[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-microsoft-build-2026-securing-code-agents-models-zh":3,"article-related-microsoft-build-2026-securing-code-agents-models-zh":33,"series-industry-a0b99632-c8ec-4590-8549-4f9cbbb48b88":78},{"id":4,"slug":5,"title":6,"content":7,"summary":8,"source":9,"source_url":10,"author":11,"image_url":12,"cover_image":12,"category":13,"language":14,"translated_content":11,"related_article_id":15,"keywords":16,"key_takeaways":25,"views":29,"created_at":30,"published_at":31,"topic_cluster_id":32},"a0b99632-c8ec-4590-8549-4f9cbbb48b88","microsoft-build-2026-securing-code-agents-models-zh","Microsoft Build 2026：先管住 AI 再談加速","\u003Cp data-speakable=\"summary\">\u003Ca href=\"\u002Ftag\u002Fmicrosoft\">Microsoft\u003C\u002Fa> 在 Build 2026 把\u003Ca href=\"\u002Fnews\u002Fvcs-fund-ai-coding-security-first-zh\">安全\u003C\u002Fa>往前推，從程式碼、agents 到模型都加上治理與偵測。\u003C\u002Fp>\u003Cp>說真的，這場 Build 2026 很像在補 AI 開發的洞。Microsoft 不是只秀模型能力，而是直接把安全插進開發流程。它丟出 MDASH、\u003Ca href=\"\u002Ftag\u002Fagent\">Agent\u003C\u002Fa> 365，還把 Defender 和 \u003Ca href=\"\u002Ftag\u002Fgithub\">GitHub\u003C\u002Fa> 連得更緊。\u003C\u002Fp>\u003Cp>重點很直白。AI 可以讓開發變快，但也會讓風險變多。當企業一天處理超過 100 兆個 signals，還有 20 多種 local agent 在跑，安全如果還卡在最後一關，真的會跟不上。\u003C\u002Fp>\u003Ctable>\u003Cthead>\u003Ctr>\u003Cth>項目\u003C\u002Fth>\u003Cth>Microsoft 的說法\u003C\u002Fth>\u003Cth>意義\u003C\u002Fth>\u003C\u002Ftr>\u003C\u002Fthead>\u003Ctbody>\u003Ctr>\u003Ctd>MDASH\u003C\u002Ftd>\u003Ctd>超過 100 個專門 AI agents\u003C\u002Ftd>\u003Ctd>找出並驗證可被利用的程式碼問題\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>CyberGym 分數\u003C\u002Ftd>\u003Ctd>96.55%\u003C\u002Ftd>\u003Ctd>顯示近期 benchmark 進展\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Signals\u003C\u002Ftd>\u003Ctd>每天超過 100 兆\u003C\u002Ftd>\u003Ctd>支撐企業級風險偵測\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Agent 365\u003C\u002Ftd>\u003Ctd>超過 20 種 local agent 類型\u003C\u002Ftd>\u003Ctd>追蹤 coding agents、桌面 app、MCP servers\u003C\u002Ftd>\u003C\u002Ftr>\u003C\u002Ftbody>\u003C\u002Ftable>\u003Ch2>Microsoft 先把安全往前搬\u003C\u002Fh2>\u003Cp>Microsoft 的核心意思很簡單。安全不能再放在流程尾端。因為開發者已經用 \u003Ca href=\"\u002Ftag\u002Fai-工具\">AI 工具\u003C\u002Fa>加速產出，安全團隊卻還在追趕更多程式碼、更多 agents、更多資料路徑。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782903772745-9sqj.png\" alt=\"Microsoft Build 2026：先管住 AI 再談加速\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>它的做法也很務實。\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsecurity\u002Fadvanced-security\" target=\"_blank\" rel=\"noopener\">GitHub Code Security\u003C\u002Fa>、\u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fbusiness\u002Fendpoint-security\u002Fmicrosoft-defender-endpoint\" target=\"_blank\" rel=\"noopener\">Microsoft Defender\u003C\u002Fa>、\u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fbusiness\u002Fidentity-access\u002Fmicrosoft-entra\" target=\"_blank\" rel=\"noopener\">Microsoft Entra\u003C\u002Fa>、\u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fbusiness\u002Fendpoint-management\u002Fmicrosoft-intune\" target=\"_blank\" rel=\"noopener\">Microsoft Intune\u003C\u002Fa> 都被拉進來。講白了，就是把安全放到開發者本來就在用的地方。\u003C\u002Fp>\u003Cp>這種思路比「多掃幾次」更有用。因為 AI 會自己生程式碼，也會自己拉起 agents。你如果還用舊式流程，review 只會越積越多，最後誰都不想碰。\u003C\u002Fp>\u003Cul>\u003Cli>MDASH 目前是擴大 preview。\u003C\u002Fli>\u003Cli>GitHub Defender 整合已經一般可用。\u003C\u002Fli>\u003Cli>Agent 365 SDK 已經一般可用。\u003C\u002Fli>\u003Cli>Windows 365 for Agents 已經一般可用。\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>MDASH 想抓的是可利用漏洞，不是雜訊\u003C\u002Fh2>\u003Cp>最有意思的是 \u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fblog\u002F\" target=\"_blank\" rel=\"noopener\">MDASH\u003C\u002Fa>。這個名字是 Microsoft Security multi-model agentic scanning harness。它不是單一模型在掃，而是用一組可配置的模型，從強推理模型到便宜模型都能搭配。\u003C\u002Fp>\u003Cp>Microsoft 說它會協調超過 100 個專門 agents。這些 agents 會去找、去驗證，還會證明一個弱點到底能不能真的被利用。這點很重要。很多資安工具只會報一堆 suspicious \u003Ca href=\"\u002Fnews\u002Fcodex-openai-coding-agent-real-work-zh\">code\u003C\u002Fa>，卻不會告訴你哪個真的會出事。\u003C\u002Fp>\u003Cblockquote>“What Microsoft is building with MDASH reflects a meaningful shift from reactive, rule-based scanning to agentic systems that can reason across complex codebases like a skilled security researcher,” says Kris Burkhardt, Chief Information Security Officer at Accenture.\u003C\u002Fblockquote>\u003Cp>Microsoft 也提到，MDASH 最近在三週內大約上升 10%，CyberGym \u003Ca href=\"\u002Ftag\u002Fbenchmark\">benchmark\u003C\u002Fa> 來到 96.55%。這個數字不差，但更重\u003Ca href=\"\u002Fnews\u002Fdow-agent-network-military-ai-right-move-zh\">要的是\u003C\u002Fa>它開始往產品化走，不是只停在實驗室。\u003C\u002Fp>\u003Cp>還有一個很現實的背景。Microsoft 說它每天處理超過 100 兆 signals。這代表它想把 exploit detection 建在大規模 telemetry 上，不只靠靜態掃描。問題是，訊號再多，最後還是得回到可操作的結果。\u003C\u002Fp>\u003Cul>\u003Cli>MDASH 使用超過 100 個專門 AI agents。\u003C\u002Fli>\u003Cli>它支援多種熱門程式語言。\u003C\u002Fli>\u003Cli>CyberGym 分數是 96.55%。\u003C\u002Fli>\u003Cli>Microsoft 說它每天處理超過 100 兆 signals。\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>Defender 和 GitHub 開始共享 runtime 資訊\u003C\u002Fh2>\u003Cp>另一個很實際的變化，是 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsecurity\u002Fadvanced-security\" target=\"_blank\" rel=\"noopener\">GitHub Code Security\u003C\u002Fa> 跟 \u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fbusiness\u002Fendpoint-security\u002Fmicrosoft-defender-endpoint\" target=\"_blank\" rel=\"noopener\">Microsoft Defender\u003C\u002Fa> 的整合。這部分已經一般可用。它的價值在於，把 production 的訊號帶回開發流程。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782903778620-qtr4.png\" alt=\"Microsoft Build 2026：先管住 AI 再談加速\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>Microsoft 說，漏洞不會再被一視同仁。系統可以加上 runtime 資訊，例如是否對外暴露、資料敏感度高不高。這會直接影響優先順序。對安全團隊來說，這比單看 CVE 編號有用多了。\u003C\u002Fp>\u003Cp>開發者也能接上 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffeatures\u002Fcopilot\" target=\"_blank\" rel=\"noopener\">GitHub Copilot\u003C\u002Fa> Autofix 和 Copilot cloud agent。意思很清楚，找到問題之後，修補也要盡量回到原本的工作流。不要叫工程師再切三個系統，真的會煩死。\u003C\u002Fp>\u003Cp>Microsoft 也補了權限控管。role-based permissions 會把敏感資訊留在該看的人手上。這對企業很重要，因為同一條 pipeline 裡，可能同時有已確認漏洞和待驗證弱點。\u003C\u002Fp>\u003Ch2>agents 開始需要身份、政策和執行邊界\u003C\u002Fh2>\u003Cp>第二個主題是 agents。Microsoft 很明白地把它們當成應用程式的一部分，而不是玩具。既然 agents 會動作、會呼叫工具、會碰資料，那就得有身份、政策和稽核。\u003C\u002Fp>\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fbusiness\u002Fidentity-access\u002Fmicrosoft-entra\" target=\"_blank\" rel=\"noopener\">Agent 365\u003C\u002Fa> 的方向就是這樣。開發者可以把 observability、access controls、compliance checks 直接放進 agent 的設計和部署。這比事後補洞實際得多。\u003C\u002Fp>\u003Cp>Windows 這邊也有控制點。\u003Ca href=\"https:\u002F\u002Flearn.microsoft.com\u002Fen-us\u002Fwindows\u002Fai\u002Fagent-execution-container\u002F\" target=\"_blank\" rel=\"noopener\">Microsoft Execution Container\u003C\u002Fa> SDK 提供 OS 層控制。\u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fwindows-365\u002Fenterprise\u002F\" target=\"_blank\" rel=\"noopener\">Windows 365 for Agents\u003C\u002Fa> 則把 agents 跑在隔離的 Cloud PC 裡。白話一點，就是先把活動範圍關起來。\u003C\u002Fp>\u003Cp>Agent 365 還接上 \u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fbusiness\u002Fendpoint-management\u002Fmicrosoft-intune\" target=\"_blank\" rel=\"noopener\">Intune\u003C\u002Fa> 的 registry。Microsoft 說它能看見超過 20 種 local agent 類型，包括 coding agents、AI 桌面 app，還有本機或遠端 \u003Ca href=\"https:\u002F\u002Fmodelcontextprotocol.io\u002F\" target=\"_blank\" rel=\"noopener\">Model Context Protocol\u003C\u002Fa> servers。這就是在處理 agent sprawl。\u003C\u002Fp>\u003Cul>\u003Cli>Agent 365 SDK 已經一般可用。\u003C\u002Fli>\u003Cli>Registry 可看見超過 20 種 local agent 類型。\u003C\u002Fli>\u003Cli>Windows 365 for Agents 已經一般可用。\u003C\u002Fli>\u003Cli>涵蓋本機與遠端 MCP servers。\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>這場發表的重點是控制，不是炫技\u003C\u002Fh2>\u003Cp>說到底，Microsoft 這次不是在比誰的 AI 更會講話。它在回答一個企業一定會遇到的問題：模型會寫 code，agents 會執行動作，安全工具要怎麼跟上？\u003C\u002Fp>\u003Cp>它的答案是分層控制。MDASH 負責找出可利用性。Defender 和 GitHub Code Security 補 runtime context。Agent 365 管身份和治理。Purview 再去管資料外洩與風險探索。這一整套，就是想讓 AI 開發繼續跑，但不要跑到失控。\u003C\u002Fp>\u003Cp>我覺得這比單純秀模型分數更重要。因為企業最後買單的，不是 demo，而是能不能把風險壓下來。接下來要看的是，MDASH 的準確度能不能持續，Agent 365 會不會真的被大規模採用。\u003C\u002Fp>\u003Cp>如果你在管企業軟體或 AI 平台，現在就該問一個問題：你的 agents 有沒有身份、權限、稽核和隔離？如果答案還不完整，這波大概會逼你補課，而且不會等你慢慢來。\u003C\u002Fp>","Microsoft 在 Build 2026 把安全往前推，從程式碼、agents 到模型都加上治理與偵測。MDASH、Agent 365、Defender 與 GitHub 的整合，重點是把可利用漏洞、權限與資料風險一起管起來。","www.microsoft.com","https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fblog\u002F2026\u002F06\u002F02\u002Fmicrosoft-build-2026-securing-code-agents-and-models-across-the-development-lifecycle\u002F",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782903772745-9sqj.png","industry","zh","2a50a3e6-3552-4dc4-9774-a062f0593447",[17,18,19,20,21,22,23,24],"Microsoft Build 2026","AI security","MDASH","Agent 365","Microsoft Defender","GitHub Code Security","agent governance","model security",[26,27,28],"Microsoft 把安全往前搬，直接插進 code、agents 和 models 的開發流程。","MDASH 主打找出可利用漏洞，不是只掃雜訊，還結合超過 100 個 agents。","Agent 365、Defender、GitHub 的整合，重點是身份、權限、runtime context 和資料控制。",0,"2026-07-01T11:02:29.280907+00:00","2026-07-01T11:02:29.269+00:00","caa87b65-9bbc-46fe-bba8-4f4158dd2d8b",{"tags":34,"relatedLang":37,"relatedPosts":41},[35],{"name":18,"slug":36},"ai-security",{"id":15,"slug":38,"title":39,"language":40},"microsoft-build-2026-securing-code-agents-models-en","Microsoft Build 2026: Securing code, agents, and models","en",[42,48,54,60,66,72],{"id":43,"slug":44,"title":45,"cover_image":46,"image_url":46,"created_at":47,"category":13},"78862c57-6d3f-4761-89ce-20f3f86246bf","bootdev-go-course-turns-syntax-into-services-zh","Boot.dev 的 Go 課程把語法帶到服務層","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782908273465-j8m0.png","2026-07-01T12:17:22.638822+00:00",{"id":49,"slug":50,"title":51,"cover_image":52,"image_url":52,"created_at":53,"category":13},"d4c48f57-3c66-4f40-9b06-76ceec529b87","suse-openchip-risc-v-eu-sovereign-stack-zh","SUSE 和 Openchip 把 RISC-V 變成 EU stack","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782907403535-s085.png","2026-07-01T12:02:56.092615+00:00",{"id":55,"slug":56,"title":57,"cover_image":58,"image_url":58,"created_at":59,"category":13},"9e53719f-5134-4bf1-8fe2-6471ee921eb5","risc-v-hobbyists-open-hardware-obsession-zh","RISC-V 業餘玩家證明了：開放硬體仍獎勵偏執式工程","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782906469131-qew3.png","2026-07-01T11:47:21.427953+00:00",{"id":61,"slug":62,"title":63,"cover_image":64,"image_url":64,"created_at":65,"category":13},"376489b6-f1cf-4e51-94fe-1d6eec955594","5-details-pentagon-agent-network-ai-battle-decisions-zh","5 個細節看懂五角大廈 Agent Network","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782902869112-j6ty.png","2026-07-01T10:47:21.956845+00:00",{"id":67,"slug":68,"title":69,"cover_image":70,"image_url":70,"created_at":71,"category":13},"3fa754ae-c223-4e32-b8ed-f1f922ab60a4","codex-openai-coding-agent-real-work-zh","Codex 的 5 個關鍵模組，先看用途再選入口","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782900170879-xfdo.png","2026-07-01T10:02:22.517262+00:00",{"id":73,"slug":74,"title":75,"cover_image":76,"image_url":76,"created_at":77,"category":13},"29096349-d5d3-47fe-9fac-94b389a947fc","vcs-fund-ai-coding-security-first-zh","VCs 應該投 AI 寫碼，但安全必須先行","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782897471663-d71e.png","2026-07-01T09:17:21.468346+00:00",[79,84,89,94,99,104,109,114,119,124],{"id":80,"slug":81,"title":82,"created_at":83},"ee073da7-28b3-4752-a319-5a501459fb87","ai-in-2026-what-actually-matters-now-zh","2026 AI 真正重要的事","2026-03-26T07:09:12.008134+00:00",{"id":85,"slug":86,"title":87,"created_at":88},"83bd1795-8548-44c9-9a7e-de50a0923f71","trump-ai-framework-power-speech-state-preemption-zh","川普 AI 框架瞄準電力、言論與州權","2026-03-26T07:12:18.695466+00:00",{"id":90,"slug":91,"title":92,"created_at":93},"ea6be18b-c903-4e54-97b7-5f7447a612e0","nvidia-gtc-2026-big-ai-announcements-zh","NVIDIA GTC 2026 重點拆解","2026-03-26T07:14:26.62638+00:00",{"id":95,"slug":96,"title":97,"created_at":98},"4bcec76f-4c36-4daa-909f-54cd702f7c93","claude-users-spreading-out-and-getting-better-zh","Claude 用戶更分散，也更會用","2026-03-26T07:22:52.325888+00:00",{"id":100,"slug":101,"title":102,"created_at":103},"bd903b15-2473-4178-9789-b7557816e535","openclaw-raises-hard-question-for-ai-models-zh","OpenClaw 逼問 AI 模型價值","2026-03-26T07:24:54.707486+00:00",{"id":105,"slug":106,"title":107,"created_at":108},"eeac6b9e-ad9d-4831-8eec-8bba3f9bca6a","gap-google-gemini-checkout-fashion-search-zh","Gap 把結帳搬進 Gemini","2026-03-26T07:28:23.937768+00:00",{"id":110,"slug":111,"title":112,"created_at":113},"0740e53f-605d-4d57-8601-c10beb126f3c","google-pushes-gemini-transition-to-march-2026-zh","Google 把 Gemini 轉換延到 2026 年 3…","2026-03-26T07:30:12.825269+00:00",{"id":115,"slug":116,"title":117,"created_at":118},"e660d801-2421-4529-8fa9-86b82b066990","metas-llama-4-benchmark-scandal-gets-worse-zh","Meta Llama 4 分數風波又擴大","2026-03-26T07:34:21.156421+00:00",{"id":120,"slug":121,"title":122,"created_at":123},"183f9e7c-e143-40bb-a6d5-67ba84a3a8bc","accenture-mistral-ai-sovereign-enterprise-deal-zh","Accenture 攜手 Mistral AI 賣主權 AI","2026-03-26T07:38:14.818906+00:00",{"id":125,"slug":126,"title":127,"created_at":128},"191d9b1b-768a-478c-978c-dd7431a38149","mistral-ai-faces-its-hardest-year-yet-zh","Mistral AI 迎來最硬的一年","2026-03-26T07:40:23.716374+00:00"]