[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-project-glasswing-mythos-bug-chaining-zh":3,"article-related-project-glasswing-mythos-bug-chaining-zh":33,"series-research-29143a1b-a610-4674-96a5-e3b1695350bd":85},{"id":4,"slug":5,"title":6,"content":7,"summary":8,"source":9,"source_url":10,"author":11,"image_url":12,"cover_image":12,"category":13,"language":14,"translated_content":11,"related_article_id":15,"keywords":16,"key_takeaways":25,"views":29,"created_at":30,"published_at":31,"topic_cluster_id":32},"29143a1b-a610-4674-96a5-e3b1695350bd","project-glasswing-mythos-bug-chaining-zh","Project Glasswing 揭露 Mythos 會串漏洞","\u003Cp data-speakable=\"summary\">\u003Ca href=\"\u002Ftag\u002Fcloudflare\">Cloudflare\u003C\u002Fa> 測試 Mythos Preview 後發現，它能在專門的 harness 裡把小漏洞串成可用 exploit，但前提是流程要切得很細。\u003C\u002Fp>\u003Cp>Cloudflare 把 \u003Ca href=\"https:\u002F\u002Fwww.cloudflare.com\u002F\" target=\"_blank\" rel=\"noopener\">Cloudflare\u003C\u002Fa> 的內部程式庫拿來測。它把 \u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002F\" target=\"_blank\" rel=\"noopener\">Anthropic\u003C\u002Fa> 的 \u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002Fnews\u002Fclaude-opus-4-5\" target=\"_blank\" rel=\"noopener\">Mythos Preview\u003C\u002Fa> 丟進超過 50 個 repo。結果很直接。這模型不只會找 bug，還會把幾個小問題串成可跑的 exploit。\u003C\u002Fp>\u003Cp>說白了，這不是一般的掃描器。它比較像會寫 PoC 的研究助理。可是，這能力只在很窄的流程裡才穩。流程一亂，它就開始亂槍打鳥。\u003C\u002Fp>\u003Ctable>\u003Cthead>\u003Ctr>\u003Cth>Signal\u003C\u002Fth>\u003Cth>Cloudflare 觀察到什麼\u003C\u002Fth>\u003Cth>為什麼重要\u003C\u002Fth>\u003C\u002Ftr>\u003C\u002Fthead>\u003Ctbody>\u003Ctr>\u003Ctd>測試 repo\u003C\u002Ftd>\u003Ctd>超過 50 個\u003C\u002Ftd>\u003Ctd>樣本夠廣，不是單點運氣\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>覆蓋率\u003C\u002Ftd>\u003Ctd>單一 agent 約 0.1%\u003C\u002Ftd>\u003Ctd>單線工作吃不下大 repo\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>模型行為\u003C\u002Ftd>\u003Ctd>能串 primitive 成 exploit\u003C\u002Ftd>\u003Ctd>從找洞走到做證據\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>語言差異\u003C\u002Ftd>\u003Ctd>C \u002F C++ 假陽性更多\u003C\u002Ftd>\u003Ctd>記憶體不安全程式碼更吵\u003C\u002Ftd>\u003C\u002Ftr>\u003C\u002Ftbody>\u003C\u002Ftable>\u003Ch2>Mythos Preview 不是只會掃洞\u003C\u002Fh2>\u003Cp>Cloudflare 的重點很清楚。Mythos Preview 不是只會列出可疑點。它能往下推，試著把漏洞變成可驗證的攻擊路徑。這差很多。因為資安工作本來就分兩段。先找洞，再證明能用。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781254982476-voas.png\" alt=\"Project Glasswing 揭露 Mythos 會串漏洞\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>文章裡提到，模型可以把 use-after-free 這類問題，往 arbitrary read\u002Fwrite 推進。接著再試著碰到 control-flow hijacking。講白了，它不是只說「這裡怪怪的」，而是會動手做證明。\u003C\u002Fp>\u003Cp>它還會寫 code、編譯、跑測試，再看失敗訊息修正。這個循環很像真人研究員在做事。差別只在於，它可以同時跑很多次。這也是它比傳統靜態掃描器更麻煩的地方。\u003C\u002Fp>\u003Cul>\u003Cli>它能把低嚴重度 bug 串成高嚴重度路徑。\u003C\u002Fli>\u003Cli>它能產出 PoC，不只是文字描述。\u003C\u002Fli>\u003Cli>它更像研究員，不像純掃描工具。\u003C\u002Fli>\u003Cli>它會根據失敗結果反覆修正。\u003C\u002Fli>\u003C\u002Ful>\u003Cp>但別誤會。這不代表它每次都對。它只是比早期模型更會往下推。從懷疑走到證據，距離短很多。\u003C\u002Fp>\u003Ch2>拒絕機制有，但不是安全邊界\u003C\u002Fh2>\u003Cp>Cloudflare 也碰到一個很尷尬的點。模型有時會拒絕正常的資安研究請求。就算程式碼沒變，它還是可能翻臉。這種行為很像你問同一題，換個說法就得到不同答案。\u003C\u002Fp>\u003Cp>文中有個例子很直白。模型一開始拒絕做某個專案的漏洞研究。後來只因為環境出現一個無關變更，它又答應了。另一個案例裡，它先找到嚴重 memory bug，接著又拒絕寫示範 exploit。這種不穩定，對資安流程很要命。\u003C\u002Fp>\u003Cblockquote>“Semantically equivalent tasks can produce opposite outcomes depending on how and when they’re presented to the model.”\u003C\u002Fblockquote>\u003Cp>這句話很重要。意思很簡單。光靠模型自己的拒絕規則，不夠當政策層。它比較像訊號，不像防線。你不能指望它自己把風險處理好。\u003C\u002Fp>\u003Cp>所以 Cloudflare 才會一直把研究用途和一般釋出分開看。能找洞、能串洞的模型，外面一定要多一層控制。\u003C\u002Fp>\u003Ch2>真正麻煩的是雜訊，不是輸出量\u003C\u002Fh2>\u003Cp>資安團隊早就知道，找洞不難，難的是判斷哪個洞真的重要。AI 會把這個問題放大。它很會講得像真的，但很多結果根本撐不到人工複查。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781254990979-7984.png\" alt=\"Project Glasswing 揭露 Mythos 會串漏洞\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>Cloudflare 說，這種雜訊在 memory-unsafe 語言裡更明顯。C 和 C++ 本來就比較容易出記憶體錯誤。\u003Ca href=\"\u002Ftag\u002Frust\">Rust\u003C\u002Fa> 則把很多類型的錯誤直接擋在編譯期。兩邊疊在一起，triage 壓力會很煩。\u003C\u002Fp>\u003Cp>另一個問題是，模型很愛講保留字。像是 possibly、potentially、could in theory。這種語氣適合探索，不適合排隊修 bug。因為你的 queue 會被一堆看似合理的猜測塞滿。\u003C\u002Fp>\u003Cul>\u003Cli>C 和 C++ 的假陽性更多。\u003C\u002Fli>\u003Cli>含糊的 finding 會增加人工複查成本。\u003C\u002Fli>\u003Cli>有 PoC 的發現，處理速度通常更快。\u003C\u002Fli>\u003Cli>模型若太愛保守措辭，triage 會很痛苦。\u003C\u002Fli>\u003C\u002Ful>\u003Cp>所以重點不是模型吐了多少結果。重點是它有沒有把證據整理好。這才是能不能進工作流的差別。\u003C\u002Fp>\u003Ch2>單一 coding agent 的形狀不對\u003C\u002Fh2>\u003Cp>Cloudflare 最實際的結論，其實也最沒戲劇性。一般 coding \u003Ca href=\"\u002Ftag\u002Fagent\">agent\u003C\u002Fa> 的設計，適合一個任務一路做到底。可是漏洞研究不是這樣。它是大量小問題、平行跑、反覆驗證。\u003C\u002Fp>\u003Cp>文章提到，一個 agent 面對十萬行等級的 repo，實用覆蓋可能只有 0.1%。這不是模型太爛。是工作型態不合。Context window 一滿，前面的推理就被壓縮掉，前功幾乎白費。\u003C\u002Fp>\u003Cp>Cloudflare 的解法是 harness。這其實就是一個包在模型外面的流程。它會縮小範圍、拆分任務、讓不同 agent 交叉檢查，再把結果送去驗證。這比單純丟一句「幫我找 bug」有效太多。\u003C\u002Fp>\u003Cul>\u003Cli>窄問題，比大而空的 prompt 更準。\u003C\u002Fli>\u003Cli>第二個 agent 能先擋掉噪音。\u003C\u002Fli>\u003Cli>平行任務，比單線長跑更適合大 repo。\u003C\u002Fli>\u003Cli>把「有 bug 嗎」和「能不能打」拆開，推理品質會好很多。\u003C\u002Fli>\u003C\u002Ful>\u003Cp>這也是 Project Glasswing 最有價值的地方。模型很重要，但 workflow 更重要。沒有 wrapper，再強的模型也會亂掉。\u003C\u002Fp>\u003Ch2>這件事對資安團隊的意思\u003C\u002Fh2>\u003Cp>Cloudflare 並沒有說 Mythos Preview 可以取代真人研究員。它說的是，模型已經能做掉一段很重的中間工作。也就是從可疑點，到可驗證證據的那段路。這會改變團隊\u003Ca href=\"\u002Fnews\u002Fproduct-hunt-vibe-coding-tools-2026-zh\">怎麼\u003C\u002Fa>分工。\u003C\u002Fp>\u003Cp>如果你把這篇當成產品測評，就看太小了。\u003Ca href=\"\u002Fnews\u002Fwhat-vibe-coding-means-for-developers-zh\">真正\u003C\u002Fa>的變化在流程。單一 chat prompt 不夠了。現在要的是 pipeline。裡面要有範圍控制、PoC 驗證、拒絕機制、去重和人工複核。\u003C\u002Fp>\u003Cp>我自己的看法很直接。接下來做 AI 輔助資安的團隊，不該再問模型會不會找 bug。該問的是，它能接管研究流程的哪一段，而且錯誤率還能接受。\u003C\u002Fp>\u003Cp>講白了，Project Glasswing 給的答案很現實。不要只看模型強不強。\u003Ca href=\"\u002Fnews\u002Fvibe-coding-lets-you-ship-a-tiny-app-fast-zh\">先把\u003C\u002Fa>外層流程搭好。讓它的答案可以被測、可以被擋、也可以被重跑。這樣才真的能上線。\u003C\u002Fp>\u003Ch2>接下來該怎麼看這類模型\u003C\u002Fh2>\u003Cp>如果你在做資安、平台工程，或 \u003Ca href=\"\u002Ftag\u002Fllm\">LLM\u003C\u002Fa> 工具整合，我會建議先看 harness，不要先看 demo。Demo 很會騙人。Harness 才會告訴你，這模型在真實 repo 裡到底能不能活。\u003C\u002Fp>\u003Cp>下一步很可能不是更大的單一 agent，而是更多小 agent。每個 agent 做一小段。有人找線索，有人驗證，有人專門打回票。這種分工，比一個萬能助手更像真的工作流。\u003C\u002Fp>\u003Cp>你如果問我一句話總結，我會說：Mythos Preview 證明了模型可以串漏洞，但真正決定成果的，是你怎麼包它。這才是 Cloudflare 這篇最值錢的地方。\u003C\u002Fp>","Cloudflare 測試 Mythos Preview 後發現，它能在專門的 harness 裡把小漏洞串成可用 exploit，但前提是流程要切得很細。","blog.cloudflare.com","https:\u002F\u002Fblog.cloudflare.com\u002Fcyber-frontier-models\u002F",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781254982476-voas.png","research","zh","4600c32a-1be2-46f8-9eb5-6ebaa1962324",[17,18,19,20,21,22,23,24],"Mythos Preview","Cloudflare","漏洞研究","AI 資安","exploit chaining","harness","PoC","LLM",[26,27,28],"Mythos Preview 能把小漏洞串成可用 exploit。","單一 agent 不適合大 repo，harness 才是重點。","模型拒絕不等於安全，流程控制還是要靠外層設計。",0,"2026-06-12T09:02:32.008908+00:00","2026-06-12T09:02:32.002+00:00","0c35a120-52fc-41fc-afa3-d404eb934158",{"tags":34,"relatedLang":44,"relatedPosts":48},[35,37,39,40,42],{"name":20,"slug":36},"ai-資安",{"name":17,"slug":38},"mythos-preview",{"name":19,"slug":19},{"name":18,"slug":41},"cloudflare",{"name":21,"slug":43},"exploit-chaining",{"id":15,"slug":45,"title":46,"language":47},"project-glasswing-mythos-bug-chaining-en","Project Glasswing shows Mythos can chain bugs","en",[49,55,61,67,73,79],{"id":50,"slug":51,"title":52,"cover_image":53,"image_url":53,"created_at":54,"category":13},"59cf2061-712e-4a92-b3a7-5bdd8644c5a6","art-fine-tunes-multimodal-llms-via-pixels-zh","用像素微調多模態 LLM","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781266684477-t1np.png","2026-06-12T12:17:31.662347+00:00",{"id":56,"slug":57,"title":58,"cover_image":59,"image_url":59,"created_at":60,"category":13},"e08b8946-29a0-486a-b2c1-b23faf16b441","taxonomy-rwa-tokenization-blockchain-infrastructure-zh","RWA 代幣化的 23 維分類法","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781259482592-9fiv.png","2026-06-12T10:17:30.417901+00:00",{"id":62,"slug":63,"title":64,"cover_image":65,"image_url":65,"created_at":66,"category":13},"34681ebb-0d9d-4988-822a-45b6e5ad46d6","2026-llm-paper-lists-better-than-feeds-zh","2026 年的 LLM 論文清單，比資訊流更適合做研究","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781258570660-0l2n.png","2026-06-12T10:02:16.438561+00:00",{"id":68,"slug":69,"title":70,"cover_image":71,"image_url":71,"created_at":72,"category":13},"8a06c20a-c2d6-4cb0-a35c-69eab7f7f89a","anthropic-ai-building-ai-recursive-self-improvement-zh","Anthropic 自己的數據已經證明：AI 正在幫 AI 進步","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781257685705-1m6f.png","2026-06-12T09:47:24.801004+00:00",{"id":74,"slug":75,"title":76,"cover_image":77,"image_url":77,"created_at":78,"category":13},"ba442703-edfa-4353-b256-db502d94a99e","mana-articulated-tool-manipulation-animation-zh","Mana把工具操作改寫成動畫","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781246882933-bvjm.png","2026-06-12T06:47:29.612828+00:00",{"id":80,"slug":81,"title":82,"cover_image":83,"image_url":83,"created_at":84,"category":13},"6911e614-4894-4f1f-a0ad-816e323793ef","retrieval-augmented-reinforcement-fine-tuning-analogy-zh","RA-RFT 讓模型學會類比推理","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781245983485-miul.png","2026-06-12T06:32:27.726554+00:00",[86,91,96,101,106,111,116,121,126,131],{"id":87,"slug":88,"title":89,"created_at":90},"f18dbadb-8c59-4723-84a4-6ad22746c77a","deepmind-bets-on-continuous-learning-ai-2026-zh","DeepMind 押注 2026 連續學習 AI","2026-03-26T08:16:02.367355+00:00",{"id":92,"slug":93,"title":94,"created_at":95},"f4a106cb-02a6-4508-8f39-9720a0a93cee","ml-papers-of-the-week-github-research-desk-zh","每週 ML 論文清單，為何紅到 GitHub","2026-03-27T01:11:39.284175+00:00",{"id":97,"slug":98,"title":99,"created_at":100},"c4f807ca-4e5f-47f1-a48c-961cf3fc44dc","ai-ml-conferences-to-watch-in-2026-zh","2026 AI 研討會投稿時程整理","2026-03-27T01:51:53.874432+00:00",{"id":102,"slug":103,"title":104,"created_at":105},"cf046742-efb2-4753-aef9-caed5da5e32e","adaptive-block-scaled-data-types-zh","IF4：神經網路量化的聰明選擇","2026-03-31T06:00:36.990273+00:00",{"id":107,"slug":108,"title":109,"created_at":110},"53a0dc54-0371-4e40-8d5e-74e94a73840c","geometry-aware-similarity-metrics-for-neural-representations-zh","超越距離測量：用微分幾何重新理解神經網路","2026-03-31T06:01:01.241968+00:00",{"id":112,"slug":113,"title":114,"created_at":115},"fee7d472-a775-4b1d-bbc2-1e8bca1bbf8b","on-the-fly-repulsion-in-the-contextual-space-for-rich-divers-zh","讓AI繪圖更有創意：用排斥力提升生成多樣性","2026-03-31T06:01:25.439673+00:00",{"id":117,"slug":118,"title":119,"created_at":120},"a9901203-d69b-447b-8854-15d14eab32b4","vision-aided-beam-prediction-cnn-eca-zh","影像輔助波束預測升級 CNN","2026-04-01T10:00:25.8073+00:00",{"id":122,"slug":123,"title":124,"created_at":125},"b55e7dd4-0a24-4b3d-804d-b0309a03f498","triple-band-fss-mimo-antenna-sub-6-ghz-zh","三頻 FSS MIMO 天線瞄準 sub-6 GHz","2026-04-01T13:18:36.857305+00:00",{"id":127,"slug":128,"title":129,"created_at":130},"f68290bd-e7f3-4b30-ba22-dcd4e0130a66","openclaw-1299-repos-eight-weeks-analysis-zh","OpenClaw 1299 個 Repo 的資料解讀","2026-04-02T05:03:45.208411+00:00",{"id":132,"slug":133,"title":134,"created_at":135},"ed9f80eb-eb02-4d35-8ad4-0ddf428751dd","beam-coherence-aware-combining-mmwave-mimo-zh","毫米波 MIMO 的雙階合併法","2026-04-02T05:27:26.897188+00:00"]