[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-llm-agents-real-vulnerability-hunters-zh":3,"article-related-llm-agents-real-vulnerability-hunters-zh":30,"series-research-d9868f49-f928-4053-ae16-416dffad41d7":82},{"id":4,"slug":5,"title":6,"content":7,"summary":8,"source":9,"source_url":10,"author":11,"image_url":12,"cover_image":12,"category":13,"language":14,"translated_content":11,"related_article_id":15,"keywords":16,"key_takeaways":23,"views":27,"created_at":28,"published_at":29,"topic_cluster_id":11},"d9868f49-f928-4053-ae16-416dffad41d7","llm-agents-real-vulnerability-hunters-zh","為什麼 LLM agents 正在變成真正的漏洞獵手","\u003Cp data-speakable=\"summary\">\u003Ca href=\"\u002Fnews\u002Fwhy-gpt-5-5-should-be-default-coding-llm-2026-zh\">LLM\u003C\u002Fa> agents 已經能在真實軟體中找出漏洞，不再只是協助寫程式。\u003C\u002Fp>\u003Cp>\u003Ca href=\"\u002Ftag\u002Fllm\">LLM\u003C\u002Fa> agents 不再只是新奇玩具；它們正在變成實用的漏洞發現工具，而 Linux kernel、\u003Ca href=\"\u002Ftag\u002Fdocker\">Docker\u003C\u002Fa>、OpenSSL 的最新發現已經證明這一點。這些不是練習題，而是現代基礎設施的核心元件。當一組自我協作的 agents 能在不同程式碼庫中，從大範圍搜尋一路走到可信的 bug 發現，資安研究的玩法就已經變了。\u003C\u002Fp>\u003Ch2>第一個論點\u003C\u002Fh2>\u003Cp>真正的突破不是「LLM 會猜 bug 模式」，而是多個 agents 能像小型研究團隊那樣分工：一個探索程式路徑，一個評估可利用性，一個修正假設，一個避免搜尋卡住。這種編排把模型從聰明的自動補字，變成持續工作的研究者。再加上 activation steering，代表系統不是只對提示詞做反應，而是被導向資安推理模式。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778591454009-e0hv.png\" alt=\"為什麼 LLM agents 正在變成真正的漏洞獵手\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>這和傳統 fuzzing 的演進很像。早期 fuzzers 很快，但覆蓋面窄；後來真正有效的流程，是把 fuzzing、symbolic execution、sanitizers 和人工 triage 串在一起。agentic LLM 工作流也是同一條路。重點不是「AI 找到一個 bug」，而是「一個工作流跨過 kernel、container、crypto 三種軟體層，靠多步推理找出漏洞」。這才是值得安全團隊重視的訊號。\u003C\u002Fp>\u003Ch2>第二個論點\u003C\u002Fh2>\u003Cp>在單一應用裡找到缺陷很有用，但同一套流程能在 Linux kernel、Docker、OpenSSL 都挖出可信漏洞，代表的是另一個層級。這三者分別對應現代運算的底層、中層與信任邊界：kernel 決定核心記憶體安全，container 決定隔離與執行環境，OpenSSL 則影響幾乎所有下游產品的機密性與完整性。能同時碰到這三層，表示它不是只學會某個專案的怪癖，而是在學系統軟體的通用推理方式。\u003C\u002Fp>\u003Cp>這種可遷移性是防守方最該在意的地方。Linux kernel 是最難找遠端可達記憶體破壞漏洞的場域之一，程式碼巨大、歷史包袱重、細節又極度敏感。Docker 的問題會直接影響隔離失效與營運風險。OpenSSL 則可能讓加密信任鏈整個失守。當一條自動化探索管線能碰到這三個領域，瓶頸就不再是「AI 看不看得懂程式」，而是「人類能不能跟上 AI 輔助的偵察速度」。\u003C\u002Fp>\u003Ch2>反方可能怎麼說\u003C\u002Fh2>\u003Cp>懷疑者的論點其實很強：這些系統仍然需要專家監督，漏洞發現不等於穩定利用，更不等於負責任揭露。資安圈看過太多看起來很厲害、實際上卻經不起審查的 demo。若流程依賴大量手工 steering 和精細編排，那它就還不算真正自主；把它講成革命，容易高估方法成熟度。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778591449563-ljg3.png\" alt=\"為什麼 LLM agents 正在變成真正的漏洞獵手\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>這個批評是合理的，但它沒有推翻結論。完全自主不是重點，穩定地擴大搜尋空間、產出值得專家驗證的候選漏洞，才是重點。這次在 kernel、Docker、OpenSSL 的成果，已經跨過這條線。即使最後仍要人類確認影響範圍、撰寫報告，最昂貴的初始發現階段已經被明顯壓低成本。限制存在，但那是部署限制，不是重要性限制。\u003C\u002Fp>\u003Ch2>你能做什麼\u003C\u002Fh2>\u003Cp>資安團隊應該停止把 agentic LLM 當成旁支實驗，改把它納入漏洞研究流程。工程師可以把它和 fuzzers、static analysis、sanitizer 輸出串在一起，並在真實程式碼庫上量測 \u003Ca href=\"\u002Fnews\u002Fwhy-mvm-is-the-right-kind-of-go-interpreter-zh\">pre\u003C\u002Fa>cision、triage 時間與漏洞品質。PM 應該把預算放在評估框架，而不是一次性 demo。創辦人若在做 devt\u003Ca href=\"\u002Fnews\u002Fwhy-google-deepmind-is-winning-model-talent-war-zh\">oo\u003C\u002Fa>ls 或安全工具，應該優先打造讓 agents 能搜尋、排序、交接給人的工作流，因為價值已經出現在這裡；會贏的不是問「agents 能不能找洞」的人，而是把洞變成可處理結果的人。\u003C\u002Fp>","LLM agents 已經不只是寫程式工具，它們開始能在真實系統中找出有價值的漏洞，而且這件事正在改變資安研究的分工方式。","letsdatascience.com","https:\u002F\u002Fletsdatascience.com\u002Fnews\u002Fllm-agents-find-kernel-docker-openssl-vulnerabilities-d08ffc7a",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778591454009-e0hv.png","research","zh","7a5a2d84-bd79-4604-876c-80486c6c691e",[17,18,19,20,21,22],"LLM agents","漏洞發現","Linux kernel","Docker","OpenSSL","資安自動化",[24,25,26],"LLM agents 已經能參與真實漏洞發現，不只是生成程式碼。","多代理協作與 activation steering，讓模型能做更接近研究員的推理工作。","防守方應把 agents 納入既有資安流程，重點放在可驗證與可交接的結果。",6,"2026-05-12T13:10:27.450959+00:00","2026-05-12T13:10:27.434+00:00",{"tags":31,"relatedLang":41,"relatedPosts":45},[32,34,35,37,39],{"name":19,"slug":33},"linux-kernel",{"name":18,"slug":18},{"name":21,"slug":36},"openssl",{"name":17,"slug":38},"llm-agents",{"name":20,"slug":40},"docker",{"id":15,"slug":42,"title":43,"language":44},"llm-agents-real-vulnerability-hunters-en","Why LLM agents are becoming real vulnerability hunters","en",[46,52,58,64,70,76],{"id":47,"slug":48,"title":49,"cover_image":50,"image_url":50,"created_at":51,"category":13},"923bb0c4-95f3-49a0-8e01-5cdd6bcd2e32","fixing-llm-forgetting-es-fine-tuning-zh","ES 微調忘記問題有解了","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780604276240-arx4.png","2026-06-04T20:17:25.720929+00:00",{"id":53,"slug":54,"title":55,"cover_image":56,"image_url":56,"created_at":57,"category":13},"42510df4-4692-44c6-a45a-c82a4a86b646","tls-turns-insecure-links-into-encrypted-sessions-zh","TLS 把明文連線變成加密會話","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780596207456-9or4.png","2026-06-04T18:02:50.988357+00:00",{"id":59,"slug":60,"title":61,"cover_image":62,"image_url":62,"created_at":63,"category":13},"4fa896da-9616-425a-92bc-c1d7d5861ff9","streamma-multi-agent-reasoning-latency-zh","StreamMA 讓多代理推理邊想邊傳","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780554786134-1w1d.png","2026-06-04T06:32:32.769423+00:00",{"id":65,"slug":66,"title":67,"cover_image":68,"image_url":68,"created_at":69,"category":13},"f31f51ba-4445-4e43-9bda-31e70f53d42b","audio-language-models-arbitration-reversals-zh","音訊模型不是聽不懂","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780553877373-ux95.png","2026-06-04T06:17:27.890159+00:00",{"id":71,"slug":72,"title":73,"cover_image":74,"image_url":74,"created_at":75,"category":13},"447ac6c9-477b-45c8-bec2-ff94dc4cf5d4","stride-training-data-attribution-sparse-recovery-zh","STRIDE 讓訓練資料歸因快 13 倍","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780552979370-897a.png","2026-06-04T06:02:29.149166+00:00",{"id":77,"slug":78,"title":79,"cover_image":80,"image_url":80,"created_at":81,"category":13},"33c9a55c-a8c0-4367-b742-f4567d1e98e3","mathematicians-warn-ai-could-distort-math-zh","數學界警告 AI 會扭曲證明標準","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780504386035-080l.png","2026-06-03T16:32:29.415063+00:00",[83,88,93,98,103,108,113,118,123,128],{"id":84,"slug":85,"title":86,"created_at":87},"f18dbadb-8c59-4723-84a4-6ad22746c77a","deepmind-bets-on-continuous-learning-ai-2026-zh","DeepMind 押注 2026 連續學習 AI","2026-03-26T08:16:02.367355+00:00",{"id":89,"slug":90,"title":91,"created_at":92},"f4a106cb-02a6-4508-8f39-9720a0a93cee","ml-papers-of-the-week-github-research-desk-zh","每週 ML 論文清單，為何紅到 GitHub","2026-03-27T01:11:39.284175+00:00",{"id":94,"slug":95,"title":96,"created_at":97},"c4f807ca-4e5f-47f1-a48c-961cf3fc44dc","ai-ml-conferences-to-watch-in-2026-zh","2026 AI 研討會投稿時程整理","2026-03-27T01:51:53.874432+00:00",{"id":99,"slug":100,"title":101,"created_at":102},"cf046742-efb2-4753-aef9-caed5da5e32e","adaptive-block-scaled-data-types-zh","IF4：神經網路量化的聰明選擇","2026-03-31T06:00:36.990273+00:00",{"id":104,"slug":105,"title":106,"created_at":107},"53a0dc54-0371-4e40-8d5e-74e94a73840c","geometry-aware-similarity-metrics-for-neural-representations-zh","超越距離測量：用微分幾何重新理解神經網路","2026-03-31T06:01:01.241968+00:00",{"id":109,"slug":110,"title":111,"created_at":112},"fee7d472-a775-4b1d-bbc2-1e8bca1bbf8b","on-the-fly-repulsion-in-the-contextual-space-for-rich-divers-zh","讓AI繪圖更有創意：用排斥力提升生成多樣性","2026-03-31T06:01:25.439673+00:00",{"id":114,"slug":115,"title":116,"created_at":117},"a9901203-d69b-447b-8854-15d14eab32b4","vision-aided-beam-prediction-cnn-eca-zh","影像輔助波束預測升級 CNN","2026-04-01T10:00:25.8073+00:00",{"id":119,"slug":120,"title":121,"created_at":122},"b55e7dd4-0a24-4b3d-804d-b0309a03f498","triple-band-fss-mimo-antenna-sub-6-ghz-zh","三頻 FSS MIMO 天線瞄準 sub-6 GHz","2026-04-01T13:18:36.857305+00:00",{"id":124,"slug":125,"title":126,"created_at":127},"f68290bd-e7f3-4b30-ba22-dcd4e0130a66","openclaw-1299-repos-eight-weeks-analysis-zh","OpenClaw 1299 個 Repo 的資料解讀","2026-04-02T05:03:45.208411+00:00",{"id":129,"slug":130,"title":131,"created_at":132},"ed9f80eb-eb02-4d35-8ad4-0ddf428751dd","beam-coherence-aware-combining-mmwave-mimo-zh","毫米波 MIMO 的雙階合併法","2026-04-02T05:27:26.897188+00:00"]