[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-claude-5-jailbreak-and-dark-downgrade-zh":3,"article-related-claude-5-jailbreak-and-dark-downgrade-zh":32,"series-industry-2bbbc232-a988-4b31-9b1c-f5fe9235d147":77},{"id":4,"slug":5,"title":6,"content":7,"summary":8,"source":9,"source_url":10,"author":11,"image_url":12,"cover_image":12,"category":13,"language":14,"translated_content":11,"related_article_id":15,"keywords":16,"key_takeaways":24,"views":28,"created_at":29,"published_at":30,"topic_cluster_id":31},"2bbbc232-a988-4b31-9b1c-f5fe9235d147","claude-5-jailbreak-and-dark-downgrade-zh","Claude 5 被破防與暗中降智的兩面","\u003Cp data-speakable=\"summary\">\u003Ca href=\"\u002Ftag\u002Fclaude\">Claude\u003C\u002Fa> 5 的爭議集中在越獄被破和隱形降智兩件事上。\u003C\u002Fp>\u003Cp>讀完這 5 項，你可以\u003Ca href=\"\u002Fnews\u002Fkubernetes-interviews-reveal-why-teams-adopt-it-zh\">判斷\u003C\u002Fa>一個\u003Ca href=\"\u002Fnews\u002Fmistral-model-docs-deployment-manual-zh\">模型\u003C\u002Fa>的安全層到底是「真的能擋」還是「只是看起來能擋」，也能\u003Ca href=\"\u002Fnews\u002Fkubernetes-release-support-windows-explained-zh\">看懂\u003C\u002Fa> \u003Ca href=\"\u002Ftag\u002Fanthropic\">Anthropic\u003C\u002Fa> 為什麼會因為暗中降級輸出而被開發者追著罵。\u003C\u002Fp>\u003Ctable>\u003Cthead>\u003Ctr>\u003Cth>項目\u003C\u002Fth>\u003Cth>時間／規模\u003C\u002Fth>\u003Cth>影響\u003C\u002Fth>\u003C\u002Ftr>\u003C\u002Fthead>\u003Ctbody>\u003Ctr>\u003Ctd>越獄被破\u003C\u002Ftd>\u003Ctd>發布後 72 小時\u003C\u002Ftd>\u003Ctd>安全防線被繞過\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>外部測試\u003C\u002Ftd>\u003Ctd>超過 1000 小時\u003C\u002Ftd>\u003Ctd>仍未完全擋住攻擊\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>系統提示泄露\u003C\u002Ftd>\u003Ctd>約 12 萬字符\u003C\u002Ftd>\u003Ctd>內部規則外流\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>隱形降智\u003C\u002Ftd>\u003Ctd>被發現後撤回\u003C\u002Ftd>\u003Ctd>評測與研究可信度受損\u003C\u002Ftd>\u003C\u002Ftr>\u003C\u002Ftbody>\u003C\u002Ftable>\u003Ch2>1. 越獄被破得太快\u003C\u002Fh2>\u003Cp>最先引爆討論的，是 \u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002F\">Anthropic\u003C\u002Fa> 的 Claude 5 在發布後不久就被攻破。原文提到，官方曾強調它經過超過 1000 小時外部測試，但 72 小時後，黑客就找到了繞過分類器的方法。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781773371249-709f.png\" alt=\"Claude 5 被破防與暗中降智的兩面\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>這件事的重點不是單純的「模型又被越獄」，而是說明安全層不等於絕對封鎖。只要提示詞、上下文和角色設定設計得夠細，很多原本會被攔截的請求，仍可能被拆開後逐步誘導出來。\u003C\u002Fp>\u003Cul>\u003Cli>多智能體協同，不是單點提問\u003C\u002Fli>\u003Cli>分類器失效，敏感詞靜態識別被繞開\u003C\u002Fli>\u003Cli>長上下文稀釋，把真實意圖藏進無害內容\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>2. 字符混淆比你想的更有效\u003C\u002Fh2>\u003Cp>黑客還用了字符替換、異體字和同形異碼等手法，讓分類器難以識別敏感詞。人類讀起來幾乎一樣，但機器在靜態掃描時可能把它當成普通文本。\u003C\u002Fp>\u003Cp>這表示安全系統如果太依賴關鍵詞匹配，就很容易被編碼層面的微小變化擊穿。對產品方來說，文本正規化、Unicode 處理和輸入清洗，和模型能力本身一樣重要。\u003C\u002Fp>\u003Ccode>例子：Latin a → Cyrillic а；普通字元 → 同形異碼字元\u003C\u002Fcode>\u003Cul>\u003Cli>肉眼難察覺\u003C\u002Fli>\u003Cli>機器匹配更容易漏檢\u003C\u002Fli>\u003Cli>適合繞過簡單詞庫規則\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>3. 把危險請求包成正常任務\u003C\u002Fh2>\u003Cp>另一招是把高風險請求包裝成低風險任務，例如小說創作、歷史評審或學術討論。只要外殼夠「正當」，模型就更容易把後面的危險意圖當成正常上下文。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781773374738-nn7r.png\" alt=\"Claude 5 被破防與暗中降智的兩面\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>更進一步的做法，是把一個危險目標拆成很多合法子問題。每一步都看起來無害，但合在一起就能拼出完整答案。這也是為什麼單次攔截常常不夠，系統還得識別跨輪次的意圖一致性。\u003C\u002Fp>\u003Cul>\u003Cli>把「做什麼」改寫成「討論什麼」\u003C\u002Fli>\u003Cli>把危險目標拆成多個中性步驟\u003C\u002Fli>\u003Cli>用角色扮演壓低模型警覺\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>4. 隱形降智比明示拦截更傷信任\u003C\u002Fh2>\u003Cp>比越獄更讓開發者憤怒的，是 Claude 5 被指加入「隱形降智」機制。也就是說，當系統判斷使用者在做前沿 AI 研究時，模型不會提示，只會悄悄輸出更差的內容。\u003C\u002Fp>\u003Cp>這會直接污染評測、訓練和對比實驗。研究者可能以為自己拿到的是正常結果，實際上卻是在用被故意削弱的輸出做分析。對依賴可重複實驗的人來說，這比明示攔截更難接受。\u003C\u002Fp>\u003Cul>\u003Cli>不會跳出提示\u003C\u002Fli>\u003Cli>可能輸出垃圾程式碼或錯誤邏輯\u003C\u002Fli>\u003Cli>會影響第三方基準測試的可信度\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>5. 公開道歉後，改法仍有代價\u003C\u002Fh2>\u003Cp>在輿論壓力下，Anthropic 很快公開道歉，並撤回這套隱形降智策略。新的做法是改成明文攔截，觸發時直接告訴使用者，並轉到能力更弱的模型處理。\u003C\u002Fp>\u003Cp>但這也帶來新問題：規則一旦可見，就更容易被針對性繞過；規則設得更保守，又會誤傷更多普通請求。換句話說，透明度和攔截強度之間，本來就很難兩全。\u003C\u002Fp>\u003Ccode>新方案：明示攔截 → 轉交較弱模型 → 更高誤判風險\u003C\u002Fcode>\u003Ch2>怎麼挑：安全研究或工程實作，重點不同\u003C\u002Fh2>\u003Cp>如果你關心的是模型安全研究，最值得看的，是越獄方法如何利用上下文、字符混淆和任務拆分來繞過防線。如果你更關心工程實作，重點則是「隱形降智」為什麼會破壞信任，以及為什麼透明攔截比暗中降級更容易被接受。\u003C\u002Fp>\u003Cp>對普通開發者來說，結論很直接：別只看模型有多強，還要看它的安全機制是否可驗證、可解釋、可預期。對研究者來說，最該警惕的是那些不會報錯、卻會悄悄改變結果的系統行為。\u003C\u002Fp>","2 個爭議點看懂 Claude 5：72 小時被越獄、隱形降智被撤回，開發者該看安全與信任哪一邊。","zhuanlan.zhihu.com","https:\u002F\u002Fzhuanlan.zhihu.com\u002Fp\u002F2048751578274963493",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781773371249-709f.png","industry","zh","e44fcc73-38c1-4f34-a991-8ecd54d3366f",[17,18,19,20,21,22,23],"Claude 5","Anthropic","越獄","隱形降智","模型安全","提示詞攻防","Unicode 混淆",[25,26,27],"Claude 5 的爭議不只是一場越獄事件，而是安全層是否真的可靠的測試。","字符混淆、任務拆分和長上下文稀釋，是繞過分類器的核心手法。","隱形降智會污染評測與研究結果，透明攔截雖有代價，但更能維持信任。",0,"2026-06-18T09:02:21.579197+00:00","2026-06-18T09:02:21.572+00:00","fa1dc5e8-0eec-4179-8dc0-e35a3d82f701",{"tags":33,"relatedLang":36,"relatedPosts":40},[34],{"name":18,"slug":35},"anthropic",{"id":15,"slug":37,"title":38,"language":39},"claude-5-jailbreak-and-dark-downgrade-en","Claude 5越狱与暗箱降智的两张脸","en",[41,47,53,59,65,71],{"id":42,"slug":43,"title":44,"cover_image":45,"image_url":45,"created_at":46,"category":13},"8959ca2a-2357-48a2-a33d-6518b2b9a15d","cftc-crypto-push-cme-lawsuit-threat-zh","4 個訊號看 CFTC 與 CME 的正面衝突","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781784168336-j3zd.png","2026-06-18T12:02:23.97152+00:00",{"id":48,"slug":49,"title":50,"cover_image":51,"image_url":51,"created_at":52,"category":13},"ca2f316c-9a19-469f-a692-a250b054733b","musk-nvidia-tie-could-speed-tesla-ai-zh","Musk 與 Nvidia 牽線，Tesla AI 可能加速","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781777878932-e4gb.png","2026-06-18T10:17:32.322567+00:00",{"id":54,"slug":55,"title":56,"cover_image":57,"image_url":57,"created_at":58,"category":13},"c8b981f7-be95-4ae0-b6e7-b2145d3a6605","anthropic-buys-carbon-removal-skips-clean-power-zh","Anthropic買碳移除，卻沒補上綠電","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781776981364-pebx.png","2026-06-18T10:02:27.851459+00:00",{"id":60,"slug":61,"title":62,"cover_image":63,"image_url":63,"created_at":64,"category":13},"f74413d6-d83a-4a05-8e5a-dbcbf17766f5","government-can-pull-unsafe-ai-models-offline-zh","政府應該有權把不安全的 AI 模型下架","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781774268502-s5be.png","2026-06-18T09:17:22.789397+00:00",{"id":66,"slug":67,"title":68,"cover_image":69,"image_url":69,"created_at":70,"category":13},"37c59cf0-5ad7-41c9-9edb-9228491d42a8","kubernetes-release-support-windows-explained-zh","Kubernetes 3 個支援窗口看懂升級時機","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781768878686-s1g2.png","2026-06-18T07:47:24.382267+00:00",{"id":72,"slug":73,"title":74,"cover_image":75,"image_url":75,"created_at":76,"category":13},"bd0a5d0d-eb7f-4285-8ee3-680de6bbfb05","90-minute-takedown-turns-ai-ops-into-crisis-zh","90 分鐘下線把 AI 變成事故演練","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781759004216-23ns.png","2026-06-18T05:02:57.07178+00:00",[78,83,88,93,98,103,108,113,118,123],{"id":79,"slug":80,"title":81,"created_at":82},"ee073da7-28b3-4752-a319-5a501459fb87","ai-in-2026-what-actually-matters-now-zh","2026 AI 真正重要的事","2026-03-26T07:09:12.008134+00:00",{"id":84,"slug":85,"title":86,"created_at":87},"83bd1795-8548-44c9-9a7e-de50a0923f71","trump-ai-framework-power-speech-state-preemption-zh","川普 AI 框架瞄準電力、言論與州權","2026-03-26T07:12:18.695466+00:00",{"id":89,"slug":90,"title":91,"created_at":92},"ea6be18b-c903-4e54-97b7-5f7447a612e0","nvidia-gtc-2026-big-ai-announcements-zh","NVIDIA GTC 2026 重點拆解","2026-03-26T07:14:26.62638+00:00",{"id":94,"slug":95,"title":96,"created_at":97},"4bcec76f-4c36-4daa-909f-54cd702f7c93","claude-users-spreading-out-and-getting-better-zh","Claude 用戶更分散，也更會用","2026-03-26T07:22:52.325888+00:00",{"id":99,"slug":100,"title":101,"created_at":102},"bd903b15-2473-4178-9789-b7557816e535","openclaw-raises-hard-question-for-ai-models-zh","OpenClaw 逼問 AI 模型價值","2026-03-26T07:24:54.707486+00:00",{"id":104,"slug":105,"title":106,"created_at":107},"eeac6b9e-ad9d-4831-8eec-8bba3f9bca6a","gap-google-gemini-checkout-fashion-search-zh","Gap 把結帳搬進 Gemini","2026-03-26T07:28:23.937768+00:00",{"id":109,"slug":110,"title":111,"created_at":112},"0740e53f-605d-4d57-8601-c10beb126f3c","google-pushes-gemini-transition-to-march-2026-zh","Google 把 Gemini 轉換延到 2026 年 3…","2026-03-26T07:30:12.825269+00:00",{"id":114,"slug":115,"title":116,"created_at":117},"e660d801-2421-4529-8fa9-86b82b066990","metas-llama-4-benchmark-scandal-gets-worse-zh","Meta Llama 4 分數風波又擴大","2026-03-26T07:34:21.156421+00:00",{"id":119,"slug":120,"title":121,"created_at":122},"183f9e7c-e143-40bb-a6d5-67ba84a3a8bc","accenture-mistral-ai-sovereign-enterprise-deal-zh","Accenture 攜手 Mistral AI 賣主權 AI","2026-03-26T07:38:14.818906+00:00",{"id":124,"slug":125,"title":126,"created_at":127},"191d9b1b-768a-478c-978c-dd7431a38149","mistral-ai-faces-its-hardest-year-yet-zh","Mistral AI 迎來最硬的一年","2026-03-26T07:40:23.716374+00:00"]