[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"tag-供應鏈安全":3},{"tag":4,"articles":10},{"id":5,"name":6,"slug":6,"article_count":7,"description_zh":8,"description_en":9},"5e2550b0-0310-416b-a84c-274be68bebe3","供應鏈安全",4,"供應鏈安全關注軟體從開發、打包到發布各環節的信任鏈，像是簽章驗證、npm 套件、sourcemap 外洩與第三方工具風險。對 AI 工具與桌面應用來說，任何一個流程出錯都可能把原始碼、憑證或部署細節暴露出去。","Supply chain security covers the trust chain from code development to packaging and release: signatures, npm dependencies, sourcemaps, and third-party tools. For AI apps and desktop software, a single process mistake can expose source code, credentials, or deployment details.",[11,20,28,35,42,49,56],{"id":12,"slug":13,"title":14,"summary":15,"category":16,"image_url":17,"cover_image":17,"language":18,"created_at":19},"192ba990-8e71-4457-85ed-d53fbdd1685d","ibm-red-hat-5b-open-source-ai-security-zh","IBM、Red Hat 投入 50 億美元守護開源 AI 安全","IBM 與 Red Hat 推出 Project Lightwell，砸 50 億美元把 AI 用在開源安全、漏洞驗證與修補分發，先從企業供應鏈下手。","industry","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780257770685-q3cb.png","zh","2026-05-31T20:02:26.812854+00:00",{"id":21,"slug":22,"title":23,"summary":24,"category":25,"image_url":26,"cover_image":26,"language":18,"created_at":27},"e9bdb899-df99-4ed7-8c0d-032a2a0c20b7","microsoft-agentic-stack-linux-ai-infra-zh","微軟把 Linux 變成 AI 基礎設施","我拆微軟這套 agentic stack，重點不是模型，是把 Linux、開源標準與治理一起當成 AI 基礎設施。","tools","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1779249890350-1p82.png","2026-05-20T04:04:22.057792+00:00",{"id":29,"slug":30,"title":31,"summary":32,"category":16,"image_url":33,"cover_image":33,"language":18,"created_at":34},"eae9ebe2-eef3-4aac-ba39-52913fadd6ae","ai-agent-clis-new-supply-chain-attack-surface-zh","為什麼 AI-agent CLI 是新的供應鏈攻擊面","AI-agent CLI 已經成為新的供應鏈攻擊面，因為掃描器擅長找惡意檔案，卻抓不到會誤導代理行為的指令界面。","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778530844944-lcfb.png","2026-05-11T20:20:24.62023+00:00",{"id":36,"slug":37,"title":38,"summary":39,"category":16,"image_url":40,"cover_image":40,"language":18,"created_at":41},"c46f6c47-2112-4572-8a8e-2fa63b9e6d61","openai-macos-app-certification-security-issue-zh","OpenAI 揪出 macOS 驗證問題","OpenAI 發現 macOS App 驗證流程有第三方工具問題，強調沒有資料外洩。這次事件看的是軟體簽章、供應鏈與桌面版 AI app 的信任鏈。","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1776081830864-a8pl.png","2026-04-13T12:03:34.912026+00:00",{"id":43,"slug":44,"title":45,"summary":46,"category":25,"image_url":47,"cover_image":47,"language":18,"created_at":48},"7087ed57-4d0b-4de6-a203-6c50166c5e2c","claude-code-source-leak-npm-sourcemap-zh","Claude Code 源碼外洩：npm 裡藏了什麼","Claude Code 的 npm sourcemap 疑似把完整源碼帶出來。這次不是入侵，而是發布流程出包，直接把 AI 編程 CLI 的細節攤開。","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1775113346338-k2m5.png","2026-04-02T05:24:31.450829+00:00",{"id":50,"slug":51,"title":52,"summary":53,"category":25,"image_url":54,"cover_image":54,"language":18,"created_at":55},"cff44ea5-e67c-46bf-917a-b147287a0515","claude-code-leak-exposes-512k-lines-npm-zh","Claude Code npm 外洩 51.2 萬行","Anthropic 因打包失誤讓 Claude Code 原始碼短暫外洩到 npm，超過 51.2 萬行、近 2,000 個 TypeScript 檔案曝光，也把 AI 軟體供應鏈風險攤在陽光下。","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1775092577214-teca.png","2026-04-02T01:15:41.670331+00:00",{"id":57,"slug":58,"title":59,"summary":60,"category":61,"image_url":62,"cover_image":62,"language":18,"created_at":63},"9dd23277-9adf-4eba-910f-cb8c7dbcb512","openclaw-security-risks-and-defenses-zh","OpenClaw安全風險與防護清單","OpenClaw曝出1184個惡意技能包，23萬+實例暴露公網。本文拆解風險、漏洞、擴充生態與防護清單，給開發者可直接落地的檢查重點。","ai-agent","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1775057612643-dbka.png","2026-04-01T09:54:40.76006+00:00"]