[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-certik-opens-ai-auditor-to-global-developers-zh":3,"article-related-certik-opens-ai-auditor-to-global-developers-zh":27,"series-blockchain-80aa6908-8c29-4113-ad50-56e2625eeb5a":83},{"id":4,"slug":5,"title":6,"content":7,"summary":8,"source":9,"source_url":10,"author":11,"image_url":12,"cover_image":12,"category":13,"language":14,"translated_content":11,"related_article_id":15,"keywords":16,"key_takeaways":11,"views":24,"created_at":25,"published_at":26,"topic_cluster_id":11},"80aa6908-8c29-4113-ad50-56e2625eeb5a","certik-opens-ai-auditor-to-global-developers-zh","CertiK 把 AI 審計器開放給開發者","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.certik.com\u002F\" target=\"_blank\" rel=\"noopener\">CertiK\u003C\u002Fa> 把 AI Auditor 開放給全球開發者了。它不是玩票。官方丟出一個很硬的數字：對 35 起 Web3 安全事件回測，精準命中率是 88.6%。說真的，這種數字在\u003Ca href=\"\u002Fnews\u002Flayer-2-blockchain-scalability-explained-zh\">區塊鏈\u003C\u002Fa>安全圈很刺眼。\u003C\u002Fp>\u003Cp>原因很簡單。Web3 一個漏洞，常常不是壞掉而已。是錢直接被搬走。對 \u003Ca href=\"https:\u002F\u002Fwww.defi.org\u002F\" target=\"_blank\" rel=\"noopener\">DeFi\u003C\u002Fa>、錢包、交易基礎設施團隊來說，少一點誤報，多一點真問題，差很多。\u003C\u002Fp>\u003Cp>CertiK 這次的說法也很直接。它不是要 AI 取代審計師。它想做的是，把審計前移到寫程式的日常流程裡。講白了，就是讓開發者在 push c\u003Ca href=\"\u002Fnews\u002Fopenai-codex-limits-pro-membership-update-zh\">ode\u003C\u002Fa> 前，先被系統提醒哪裡怪怪的。\u003C\u002Fp>\u003Ch2>CertiK 這次到底開了什麼\u003C\u002Fh2>\u003Cp>這次公開的是 \u003Ca href=\"https:\u002F\u002Fwww.certik.com\u002F\" target=\"_blank\" rel=\"noopener\">CertiK\u003C\u002Fa> 的 AI Auditor。原本這套東西先在內部用。現在變成公開產品，全球開發者都能碰到。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1776168767300-n6mb.png\" alt=\"CertiK 把 AI 審計器開放給開發者\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>它還加了開源整合，給 AI coding age\u003Ca href=\"\u002Fnews\u002Fanthropic-mythos-preview-cybersecurity-zh\">nt\u003C\u002Fa>s 用。這點很重要。安全工具如果只在獨立頁面跑，很多團隊最後都懶得看。直接進 IDE 或工作流，才比較有機會真的被用。\u003C\u002Fp>\u003Cp>CertiK 的目標很務實。先抓漏洞，再減少雜訊。不要讓工程師被一堆看起來很恐怖、其實沒用的警告淹沒。安全工具如果一直吵，最後大家就會把它靜音。\u003C\u002Fp>\u003Cul>\u003Cli>回測命中率：88.6%\u003C\u002Fli>\u003Cli>測試樣本：35 起 Web3 安全事件\u003C\u002Fli>\u003Cli>產品狀態：內部工具變公開服務\u003C\u002Fli>\u003Cli>使用場景：開發流程前段的 triage\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>為什麼它的架構值得看\u003C\u002Fh2>\u003Cp>這套 AI Auditor 最有意思的地方，不是「AI 會看 code」這種老梗。重點是它不是單一模型硬猜。它用的是 \u003Ca href=\"https:\u002F\u002Fwww.certik.com\u002F\" target=\"_blank\" rel=\"noopener\">Multiscanner Framework\u003C\u002Fa>，把多個專門掃描器平行跑，再做去重和語意檢查。\u003C\u002Fp>\u003Cp>這種設計很像在處理資安告警海。不是誰掃得多誰就贏。真正麻煩的是，怎麼把垃圾訊號濾掉。開發者最怕的不是沒警告，是警告太多，最後看不出哪個真的會炸。\u003C\u002Fp>\u003Cp>CertiK co-founder \u003Ca href=\"https:\u002F\u002Fwww.certik.com\u002Fabout\" target=\"_blank\" rel=\"noopener\">Ronghui Gu\u003C\u002Fa> 的說法也很直白：AI 的問題不只是能不能找出漏洞，而是能不能更早找出值得處理的安全問題。這句話我覺得很實在。\u003C\u002Fp>\u003Cblockquote>“The question is no longer simply whether AI can find vulnerabilities, but whether it can genuinely help development teams surface the security issues worth addressing, earlier,” said Ronghui Gu.\u003C\u002Fblockquote>\u003Cp>它還有一個 \u003Ca href=\"https:\u002F\u002Fwww.certik.com\u002F\" target=\"_blank\" rel=\"noopener\">Dynamic Knowledge Base\u003C\u002Fa>。這個資料庫會更新真實攻擊和新型手法。這點在 Web3 特別重要。因為攻擊者改招式的速度，常常比產品發版還快。\u003C\u002Fp>\u003Ch2>它跟其他 AI 安全工具差在哪\u003C\u002Fh2>\u003Cp>現在 AI 安全工具很多。問題是，多數產品只解一小段。像 \u003Ca href=\"https:\u002F\u002Fwww.chainalysis.com\u002F\" target=\"_blank\" rel=\"noopener\">Chainalysis\u003C\u002Fa> 比較偏鏈上情報和合規。它強在追蹤資金流，不是看 source code。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1776168771887-vvga.png\" alt=\"CertiK 把 AI 審計器開放給開發者\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>再看 \u003Ca href=\"https:\u002F\u002Fwww.openzeppelin.com\u002F\" target=\"_blank\" rel=\"noopener\">OpenZeppelin\u003C\u002Fa>。它在 smart contract security 的地位很穩，偏向人工審計與開發框架。這種路線很老派，但在安全圈，老派常常比較可靠。\u003C\u002Fp>\u003Cp>CertiK 想切進的是審計前段。它不是只給你一個 scanner，而是想接管第一輪判讀。這野心不小。可是在安全領域，準確率只要掉一點，信任就會掉很快。\u003C\u002Fp>\u003Cul>\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.certik.com\u002Fproducts\u002Fskynet\" target=\"_blank\" rel=\"noopener\">CertiK Skynet\u003C\u002Fa> 偏監控\u003C\u002Fli>\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.chainalysis.com\u002Fproducts\u002F\" target=\"_blank\" rel=\"noopener\">Chainalysis products\u003C\u002Fa> 偏情報與合規\u003C\u002Fli>\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fanthropics\u002Fclaude-code\" target=\"_blank\" rel=\"noopener\">Claude Code\u003C\u002Fa> 能寫 code，但不等於能做好審計\u003C\u002Fli>\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.openzeppelin.com\u002Fcontracts\" target=\"_blank\" rel=\"noopener\">OpenZeppelin Contracts\u003C\u002Fa> 強在安全開發基礎\u003C\u002Fli>\u003C\u002Ful>\u003Cp>如果拿數據來看，這次的 88.6% 回測命中率，至少比很多「看起來很聰明」的 demo 有說服力。因為它不是只跑一個玩具案例，而是對 35 起真實事件做測試。\u003C\u002Fp>\u003Ch2>這對 DeFi 團隊和機構代表什麼\u003C\u002Fh2>\u003Cp>DeFi 團隊最怕什麼？不是寫不出功能。是功能寫太快，安全檢查跟不上。\u003Ca href=\"https:\u002F\u002Fwww.certik.com\u002F\" target=\"_blank\" rel=\"noopener\">CertiK\u003C\u002Fa> 這套工具如果真的好用，最直接的效果就是減少 alert fatigue。\u003C\u002Fp>\u003Cp>對機構型 crypto 基礎設施來說，需求又不太一樣。他們更在意流程一致性、紀錄完整性、還有誰在什麼時間看過什麼問題。AI Auditor 如果能把第一輪篩選做得穩，後面的人工作業就會比較乾淨。\u003C\u002Fp>\u003Cp>但我也要潑一點冷水。安全工具不是看 demo 就能信。它要在髒 code、半成品、邊寫邊改的專案裡，還能維持穩定表現。這才是真正的壓力測試。\u003C\u002Fp>\u003Cp>你可以先看這幾個比較點：\u003C\u002Fp>\u003Cul>\u003Cli>誤報數量有沒有明顯下降\u003C\u002Fli>\u003Cli>審計前的 triage 時間有沒有縮短\u003C\u002Fli>\u003Cli>真漏洞的召回率有沒有維持\u003C\u002Fli>\u003Cli>團隊是否真的把它放進 CI 或 IDE\u003C\u002Fli>\u003C\u002Ful>\u003Cp>如果這四項都不錯，才算真的有用。只要其中一項掉太多，工程師很快就會把它當成另一個吵人的掃描器。\u003C\u002Fp>\u003Ch2>這次發佈的產業脈絡\u003C\u002Fh2>\u003Cp>Web3 安全一直有個老問題。工具很多，流程很碎。開發者要看 static analysis，要看 fuzzing，要看人工審計，還要自己判斷哪些告警是真的。\u003C\u002Fp>\u003Cp>這也是為什麼 AI 安全工具最近一直冒出來。大家都在找一件事：能不能先把第一層雜訊處理掉。不是因為 AI 神。是因為人真的沒空一直看重複告警。\u003C\u002Fp>\u003Cp>從產業角度看，CertiK 這步很像把安全服務商品化。以前高階審計比較像專案制。現在它想變成日常工具。這個方向很合理，也很殘酷。因為一旦變成日常工具，使用者就會拿它跟其他工具直接比。\u003C\u002Fp>\u003Cp>而且市場上還有一個現實。\u003Ca href=\"https:\u002F\u002Fwww.openai.com\u002F\" target=\"_blank\" rel=\"noopener\">OpenAI\u003C\u002Fa>、\u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002F\" target=\"_blank\" rel=\"noopener\">Anthropic\u003C\u002Fa> 這類公司推動的 coding agent，已經把「AI 幫你寫 code」變成常態。下一步自然就是「AI 幫你查 code 有沒有問題」。\u003C\u002Fp>\u003Ch2>我怎麼看這一步\u003C\u002Fh2>\u003Cp>我覺得 CertiK 這次最有價值的地方，不是它喊了多大的數字，而是它把 AI 審計拉進開發流程。這比單純做一個漂亮 dashboard 實際很多。\u003C\u002Fp>\u003Cp>但它真正的考驗才剛開始。88.6% 是回測數字。真實世界裡，專案會更亂，攻擊面會更多，團隊習慣也更難改。工具能不能活下來，要看它是不是能長期省時間，而不是只在 demo 時很神。\u003C\u002Fp>\u003Cp>如果你是 Web3 開發者，我會建議很簡單。先拿真實專案試。把它跟人工審計結果對照。看它到底幫你省了多少時間，少了多少垃圾警告。這種東西，最後還是要回到資料說話。\u003C\u002Fp>\u003Cp>接下來我會盯兩件事。第一，其他資安公司會不會跟進。第二，開發團隊會不會真的把 AI Auditor 放進日常流程。這兩件事，會決定它只是新聞，還是變成真的工具。\u003C\u002Fp>","CertiK 將 AI Auditor 開放給全球開發者，並宣稱在 35 起 Web3 事故回測中命中率達 88.6%。這次更新把安全審計拉進開發流程，也讓去中心化金融團隊更在意誤報與實戰準確度。","news.bitcoin.com","https:\u002F\u002Fnews.bitcoin.com\u002Fweb3-security-provider-certik-opens-ai-auditing-tool-access-to-global-developers\u002F",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1776168767300-n6mb.png","blockchain","zh","800932a9-4554-44f1-932f-9d5cd8fa1e7a",[17,18,19,20,21,22,23],"CertiK","AI Auditor","Web3安全","智能合約審計","DeFi","資安工具","AI coding agents",5,"2026-04-14T12:12:31.621891+00:00","2026-04-14T12:12:31.543+00:00",{"tags":28,"relatedLang":42,"relatedPosts":46},[29,31,32,34,36,39,41],{"name":18,"slug":30},"ai-auditor",{"name":22,"slug":22},{"name":19,"slug":33},"web3安全",{"name":23,"slug":35},"ai-coding-agents",{"name":37,"slug":38},"Certik","certik",{"name":21,"slug":40},"defi",{"name":20,"slug":20},{"id":15,"slug":43,"title":44,"language":45},"certik-opens-ai-auditor-to-global-developers-en","CertiK Opens Its AI Auditor to Developers","en",[47,53,59,65,71,77],{"id":48,"slug":49,"title":50,"cover_image":51,"image_url":51,"created_at":52,"category":13},"69e98914-0604-43c8-983d-acd95a85254a","coinstats-api-turns-crypto-data-into-one-stack-zh","CoinStats API 把資料堆成一層","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780545813537-m9zd.png","2026-06-04T04:03:06.503557+00:00",{"id":54,"slug":55,"title":56,"cover_image":57,"image_url":57,"created_at":58,"category":13},"c054df55-967a-4a5a-8d7b-be8df18ee4a1","tether-turboquant-cuts-ai-memory-use-5x-zh","Tether TurboQuant 讓 AI 記憶體降 5 倍","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780543080527-tuse.png","2026-06-04T03:17:19.987279+00:00",{"id":60,"slug":61,"title":62,"cover_image":63,"image_url":63,"created_at":64,"category":13},"cc43c07e-560d-4e10-8ac8-2c75dd030ee0","crypto-legality-by-country-banned-legal-unclear-zh","各國加密貨幣合法性一次看懂","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780534981049-hmax.png","2026-06-04T01:02:32.707639+00:00",{"id":66,"slug":67,"title":68,"cover_image":69,"image_url":69,"created_at":70,"category":13},"391a4e7b-5408-4755-8b79-59001b7c6bed","4-ways-us-bitcoin-perpetuals-could-reshape-crypto-zh","4 個美國比特幣永續合約的改變","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780532272934-ccpt.png","2026-06-04T00:17:26.679936+00:00",{"id":72,"slug":73,"title":74,"cover_image":75,"image_url":75,"created_at":76,"category":13},"b1bd7aaa-88cf-4d4e-87a7-46cef145aaf8","near-protocol-price-263-volume-jumps-zh","NEAR 漲到 2.63 美元，量能暴增","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780413484490-zoag.png","2026-06-02T15:17:38.4636+00:00",{"id":78,"slug":79,"title":80,"cover_image":81,"image_url":81,"created_at":82,"category":13},"f4dc3044-7373-4387-8ffd-90476bce4364","gemini-ai-solana-price-prediction-june-2026-zh","Gemini 看多 Solana 至 160 美元","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780265870326-g3jl.png","2026-05-31T22:17:26.356567+00:00",[84,89,94,99,104,109,114,119,124,129],{"id":85,"slug":86,"title":87,"created_at":88},"e1b4b518-f86b-410c-8c82-8cfb787ff2ef","moonpay-open-wallet-standard-ai-payments-zh","MoonPay 推 OWS，瞄準 AI 付款","2026-03-28T03:08:33.379969+00:00",{"id":90,"slug":91,"title":92,"created_at":93},"e72bae29-ddbd-437b-aaa4-cd662605394b","next-gen-crypto-simulators-ai-web3-training-zh","新一代加密模擬器更聰明了","2026-04-01T09:36:33.917023+00:00",{"id":95,"slug":96,"title":97,"created_at":98},"b8e39b58-6b9d-4714-92d3-26df18a3e0f4","rtk-cuts-claude-code-token-spend-zh","RTK 讓 Claude Code 少燒 Token","2026-04-01T10:24:29.259497+00:00",{"id":100,"slug":101,"title":102,"created_at":103},"7ff10146-4ca0-4670-a02c-384dde04f610","trm-labs-ai-agents-crypto-investigations-zh","TRM Labs 將 AI agent 帶進加密調查","2026-04-01T10:33:30.166266+00:00",{"id":105,"slug":106,"title":107,"created_at":108},"00668dea-9f0e-4019-b861-03817d5a8877","how-web3-marketing-changed-in-2026-zh","2026 Web3 行銷怎麼變了","2026-04-02T01:36:34.973322+00:00",{"id":110,"slug":111,"title":112,"created_at":113},"e7992274-42ee-40bc-bb05-97250098c56c","ai-agentic-defi-web3-grants-march-2026-zh","AI、Agentic DeFi 與 Web3 補助案","2026-04-02T05:51:36.857954+00:00",{"id":115,"slug":116,"title":117,"created_at":118},"5cef810b-af3d-467a-8b41-627769eca895","why-crypto-is-fixated-on-ai-agents-zh","為何加密圈盯上 AI Agent","2026-04-02T05:54:28.919864+00:00",{"id":120,"slug":121,"title":122,"created_at":123},"d30e6203-d522-41a1-b529-fcf4499cd985","web3-explained-what-it-is-why-it-matters-zh","Web3 是什麼，為何重要","2026-04-02T06:15:32.580114+00:00",{"id":125,"slug":126,"title":127,"created_at":128},"f29e65ae-64df-463b-ba22-afd9dcbd0f8f","trust-wallet-agent-kit-ai-trade-25-chains-zh","Trust Wallet 讓 AI 幫你交易","2026-04-02T06:27:33.183404+00:00",{"id":130,"slug":131,"title":132,"created_at":133},"91022b4c-b53e-4c18-abfe-914a8eca6e28","blockchain-in-ai-real-use-cases-zh","區塊鏈加 AI，真實落地在哪裡","2026-04-02T06:30:44.026286+00:00"]