[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-how-to-secure-ai-assistants-end-to-end-zh":3,"article-related-how-to-secure-ai-assistants-end-to-end-zh":31,"series-ai-agent-da563ad3-5725-4184-be52-62ba913b0a42":83},{"id":4,"slug":5,"title":6,"content":7,"summary":8,"source":9,"source_url":10,"author":11,"image_url":12,"cover_image":12,"category":13,"language":14,"translated_content":11,"related_article_id":15,"keywords":16,"key_takeaways":23,"views":27,"created_at":28,"published_at":29,"topic_cluster_id":30},"da563ad3-5725-4184-be52-62ba913b0a42","how-to-secure-ai-assistants-end-to-end-zh","怎麼做 AI 助理端到端安全","\u003Cp data-speakable=\"summary\">這篇教你替 AI 助理建立最小權限、資料隔離、加密、稽核與高風險審批，做出可落地的安全基線。\u003C\u002Fp>\u003Cp>這篇給會把 AI 助理接到檔案、\u003Ca href=\"\u002Fnews\u002Fbest-prompt-engineering-tools-2026-zh\">工具\u003C\u002Fa>、內部系統的開發者、平台工程師與資安團隊看。照著做完，你會得到一套可直接上線的安全基線：獨立身分、受限資料路徑、加密傳輸與儲存、可追查的操作紀錄，以及高風險動作的人工把關。\u003C\u002Fp>\u003Cp>本文也對應近期對 AI 助理資料層風險的討論，重點不是把模型當成失控主體，而是先把權限、資料與審計做好，避免它在正常操作下造成事故。參考文件可先看 \u003Ca href=\"https:\u002F\u002Fplatform.openai.com\u002Fdocs\">OpenAI docs\u003C\u002Fa> 與 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fopenai\u002Fopenai-agents-python\">OpenAI Agents SDK\u003C\u002Fa>。\u003C\u002Fp>\u003Ch2>開始之前\u003C\u002Fh2>\u003Cul>\u003Cli>Node 20+ 或 Python 3.11+。\u003C\u002Fli>\u003Cli>AI 供應商帳號與 API key。\u003C\u002Fli>\u003Cli>Secrets Manager，例如 AWS Secrets Manager、HashiCorp Vault 或 GCP Secret Manager。\u003C\u002Fli>\u003Cli>已啟用靜態加密的資料庫或物件儲存。\u003C\u002Fli>\u003Cli>集中式日誌系統，例如 Datadog、Splunk、OpenTelemetry 或 CloudWatch。\u003C\u002Fli>\u003Cli>可建立 service account、role 與 policy 的 IAM 或 RBAC 權限。\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>Step 1: 建立助理專用服務帳號\u003C\u002Fh2>\u003Cp>目的：把 AI 助理從人員帳號切開，讓它只用一個可控身分執行動作。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1779983288832-w64u.png\" alt=\"怎麼做 AI 助理端到端安全\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>先建立專用 service account 或 role，再把可讀、可寫、可呼叫的資源逐一列出，只保留任務必需項目。若助理只需查知識庫，就不要順手給它刪除資料、匯出全量資料或改 IAM 的權限。\u003C\u002Fp>\u003Cpre>\u003Ccode>{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\"s3:GetObject\", \"s3:ListBucket\"],\n      \"Resource\": [\"arn:aws:s3:::support-kb\u002F*\"]\n    },\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\"dynamodb:Query\"],\n      \"Resource\": [\"arn:aws:dynamodb:us-east-1:123456789012:table\u002Ffaq-index\"]\n    }\n  ]\n}\u003C\u002Fcode>\u003C\u002Fpre>\u003Cp>驗收：你應該看到助理在日誌中以自己的身分登入，且未授權動作會回傳 authorization error。\u003C\u002Fp>\u003Ch2>Step 2: 分級並隔離敏感資料路徑\u003C\u002Fh2>\u003Cp>目的：讓助理只碰到完成任務所需的資料層級，不把所有內容都當成可檢索資料。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1779983279629-gh87.png\" alt=\"怎麼做 AI 助理端到端安全\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>先把資料分成公開、內部、機密與受管制四級，再依級別切分儲存桶、索引或檢索條件。若你做 \u003Ca href=\"\u002Ftag\u002Frag\">RAG\u003C\u002Fa>，搜尋前就要先套政策，避免客戶秘密、\u003Ca href=\"\u002Ftag\u002Ftoken\">token\u003C\u002Fa>、私有原始碼被塞進 prompt。\u003C\u002Fp>\u003Cp>實作時，把 row-level security、文件 ACL 與內容過濾放在模型前面，不要等模型看完文字才事後遮罩。若你使用 embeddings，向量索引要跟來源資料套用同一套存取規則。\u003C\u002Fp>\u003Cp>驗收：你應該看到助理只回傳使用者有權限讀取的文件，且被遮罩或拒絕的內容不會出現在 prompt trace 或 response log。\u003C\u002Fp>\u003Ch2>Step 3: 加密秘密與資料傳輸\u003C\u002Fh2>\u003Cp>目的：降低流量被攔截或儲存體被竊取時的可用資訊量。\u003C\u002Fp>\u003Cp>把 \u003Ca href=\"\u002Ftag\u002Fapi\">API\u003C\u002Fa> key、資料庫憑證與簽章 secret 放進 secrets manager，不要寫在環境檔或原始碼。助理、協調器、模型端點、檢索服務與資料儲存之間全部啟用 TLS，且所有保存 prompts、outputs、embeddings、audit trail 的系統都要開啟靜態加密。\u003C\u002Fp>\u003Cp>若你需要保存對話歷史，請用受管金鑰加密，並把保留期設成產品真正需要的最短時間。金鑰要定期輪替，發現疑似外洩後也要立即輪替。\u003C\u002Fp>\u003Cp>驗收：你應該看到\u003Ca href=\"\u002Fnews\u002F7-ai-code-review-tools-zh\">程式碼\u003C\u002Fa>搜尋不到明文 secret，網路追蹤顯示 TLS 已啟用，雲端主控台或基礎架構設定也顯示儲存加密開啟。\u003C\u002Fp>\u003Ch2>Step 4: 紀錄每次工具呼叫與決策\u003C\u002Fh2>\u003Cp>目的：建立可追查的稽核鏈，能說明助理看了什麼、做了什麼、為何被允許或拒絕。\u003C\u002Fp>\u003Cp>每次動作都記錄 prompt hash、使用者身分、session ID、tool 名稱、目標資源、policy decision 與 result \u003Ca href=\"\u002Fnews\u002Fhow-to-add-ai-code-review-to-pull-requests-zh\">code\u003C\u002Fa>。把這些紀錄和一般應用日誌分開，讓資安人員能快速搜尋，也能在事件發生後保留證據。\u003C\u002Fp>\u003Cpre>\u003Ccode>{\n  \"event\": \"tool_call\",\n  \"user_id\": \"u_1842\",\n  \"session_id\": \"sess_7f2c\",\n  \"prompt_hash\": \"sha256:8b1c...\",\n  \"tool\": \"create_ticket\",\n  \"resource\": \"zendesk\",\n  \"decision\": \"deny\",\n  \"reason\": \"missing approval scope\"\n}\u003C\u002Fcode>\u003C\u002Fpre>\u003Cp>驗收：你應該看到每次 tool invocation 都有完整 trail，且稽核人員能重建請求來源、套用的政策與執行結果。\u003C\u002Fp>\u003Ch2>Step 5: 為高風險動作加上審批閘門\u003C\u002Fh2>\u003Cp>目的：阻止助理自行執行不可逆或高衝擊操作。\u003C\u002Fp>\u003Cp>把寄外部信件、刪除記錄、修改 IAM role、匯出客戶資料、開放網路存取等動作標成高風險，讓助理只先產生請求草稿，真正執行前必須經過人工核准或第二道政策檢查。\u003C\u002Fp>\u003Cp>你可以用 queue、ticket system 或自建 approval service 來做，但重點是助理不能靠改寫請求內容或重試 tool call 來繞過閘門。\u003C\u002Fp>\u003Cp>驗收：你應該看到高風險動作先進入 approval queue，只有核准後才會往下游系統送出。\u003C\u002Fp>\u003Ch2>Step 6: 驗證與封存安全基線\u003C\u002Fh2>\u003Cp>目的：把前面做好的控制變成可重複檢查的交付物，而不是一次性的設定。\u003C\u002Fp>\u003Cp>建立一份安全驗收清單，逐項檢查 service account、資料分級、加密、日誌與審批流程是否都在位。再把這些檢查寫成 CI 或部署後驗證腳本，讓每次發版都能重跑。\u003C\u002Fp>\u003Cp>最後把政策、角色、日誌保存期限與審批規則整理成一份安全基線文件，存進 repo 與內部知識庫，並指定每季重查一次。\u003C\u002Fp>\u003Cp>驗收：你應該看到一份可版本化的安全基線文件，外加可重跑的驗證腳本與通過紀錄。\u003C\u002Fp>\u003Ch2>常見錯誤\u003C\u002Fh2>\u003Cul>\u003Cli>把人員 admin token 直接給助理。修法：改成專用 role，並拆開憑證與最小權限。\u003C\u002Fli>\u003Cli>把含 secret 的原始 prompt 原封不動寫進日誌。修法：在落盤前先遮罩 token、密碼與個資。\u003C\u002Fli>\u003Cli>檢索層權限比來源資料更寬。修法：向量索引、文件庫與原始資料都要套用同一組 ACL 與 row-level 規則。\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>接下來可以看什麼\u003C\u002Fh2>\u003Cp>下一步可以做 prompt injection 防護、policy as code、紅隊測試與定期存取審查，讓這套基線能跟著產品規模一起維持可控。\u003C\u002Fp>","這篇教你替 AI 助理建立最小權限、資料隔離、加密、稽核與高風險審批，做出可落地的安全基線。","www.techrepublic.com","https:\u002F\u002Fwww.techrepublic.com\u002Farticle\u002Fnews-ai-agent-data-layer-security-may-2026-2\u002F",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1779983288832-w64u.png","ai-agent","zh","c25cb6d2-274f-439c-8569-ce92f9533e5c",[17,18,19,20,21,22],"AI security","IAM","encryption","audit logs","RAG","secrets manager",[24,25,26],"用專用 service account 和最小權限切開 AI 助理的操作面。","把資料分級、加密與稽核放在模型前後兩端，降低外洩與誤用風險。","高風險工具呼叫要經過人工審批，並且保留可重建的操作紀錄。",5,"2026-05-28T15:47:26.8891+00:00","2026-05-28T15:47:26.867+00:00","e3b68196-9e64-4c18-a3b6-a73e73bfb367",{"tags":32,"relatedLang":42,"relatedPosts":46},[33,35,36,38,40],{"name":21,"slug":34},"rag",{"name":19,"slug":19},{"name":17,"slug":37},"ai-security",{"name":18,"slug":39},"iam",{"name":20,"slug":41},"audit-logs",{"id":15,"slug":43,"title":44,"language":45},"how-to-secure-ai-assistants-end-to-end-en","How to Secure AI Assistants End to End","en",[47,53,59,65,71,77],{"id":48,"slug":49,"title":50,"cover_image":51,"image_url":51,"created_at":52,"category":13},"ef96a410-24bd-4e35-8536-439f21f820e6","claude-code-dynamic-workflow-ai-harness-zh","Claude Code 動態工作流：AI 自寫 Harness","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781035378200-qkm9.png","2026-06-09T20:02:21.942031+00:00",{"id":54,"slug":55,"title":56,"cover_image":57,"image_url":57,"created_at":58,"category":13},"9fb91fbe-64cd-4732-aba7-5b20daacf962","agent-orchestration-enterprise-ai-layer-zh","企業 AI 缺的是編排層","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780984981291-rodj.png","2026-06-09T06:02:30.929215+00:00",{"id":60,"slug":61,"title":62,"cover_image":63,"image_url":63,"created_at":64,"category":13},"2e389faa-a4ab-4f7a-b6da-c2ba69d5f14b","ai-agents-use-blockchain-trust-layer-zh","AI 代理用區塊鏈當信任層","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780980509390-6s0i.png","2026-06-09T04:48:01.259033+00:00",{"id":66,"slug":67,"title":68,"cover_image":69,"image_url":69,"created_at":70,"category":13},"1c433948-634b-47e4-a119-dd567203a712","8-rag-patterns-demos-into-prod-zh","8 種 RAG 模式把 Demo 變上線","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780971552397-h12o.png","2026-06-09T02:18:36.130013+00:00",{"id":72,"slug":73,"title":74,"cover_image":75,"image_url":75,"created_at":76,"category":13},"7d860405-aca6-486b-8de0-1c5193a3b06d","fine-tuning-beats-rag-style-not-facts-zh","當目標是文風不是事實時，微調比 RAG 更有效","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780924689232-5elu.png","2026-06-08T13:17:25.235242+00:00",{"id":78,"slug":79,"title":80,"cover_image":81,"image_url":81,"created_at":82,"category":13},"3d1e5ef7-8f31-4e57-b286-306825d7f38e","openclaw-small-business-ai-staff-zh","OpenClaw把AI變成夜班員工","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780904888882-6w0v.png","2026-06-08T07:47:27.229503+00:00",[84,89,94,99,104,109,114,119,124,129],{"id":85,"slug":86,"title":87,"created_at":88},"4ae1e197-1d3d-4233-8733-eafe9cb6438b","claude-now-uses-your-pc-to-finish-tasks-zh","Claude 開始幫你操作電腦","2026-03-26T07:20:48.457387+00:00",{"id":90,"slug":91,"title":92,"created_at":93},"5bede67f-e21c-413d-9ab8-54a3c3d26227","googles-2026-ai-agent-report-decoded-zh","Google 2026 AI Agent 報告解讀","2026-03-26T11:15:22.651956+00:00",{"id":95,"slug":96,"title":97,"created_at":98},"2987d097-563f-46c7-b76f-b558d8ef7c2b","kimi-k25-review-stronger-still-not-legend-zh","Kimi K2.5 評測：更強，但還不是神作","2026-03-27T07:15:55.277513+00:00",{"id":100,"slug":101,"title":102,"created_at":103},"95c9053b-e3f4-4cb5-aace-5c54f4c9e044","claude-code-controls-mac-desktop-zh","Claude Code 也能操控 Mac 了","2026-03-28T03:01:58.58121+00:00",{"id":105,"slug":106,"title":107,"created_at":108},"dc58e153-e3a8-4c06-9b96-1aa64eabbf5f","cloudflare-100x-faster-ai-agent-sandbox-zh","Cloudflare 的 AI 沙箱跑超快","2026-03-28T03:09:44.142236+00:00",{"id":110,"slug":111,"title":112,"created_at":113},"1c8afc56-253f-47a2-979f-1065ff072f2a","openai-backs-isara-agent-swarm-bet-zh","OpenAI 挺 Isara 的 agent swarm …","2026-03-28T03:15:27.513155+00:00",{"id":115,"slug":116,"title":117,"created_at":118},"7379b422-576e-45df-ad5a-d57a0d9dd467","openai-plan-automated-ai-researcher-zh","OpenAI 想做自動化 AI 研究員","2026-03-28T03:17:42.090548+00:00",{"id":120,"slug":121,"title":122,"created_at":123},"48c9889e-86df-450b-a356-e4a4b7c83c5b","harness-engineering-ai-agent-reliability-2026-zh","駕馭工程：從「馬具」到「作業系統」，AI Agent 可靠性的終極密碼","2026-03-31T06:42:53.556721+00:00",{"id":125,"slug":126,"title":127,"created_at":128},"96d8e8c8-1edd-475d-9145-b1e7a1b02b65","mcp-explained-from-prompts-to-production-zh","MCP 怎麼把提示詞變工作流","2026-04-01T09:24:39.321274+00:00",{"id":130,"slug":131,"title":132,"created_at":133},"f2ca7720-b471-4ce5-9336-2a9ac2a876fd","amazon-bedrock-agents-multi-agent-workflows-zh","Amazon Bedrock Agents 進入多代理工作流","2026-04-01T09:30:29.945429+00:00"]