Harness Engineering 的防御视角：从 Codex Security 看 AI 生成代码的治理

In computer security, social engineering is a technique in which an attacker psychologically manipulates users into harmful actions, such as divulging their credentials or other sensitive information.

注册登录 [转]AI安全典型攻击与防御 发布于 2020-10-27   随着机器学习方法与系统的持续创新与演进，诸如图像识别、语音识别、自然语言翻译等人工智能技术得到普遍部署和广泛应用，人工智能正朝着历史性时刻迈进。AI自身的安全性变得前所未有的重要，极需要构建一个不会被外界干扰而影响判断的健壮A

Websites contain several different types of information. Some of it is non-sensitive, for example the copy shown on the public pages. Some of it is sensitive, for example customer usernames, passwords, and banking information, or internal algorithms and private product information.

Asm2Vec出现在2019年的一篇论文——“Asm2Vec: Boosting Static Representation Robustness for Binary Clone Search against Code Obfuscation and Compiler Optimization”之

Website security requires vigilance in all aspects of website design and usage. This introductory article won't make you a website security guru, but it will help you understand where threats come from, and what you can do to harden your web application against the most common attacks.

机器之心编辑部机器之心发布 腾讯安全科恩实验室使用 AI 算法解决二进制安全问题的一项研究被 NeurIPS 2020 接收，该研究首次提出了基于 AI 的二进制代码 / 源代码端到端匹配算法，与传统算法相比效果非常出色，准确率大幅提升。 不久前，人工智能顶会 NeurIPS 2020 放出接收论文

Extensions have a content security policy (CSP) applied to them by default. The default policy restricts the sources from which extensions can load code (such as resources) and disallows potentially unsafe practices such as the use of eval(). See Default content security policy to learn more about the implications of this.

一、背景 随着AI成为新一代关键技术趋势，围绕着AI的服务也越来越普及。特别是结合了云计算以后，机器学习数据的标注、模型训练及预测等服务纷纷上云，为用户提供了强大的算力和优秀的算法，极大方便了广大开发者与企业用户。但是，随之而来的AI服务隐私泄露风险也日益突显，主要表现在：模型预测服务（白盒or 黑

Extensions developed with WebExtension APIs have a Content Security Policy (CSP) applied to them by default. This restricts the sources from which they can load code such as and disallows potentially unsafe practices such as using eval(). This article briefly explains what a CSP is, what the default policy is and what it means for an extension, and how an extension can change the default CSP.