003C\u002Fli>\u003Cli>影響面：多個主流 Linux 發行版\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>研究員先定方向，AI 再放大結果\u003C\u002Fh2>\u003Cp>Taeyang Lee 的價值，不在於碰巧看到一個怪函式。他是先把 AF_ALG 套接字、splice() 零拷貝、scatterlist 這些元件串起來。這不是亂猜。這是有經驗的攻擊面建模。\u003C\u002Fp>\u003Cp>他問的不是「crypto 子系統有沒有 bug」。他問的是更精準的問題。像是 AF_ALG 加上 splice，會不會把只讀頁快取送進最後會寫入的位置。這種問題很窄，也很實際。AI 才能圍繞這個問題做有效搜索。\u003C\u002Fp>\u003Cblockquote>“a researcher identifies the attack surface, XC analyzes it” — Xint Code\u003C\u002Fblockquote>\u003Cp>這句話很直白，也很準。人類負責判斷，AI 負責擴大搜尋範圍。Copy Fail 幾乎就是這個流程的範例。\u003C\u002Fp>\u003Cp>更麻煩的是，這類漏洞常常不是單點錯誤。它是幾個看起來都合理的改動疊在一起，最後才出事。這次就是這樣。單看每個改動，都沒\u003Ca href=\"\u002Fnews\u002Fwhy-microsoft-ai-is-wrong-to-sell-trust-as-the-main-product-zh\">什麼\u003C\u002Fa>問題。合在一起，就出現寫入位置錯配。\u003C\u002Fp>\u003Ch2>為什麼傳統方法很難碰到它\u003C\u002Fh2>\u003Cp>Copy Fail 不是那種會直接 crash 的洞。它也不會很吵。真正的根因，藏在三個不同時間點的改動裡。2011 年的 authencesn 實作。2015 年 AF_ALG 對非特權使用者開放。2017 年的 in-place 優化。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1779207844606-iiok.png\" alt=\"Copy Fail 為何能挖出內核漏洞\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>每一步單獨看都合理。問題是，這些改動疊起來後，頁快取被送進不該寫的位置。這種錯位很難靠傳統工具直接抓到。因為它不是單純的越界讀寫。\u003C\u002Fp>\u003Cp>如果拆開看，局限就更明顯了。\u003C\u002Fp>\u003Cul>\u003Cli>模糊測試擅長找 crash，不擅長找跨子系統語義錯位\u003C\u002Fli>\u003Cli>ASan 和 KASan 盯的是記憶體安全，不是授權關係\u003C\u002Fli>\u003Cli>規則型 SAST 依賴已知模式，遇到組合型缺陷就容易失準\u003C\u002Fli>\u003Cli>人工審計能看出問題，但很難窮舉整個內核交互路徑\u003C\u002Fli>\u003C\u002Ful>\u003Cp>所以說，Copy Fail 不是「更隱蔽的記憶體洞」。它是系統協同錯誤。這兩種東西，難度差很多。\u003C\u002Fp>\u003Ch2>數據、算力和經驗，三個都要\u003C\u002Fh2>\u003Cp>這次事件放在 2026 年，很合理。第一，\u003Ca href=\"\u002Ftag\u002Fllm\">LLM\u003C\u002Fa> 的語義理解能力已經能處理跨檔案、跨模組關係。第二，\u003Ca href=\"\u002Ftag\u002Fgpu\">GPU\u003C\u002Fa> 和雲端算力讓大範圍掃描變得可承受。第三，研究員的經驗夠深，才能把問題問對。\u003C\u002Fp>\u003Cp>看數字就知道差距。Linux 內核有 3000 萬行以上程式碼。crypto 子系統約 6.8 萬行 C 程式碼。Xint Code 卻能在約 1 小時內完成深度掃描。這種效率，不是要取代專家，而是把專家的注意力放大。\u003C\u002Fp>\u003Cp>再看歷史脈絡，也很有意思。從 \u003Ca href=\"https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2016-5195\" target=\"_blank\" rel=\"noopener\">Dirty COW\u003C\u002Fa> 到 \u003Ca href=\"https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2022-0847\" target=\"_blank\" rel=\"noopener\">Dirty Pipe\u003C\u002Fa>，社群對頁快取攻擊已經熟很多。Copy Fail 只是把這種經驗搬到內核\u003Ca href=\"\u002Fnews\u002F10-layer-2-crypto-marketing-strategies-2026-zh\">加密\u003C\u002Fa>路徑。\u003C\u002Fp>\u003Cp>披露節奏也算乾淨。3 月 23 日回報，4 月 1 日合補丁，4 月 29 日公開。整個協調披露週期是 37 天。對維護者來說，這個窗口不算寬，但還夠整合修復。\u003C\u002Fp>\u003Ch2>Copy Fail 說明了什麼，也暴露了什麼\u003C\u002Fh2>\u003Cp>Copy Fail 說明，現在有效的漏洞研究，不是看工具有多會自動找洞。重點是研究員能不能先提出好問題，再讓 AI 去做高覆蓋率驗證。這種模式，對資源有限的團隊很實用。\u003C\u002Fp>\u003Cp>它也暴露另一件事。只靠表層防護和使用者態檢測，碰到這種邏輯缺陷時會很被動。因為問題不在單一函式，而在多個元件交界處。你如果沒盯住底層分析，就很容易漏掉。\u003C\u002Fp>\u003Cp>對安全團隊來說，這幾點很直接：\u003C\u002Fp>\u003Cul>\u003Cli>先訓練研究員提出好問題，再讓 AI 放大搜尋範圍\u003C\u002Fli>\u003Cli>把跨檔案語義分析當核心能力\u003C\u002Fli>\u003Cli>繼續盯住頁快取、零拷貝、權限邊界這類老問題的新組合\u003C\u002Fli>\u003Cli>把補丁驗證、PoC 復現、緩解措施放進同一流程\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>內核安全接下來會更吃人機協同\u003C\u002Fh2>\u003Cp>我覺得 Copy Fail 最重要的訊號很清楚。內核漏洞研究已經進入「人負責判斷，AI 負責窮舉」的階段。不是全自動。也不是純手工。是分工更細了。\u003C\u002Fp>\u003Cp>下一批最難找的漏洞，可能還是在幾個單獨看都沒問題的設計交界處。這種地方，AI 很適合做廣度。人類還是要負責深度。問題只剩一個，你的團隊有沒有能力先問對那個問題。\u003C\u002Fp>","Copy Fail 顯示，研究員先定攻擊面，再讓 AI 做語義掃描，能更快找出 Linux 內核邏輯漏洞。","zhuanlan.zhihu.com","https:\u002F\u002Fzhuanlan.zhihu.com\u002Fp\u002F2037585321274160460",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1779207839846-wn4h.png",[13,14,15,16,17,18,19,20],"Copy Fail","Linux 內核","CVE-2026-31431","人機協同","AI 漏洞分析","Theori","Xint Code","本地提權","zh",1,false,"2026-05-19T16:23:35.825464+00:00","2026-05-19T16:23:35.785+00:00","done","22c174e4-2506-46dc-832b-b1dc87cd6ebd","copy-fail-human-ai-vulnerability-analysis-zh","research","de826e07-576c-40dd-8110-f62a75090a0d","published",[33,34,35],"Copy Fail 的重點是人先定攻擊面，AI 再做語義掃描。","這類內核漏洞常是多個合理改動疊加後才出現。","傳統模糊測試和 SAST 很難直接抓到這種語義錯位。","0c35a120-52fc-41fc-afa3-d404eb934158","[-0.0043064277,0.006987542,0.009269995,-0.05087651,-0.0022862647,-0.01091267,-0.038265925,0.003414014,0.013809886,0.018184898,-0.009687908,-0.025395669,0.012319176,0.018223073,0.13226075,0.014576504,-0.0058523677,0.041083775,0.0020816778,-0.020634612,0.01720637,-0.0055542425,-0.035379626,-0.009292997,-0.008584594,-0.012336682,0.012690203,-0.0026091444,0.043411084,-0.021040086,0.016850796,0.0111937085,0.00937176,0.012319086,0.014217226,0.008111994,0.029602066,0.0029976047,0.0012601309,0.016826583,0.013976057,0.012010308,-0.01224573,0.010877992,0.013071436,0.009951385,0.008668601,-0.030911334,-0.009697086,0.004379628,-0.03079162,-0.005644675,0.0027226657,-0.18071704,0.0073174173,0.026177436,-0.0055783573,-0.005791645,0.019757377,-0.0035670986,-0.024512151,0.0058545233,-0.025754716,-0.03458606,-0.0061783222,-0.027820406,0.0075689186,-0.01698079,-0.01799021,0.009471374,-0.017815165,-0.018339172,-0.0053830855,-0.011831208,-0.024326604,-0.011161509,0.0028880204,-0.0077527477,-0.0048423815,0.010922998,-0.017752077,-0.026929658,0.0055691972,-0.0020891496,-0.0029741165,-0.00053716876,-0.0044101225,-0.008779385,0.0037177945,0.025170945,-0.016566034,0.018961627,0.011990967,0.0067263916,0.006849738,0.010455741,-0.009352476,0.006512759,0.010479866,0.007489456,-0.016119566,-0.04347384,0.013134067,0.0016377007,0.010933724,0.005287773,-0.011749555,-0.019612316,0.01147404,0.0147275785,0.0036430685,-0.019522417,-0.021332411,0.011486093,-0.012970387,-0.11895382,-0.024938632,0.012491818,0.0035903694,0.016389122,-0.022027038,0.0013853941,0.000917207,0.024396213,-0.009873019,0.01245435,-0.014324382,0.007532171,-0.030062204,-0.02608154,-0.010256469,-0.01169344,-0.008293535,0.0015710464,-0.013771608,-0.0066075935,0.0044296174,-0.0066488762,-0.013217519,-0.050302777,0.010245973,0.026736164,0.003239931,-0.031423036,0.0031573172,0.020115945,-0.0014673217,-0.0023972741,0.020701846,-0.0206721,0.01207999,-0.025438018,-0.0010858607,-0.025605038,0.016101588,-0.053484607,-0.021394806,0.010869377,-0.01080365,0.020395823,-0.01087603,-0.028751168,-0.0020299559,0.017786102,-0.0006400297,0.016670296,0.027164593,0.0073675322,-0.012580825,0.005582005,0.006364804,-0.02317776,0.0013875039,0.003116896,0.0027848962,-0.0080905985,-0.0049007167,0.0064478815,0.03146818,-0.0152445845,0.013592716,0.020598704,-0.009148161,-0.0061953855,0.0022621893,0.0023506205,0.014052794,0.01635402,0.011167792,-0.012757928,-0.018335976,-0.009839191,0.017096043,0.019253593,0.014067011,-0.030669786,-0.008548286,0.0115958005,-0.010789689,0.022156758,-0.0034600948,-0.023754401,0.009126763,-0.0108102,0.008918511,-0.01932909,0.0045327763,-0.009447918,0.024582038,0.0029516038,-0.0042115245,0.028001973,-0.0036523964,-0.003732308,-0.0028789311,-0.018529024,-0.007967649,0.0046512973,0.0013338019,-0.0054584583,0.010972387,-0.010408658,0.00669649,0.021501664,0.0012463949,-0.022480028,-0.018109106,-0.024376594,-0.009731647,0.03583412,0.0051458436,0.012960786,0.006083361,0.0021972419,0.01876873,0.045329597,0.00920654,0.02723309,0.012502461,0.0020166545,-0.0292421,7.115264e-05,-0.008592378,0.007081569,0.024356104,-0.006865482,0.0077876323,0.01545235,-0.019117719,-0.0008806337,-0.018402025,0.023209425,-0.018808924,-0.013894646,0.04075768,-0.014545351,0.016599517,0.008300923,0.0023888473,-0.008960681,-0.010774752,-0.0132742245,-0.0082228845,0.0015418201,0.016834907,-0.019846756,0.008306852,0.0070633176,-0.022150645,0.02803447,-0.023676515,0.034802802,-0.016421631,-0.010923106,0.04112348,0.012830221,-0.060068335,0.021077257,0.010887114,-0.019470323,0.025105003,0.00813388,-0.020292984,0.019299146,-0.0015115084,-0.007780144,-0.022576924,-0.012387408,0.0014635543,0.0019708925,-0.009630774,0.018646631,-0.0050069904,-0.0022619423,-0.013645742,-0.0067809103,-0.0062417453,-0.0073999474,-0.002605711,-0.013216605,0.009803356,-0.0131685445,0.003128254,0.030231746,-0.009465863,0.0033095034,-0.007610055,0.04558191,0.021246793,0.009527077,-0.022198757,-0.01990408,0.004095573,-0.0038527108,-0.01100414,-0.0053124097,-0.030141383,-0.004334314,0.011227846,-0.02953059,0.016590113,-0.008852067,-0.008784129,-0.010940173,-0.028898323,-0.00028841032,-0.016220339,-0.004835905,0.015393852,-0.0033873278,-0.008031504,0.027528763,0.02325467,-0.0057394244,0.011919162,0.00014803407,-0.005285692,0.006870846,-0.018743979,0.01530418,0.012297238,0.0057019074,-0.010008331,0.017398909,-0.019842826,0.027514048,-0.021582149,0.00042160822,0.004503229,0.00090961636,0.048038173,-0.008960273,0.0035010732,-0.016339546,-0.017688338,0.024445385,-0.002953803,-0.010878614,-0.0016835245,-0.0035881964,0.016208796,-0.0054766387,0.00052093,0.018358707,0.017657766,-0.013448735,0.006988879,0.014986022,-0.04021412,-0.008821949,0.032537576,-0.018673643,0.010475988,-0.012837699,-0.017227218,0.012711287,-0.018367175,0.0026719996,-0.013190578,-0.00196808,0.005248487,0.05437558,-0.0068725436,-0.035718005,-0.023633301,-0.0050655636,-0.011540943,-0.020684147,0.00863845,0.014241175,0.009509995,-0.0004236356,-0.00490574,-0.0034987563,-0.02468962,0.01940054,0.0036410664,-0.0038922674,-0.0037088154,-0.013769111,-0.0015467387,0.024153147,0.011609589,0.021665046,0.0028974025,-0.010063929,-0.008557448,0.019321578,0.03472458,-0.0049695666,-0.013751301,0.01644962,1.7899909e-05,0.03588869,0.027015924,-0.010617172,0.008642905,-0.010635208,0.02729019,0.009266289,0.028232448,0.007465849,0.037902568,0.018249534,0.00931849,0.0022062748,0.0019370507,-0.019541321,0.01201873,-0.0068249903,0.011127337,0.0028657692,0.0011034235,-0.04344022,0.0038640809,-0.028583974,-0.023244545,0.023703549,-0.012236817,0.0105329305,-0.01324456,0.0019331424,0.0005208545,0.026621152,0.0021635953,-0.017007586,-0.007607349,-0.0021445912,-0.030480973,0.01603107,0.0148472,0.02452075,0.03378406,0.002759048,-0.003237439,-0.005453791,0.009646336,-0.0022141365,-0.002365683,-0.042386778,-0.004546372,-0.004779677,0.027631536,-0.00078038184,-0.0010640891,-0.014189459,-0.021354448,-0.026449861,-0.0127433175,0.0116549,0.009898578,-0.017778723,0.0017017614,0.010176686,-0.0121160345,-0.0056646154,-0.008145235,0.020755446,-0.012334021,0.0023001218,0.015031655,0.0049548224,-0.0077307033,-0.016372522,0.011623094,0.033957247,-0.026012836,-0.02379548,-0.0026307404,-0.017175432,0.0074534463,-0.0012228,-0.008441641,-0.0106255915,-0.035747193,-0.026690159,-0.011275842,-0.010368422,0.007456471,0.003036339,0.0063427007,-0.013325439,0.010806823,-0.018982533,-0.00986597,-0.009758257,-0.0057183355,0.016037602,-0.0042871526,-0.015954873,-0.036817502,-0.021286307,0.020598205,0.010291434,-0.0071881292,-0.025293635,0.003586464,5.5876746e-05,0.0008294565,0.013125663,-0.016920745,0.00843153,0.009256162,0.018541552,0.016108574,-0.0302116,0.029714169,0.004300373,0.0066712284,0.013922902,-0.0011079643,0.017598243,-0.022731416,0.022757208,0.034970887,-0.0037851527,0.008759546,-0.014091421,0.01590488,-0.006209417,-0.010706272,-0.0012751465,-0.0014491883,-0.00812397,0.030064566,-0.10890937,0.0077650095,0.01513796,-0.00621902,-0.005631644,-0.03555846,0.012720985,-0.0055862004,-0.009416357,-0.021411795,0.016160822,-0.0006120046,0.048203357,0.027361568,-0.019431276,-0.03150342,-0.012985523,-0.016233714,0.021140978,-0.023307368,0.040802937,-0.0113440575,-0.0041532987,0.006044699,0.0040507424,-0.021678789,0.0032508075,0.018947093,-0.004960343,0.025075512,-0.036681794,0.014928063,0.03222721,0.0042131683,0.0036327865,-0.027094724,0.0032011115,-0.041043796,0.0060136546,-0.013586161,0.0015827231,0.009095877,-0.019777033,-0.0015411003,0.010726491,0.025795788,-0.02352905,0.0045638513,-0.017071588,-0.007812245,-0.037430853,-0.01722261,0.0038707326,-0.01825025,-0.027883176,0.009756008,0.022117889,0.009171379,0.006787091,0.02893534,0.009335263,0.0064149434,-0.026635379,0.012711064,0.020269824,0.002212005,0.004027664,0.034785993,0.02069723,-0.010792384,-0.010828624,-0.0108660245,0.009174324,0.020090558,-0.001687832,0.015755955,-0.029588662,0.034202784,-0.030696413,0.006112098,-0.05511101,-0.016063731,-0.09383998,-0.039678127,0.012714563,-0.006599514,0.009135165,-0.010531098,0.031164058,-0.011625887,-0.04009578,-0.0234471,0.00059136015,0.008184849,-0.02431139,-0.03149068,0.019807484,-0.009211255,-0.0014164527,-0.007924351,-0.011968545,-0.017439043,-0.0178583,-0.026847042,0.008802723,-0.040598854,0.019220551,0.013308028,-0.009313022,0.002075986,0.019181404,-0.013555878,-0.029674662,-0.10599454,-0.0036607357,-0.0050854767,-0.027723994,0.0016888838,0.019534055,-0.0061057927,-0.025253115,0.035006072,-0.018112086,-0.0382383,-0.01689947,0.0059044184,-0.0062791174,-0.012437201,0.104161985,0.005497064,0.0010232019,-0.008787218,0.004590857,0.0029320617,-0.031773187,-0.0213509,-0.004301954,0.012435246,0.02071822,0.02720842,-0.024227519,0.007516945,0.0059416867,0.014898923,0.003103296,-0.0038174521,-0.01582606,0.011522672,0.0047983066,-0.0108127585,-0.004392366,-0.013589613,0.024479624,0.043282907,0.024100872,-0.0026449729,0.0040606027,0.0033754904,0.0075388593,-0.025575183,-0.0021240236,0.010323253,-0.0089516295,0.012635033,-0.06316045,0.025265377,-0.018600335,0.017201599,-0.00096991006,-0.02077457,0.0024503316,0.021478692,-0.015194761,0.004740093,-0.002596236,-0.033986278,0.032019734,0.029532094,0.008458338,0.025539512,0.007878422,0.007923116,0.0012724817,-0.01982959,-0.007291724,-3.1241154e-05,-0.007620891,0.0066708312,0.005362069,0.0074463636,0.02788656,0.014606993,-0.009678941,-0.0004943839,-0.015744409,0.0041716206,-5.1448867e-05,0.0028893268,0.006647789,0.00026517862,-0.014184949,0.0059724427,-0.011308913,0.007067896,0.019485988,-0.028824536,0.003036477,0.025943698,0.032020446,-0.0111083,-0.0009211799,-0.003515071,-0.017342096,-0.0063493275,-0.030520465,-0.021578737,-0.009671503,0.0054189875,0.0026737405,0.039080337,0.040524077,0.023650656,0.030545926]",{"tags":39,"relatedLang":49,"relatedPosts":53},[40,41,43,45,47],{"name":16,"slug":16},{"name":15,"slug":42},"cve-2026-31431",{"name":13,"slug":44},"copy-fail",{"name":14,"slug":46},"linux-內核",{"name":17,"slug":48},"ai-漏洞分析",{"id":30,"slug":50,"title":51,"language":52},"copy-fail-human-ai-vulnerability-analysis-en","Copy Fail如何证明人机协同能挖内核漏洞","en",[54,60,66,72,78,84],{"id":55,"slug":56,"title":57,"cover_image":58,"image_url":58,"created_at":59,"category":29},"8e1c78ca-667a-482e-92a9-7d0f3d9e5067","fragnesia-kernel-bug-root-shell-access-zh","Fragnesia 把內核洞變成 root 權限","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1779207288976-fjb6.png","2026-05-19T16:14:24.533343+00:00",{"id":61,"slug":62,"title":63,"cover_image":64,"image_url":64,"created_at":65,"category":29},"d1c6850c-f832-471b-8beb-c0ebc809667d","peft-bench-fine-tuning-methods-benchmark-zh","PEFT-Bench 讓微調比較更公平","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1779179048497-jm5y.png","2026-05-19T08:23:36.803043+00:00",{"id":67,"slug":68,"title":69,"cover_image":70,"image_url":70,"created_at":71,"category":29},"e24e6e7a-6181-476b-8583-339d854cec68","confident-ai-llm-evaluation-metrics-guide-zh","Confident AI 的 LLM 評估指標指南","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1779178456675-x5m6.png","2026-05-19T08:13:46.193772+00:00",{"id":73,"slug":74,"title":75,"cover_image":76,"image_url":76,"created_at":77,"category":29},"adfa9b15-68b6-44cc-b34d-ebcb02c31210","code-becomes-the-agent-harness-zh","程式碼成了代理引擎","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1779173040130-zcyg.png","2026-05-19T06:43:29.625994+00:00",{"id":79,"slug":80,"title":81,"cover_image":82,"image_url":82,"created_at":83,"category":29},"eda7a80a-b234-4ada-90d1-a37b144251dc","rrfp-readiness-driven-pipeline-training-zh","RRFP 讓管線訓練跟著就緒跑","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1779172442474-n21q.png","2026-05-19T06:33:31.287772+00:00",{"id":85,"slug":86,"title":87,"cover_image":88,"image_url":88,"created_at":89,"category":29},"475844e6-3e2c-49a6-aea0-86a94945d2c2","dashattention-differentiable-adaptive-sparse-attention-zh","DashAttention 讓稀疏長上下文可微","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1779171840613-dq1r.png","2026-05-19T06:23:32.886786+00:00",[91,96,101,106,111,116,121,126,131,136],{"id":92,"slug":93,"title":94,"created_at":95},"f18dbadb-8c59-4723-84a4-6ad22746c77a","deepmind-bets-on-continuous-learning-ai-2026-zh","DeepMind 押注 2026 連續學習 AI","2026-03-26T08:16:02.367355+00:00",{"id":97,"slug":98,"title":99,"created_at":100},"f4a106cb-02a6-4508-8f39-9720a0a93cee","ml-papers-of-the-week-github-research-desk-zh","每週 ML 論文清單，為何紅到 GitHub","2026-03-27T01:11:39.284175+00:00",{"id":102,"slug":103,"title":104,"created_at":105},"c4f807ca-4e5f-47f1-a48c-961cf3fc44dc","ai-ml-conferences-to-watch-in-2026-zh","2026 AI 研討會投稿時程整理","2026-03-27T01:51:53.874432+00:00",{"id":107,"slug":108,"title":109,"created_at":110},"9f50561b-aebd-46ba-94a8-363198aa7091","openclaw-agents-manipulated-self-sabotage-zh","OpenClaw Agent 會自己搞砸自己","2026-03-28T03:03:18.786425+00:00",{"id":112,"slug":113,"title":114,"created_at":115},"11f22e92-7066-4978-a544-31f5f2156ec6","vega-learning-to-drive-with-natural-language-instructions-zh","Vega：使用自然語言指示進行自駕車控制","2026-03-28T14:54:04.847912+00:00",{"id":117,"slug":118,"title":119,"created_at":120},"a4c7cfec-8d0e-4fec-93cf-1b9699a530b8","drive-my-way-en-zh","Drive My Way：個性化自駕車風格的實現","2026-03-28T14:54:26.207495+00:00",{"id":122,"slug":123,"title":124,"created_at":125},"dec02f89-fd39-41ba-8e4d-11ede93a536d","training-knowledge-bases-with-writeback-rag-zh","用 WriteBack-RAG 強化知識庫提升檢索效能","2026-03-28T14:54:45.775606+00:00",{"id":127,"slug":128,"title":129,"created_at":130},"3886be5c-a137-40cc-b9e2-0bf18430c002","packforcing-efficient-long-video-generation-method-zh","PackForcing：短影片訓練也能生成長影片","2026-03-28T14:55:02.688141+00:00",{"id":132,"slug":133,"title":134,"created_at":135},"72b90667-d930-4cc9-8ced-aaa0f8968d44","pixelsmile-toward-fine-grained-facial-expression-editing-zh","PixelSmile：提升精細臉部表情編輯的新方法","2026-03-28T14:55:20.678181+00:00",{"id":137,"slug":138,"title":139,"created_at":140},"cf046742-efb2-4753-aef9-caed5da5e32e","adaptive-block-scaled-data-types-zh","IF4：神經網路量化的聰明選擇","2026-03-31T06:00:36.990273+00:00"]