[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-teampcp-supply-chain-ai-poisoning-zh":3,"article-related-teampcp-supply-chain-ai-poisoning-zh":31,"series-research-faea762d-3f1d-446a-89af-d8278d8eb21f":76},{"id":4,"slug":5,"title":6,"content":7,"summary":8,"source":9,"source_url":10,"author":11,"image_url":12,"cover_image":12,"category":13,"language":14,"translated_content":11,"related_article_id":15,"keywords":16,"key_takeaways":23,"views":27,"created_at":28,"published_at":29,"topic_cluster_id":30},"faea762d-3f1d-446a-89af-d8278d8eb21f","teampcp-supply-chain-ai-poisoning-zh","TeamPCP 供应链投毒升級","\u003Cp data-speakable=\"summary\">安天CERT指出，TeamPCP正借AI把供应链投毒做成批量化、自动化攻击。\u003C\u002Fp>\u003Cp>安天CERT最新分析显示，TeamPCP正在把传统的供应链入侵，改写成更快、更广的批量投毒流程。攻击面从开源包一路延伸到CI\u002FCD流水线、开发者凭证和发布链路，形成连续渗透。\u003C\u002Fp>\u003Cp>这次被点名的行动横跨多个阶段，报告提到团队在8个月内完成多轮更新，并围绕Chalk\u002FDebug、Shai-Hulud、Megalodon、\u003Ca href=\"\u002Fnews\u002Fgoogle-home-speaker-preorder-gemini-first-zh\">Mini\u003C\u002Fa> Shai-Hulud持续调整手法。AI被放进作恶流程后，恶意代码迭代、伪装发布和溯源干扰都明显加速。\u003C\u002Fp>\u003Ctable>\u003Cthead>\u003Ctr>\u003Cth>項目\u003C\u002Fth>\u003Cth>數值\u003C\u002Fth>\u003C\u002Ftr>\u003C\u002Fthead>\u003Ctbody>\u003Ctr>\u003Ctd>攻击程序迭代周期\u003C\u002Ftd>\u003Ctd>8个月内完成多轮更新\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>重点行动\u003C\u002Ftd>\u003Ctd>Chalk\u002FDebug、Shai-Hulud、Megalodon、Mini Shai-Hulud\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>主力生成工具\u003C\u002Ftd>\u003Ctd>\u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002Fclaude\" target=\"_blank\" rel=\"noopener\">Claude 3.5 Sonnet\u003C\u002Fa> + \u003Ca href=\"https:\u002F\u002Fdocs.anthropic.com\u002Fen\u002Fdocs\u002Fclaude-code\" target=\"_blank\" rel=\"noopener\">Claude Code CLI\u003C\u002Fa>\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>辅助模型\u003C\u002Ftd>\u003Ctd>GPT-4o、GPT-4 Turbo\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>可信标准击穿\u003C\u002Ftd>\u003Ctd>SLSA L3\u003C\u002Ftd>\u003C\u002Ftr>\u003C\u002Ftbody>\u003C\u002Ftable>\u003Ch2>发生了什么\u003C\u002Fh2>\u003Cp>报告把TeamPCP的打法概括为“广而快”的投毒模式，而不是过去那种长期潜伏、单点渗透的供应链攻击。攻击者不再只盯一个仓库或一个维护者，而是批量污染开源组件、劫持CI\u002FCD流程、窃取OIDC令牌，再把恶意负载塞进正常发布链路。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782162173285-n712.png\" alt=\"TeamPCP 供应链投毒升級\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>AI在这里不是旁观工具，而是直接参与生成。报告称，\u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002Fclaude\" target=\"_blank\" rel=\"noopener\">Claude\u003C\u002Fa> 3.5 Sonnet与\u003Ca href=\"https:\u002F\u002Fdocs.anthropic.com\u002Fen\u002Fdocs\u002Fclaude-code\" target=\"_blank\" rel=\"noopener\">Claude Code CLI\u003C\u002Fa>被用来产出脚手架、启动脚本和后门逻辑，\u003Ca href=\"https:\u002F\u002Fopenai.com\u002Findex\u002Fgpt-4o-and-gpt-4-turbo\u002F\" target=\"_blank\" rel=\"noopener\">GPT-4o\u003C\u002Fa>负责细化攻击逻辑和混淆代码，\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffeatures\u002Fcopilot\" target=\"_blank\" rel=\"noopener\">Copilot\u003C\u002Fa>则补全局部片段。对攻击者来说，这等于把原本需要手工拼接的链条，压缩成可重复调用的\u003Ca href=\"\u002Fnews\u002Frust-forum-checkins-turn-vague-work-into-plans-zh\">工作\u003C\u002Fa>流。\u003C\u002Fp>\u003Cp>报告还\u003Ca href=\"\u002Fnews\u002Fgithub-open-source-topic-52555-repos-zh\">列出\u003C\u002Fa>几项具体特征：8个月内多轮迭代，Mini Shai-Hulud中劫持TanStack官方CI\u002FCD并窃取OIDC令牌，恶意程序伪装成符合SLSA L3的可信发布产物，通信还被包装成OpenTelemetry遥测接口。换句话说，攻击不只是在“进来”，还在尽量让自己看起来像正常开发活动。\u003C\u002Fp>\u003Cul>\u003Cli>8个月内，TeamPCP完成多轮攻击迭代。\u003C\u002Fli>\u003Cli>Mini Shai-Hulud中，攻击者劫持TanStack官方CI\u002FCD并窃取OIDC令牌。\u003C\u002Fli>\u003Cli>恶意程序可伪装成符合SLSA L3的可信发布产物。\u003C\u002Fli>\u003Cli>通信还被伪装成OpenTelemetry遥测接口，降低识别难度。\u003C\u002Fli>\u003C\u002Ful>\u003Cp>更麻烦的是溯源干扰。报告指出，TeamPCP会用多语种混杂注释、字符倒置加密和误导线索来抬高分析成本。AI在这里同样有用，因为它能快速生成不同版本的伪装文本，让攻击痕迹看起来更像“混乱的开发现场”，而不是刻意设计的入侵链。\u003C\u002Fp>\u003Ch2>为什么重要\u003C\u002Fh2>\u003Cp>对开发团队来说，防线已经不只在仓库权限和包管理器上。CI\u002FCD、云凭证、构建缓存、第三方Action和AI开发工具都可能成为入口，只要一个上游环节被攻陷，恶意代码就能借正常发布流程进入下游项目。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782162175002-zwkn.png\" alt=\"TeamPCP 供应链投毒升級\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>这也解释了为什么供应链安全正在从“单点防护”转向“全链路验证”。SBOM、签名、来源证明和SLSA仍然重要，但TeamPCP案例说明，这些信任标记本身也可能被伪造。开发者接下来要看的，不只是有没有签名，而是签名、流水线、身份和产物之间是否真的一致。\u003C\u002Fp>\u003Cp>对产业来说，这类攻击会把安全成本往上推，因为防守方必须同时处理自动化投毒、AI辅助伪装和快速变种。过去靠人工审查还能抓住一部分异常，现在则需要把检测前移到构建和发布环节，并把遥测、身份验证和制品验证串成一条线。\u003C\u002Fp>\u003Cp>结论很直接：当AI把投毒成本压低、把伪装能力抬高后，开发者要问的不是“有没有恶意包”，而是“哪一层信任已经被污染”。\u003C\u002Fp>","安天CERT指出，TeamPCP正借AI把供应链投毒做成批量化、自动化攻击，目标涵盖开源包、CI\u002FCD与开发者凭证。","zhuanlan.zhihu.com","https:\u002F\u002Fzhuanlan.zhihu.com\u002Fp\u002F2050997231738688260",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782162173285-n712.png","research","zh","7b888d1b-5890-4f27-b580-f8bb958ea5a2",[17,18,19,20,21,22],"TeamPCP","供应链投毒","CI\u002FCD","AI攻击","SLSA","开源安全",[24,25,26],"TeamPCP把供应链攻击做成批量化、自动化流程。","AI被用来生成恶意代码、伪装发布和干扰溯源。","防护重点正在从单点签名转向全链路一致性验证。",0,"2026-06-22T21:02:22.730536+00:00","2026-06-22T21:02:22.728+00:00","0c35a120-52fc-41fc-afa3-d404eb934158",{"tags":32,"relatedLang":35,"relatedPosts":39},[33],{"name":19,"slug":34},"cicd",{"id":15,"slug":36,"title":37,"language":38},"teampcp-supply-chain-ai-poisoning-en","TeamPCP供应链投毒暴露AI攻击升级","en",[40,46,52,58,64,70],{"id":41,"slug":42,"title":43,"cover_image":44,"image_url":44,"created_at":45,"category":13},"e4e8944f-676d-4f8b-823f-2bce38a09587","anthropic-scale-lead-frontier-ai-moat-zh","Anthropic 的規模領先，才是前沿 AI 真正的護城河","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782169366176-b59n.png","2026-06-22T23:02:23.331672+00:00",{"id":47,"slug":48,"title":49,"cover_image":50,"image_url":50,"created_at":51,"category":13},"cfe36fb5-68ec-480a-a9be-04660e360468","ethereum-wikipedia-dev-cheat-sheet-zh","Ethereum 把 Wikipedia 變開發者速查表","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782152293852-4cw2.png","2026-06-22T18:17:49.917842+00:00",{"id":53,"slug":54,"title":55,"cover_image":56,"image_url":56,"created_at":57,"category":13},"f5561869-1184-42a7-a2f6-f952340e9742","anthropic-robodog-test-physical-agentic-ai-zh","Anthropic 的 robodog 測試證明：物理型 agentic AI…","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782136971808-hfbo.png","2026-06-22T14:02:22.26746+00:00",{"id":59,"slug":60,"title":61,"cover_image":62,"image_url":62,"created_at":63,"category":13},"10c48be8-a5e6-4153-87d3-573dd4b2aec4","rootly-benchmark-llama-4-trails-coding-models-zh","Rootly 測試：Llama 4 落後編碼模型","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782086568903-6jm6.png","2026-06-22T00:02:22.337854+00:00",{"id":65,"slug":66,"title":67,"cover_image":68,"image_url":68,"created_at":69,"category":13},"422953c3-97a9-4981-b06b-8a8383bd7419","8tai-jiqiren-bao-shiyan-liucheng-zuo-cheng-bihuan-zh","8台机器人把實驗流程做成閉環","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782073091466-pbxi.png","2026-06-21T20:17:40.866759+00:00",{"id":71,"slug":72,"title":73,"cover_image":74,"image_url":74,"created_at":75,"category":13},"2a17250c-5c06-4d19-ac3b-67d3abe4d7c7","xtragpt-paper-revision-human-ai-collaboration-zh","XtraGPT 讓論文改稿有控制感","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782066792613-enzs.png","2026-06-21T18:32:49.170651+00:00",[77,82,87,92,97,102,107,112,117,122],{"id":78,"slug":79,"title":80,"created_at":81},"f18dbadb-8c59-4723-84a4-6ad22746c77a","deepmind-bets-on-continuous-learning-ai-2026-zh","DeepMind 押注 2026 連續學習 AI","2026-03-26T08:16:02.367355+00:00",{"id":83,"slug":84,"title":85,"created_at":86},"f4a106cb-02a6-4508-8f39-9720a0a93cee","ml-papers-of-the-week-github-research-desk-zh","每週 ML 論文清單，為何紅到 GitHub","2026-03-27T01:11:39.284175+00:00",{"id":88,"slug":89,"title":90,"created_at":91},"c4f807ca-4e5f-47f1-a48c-961cf3fc44dc","ai-ml-conferences-to-watch-in-2026-zh","2026 AI 研討會投稿時程整理","2026-03-27T01:51:53.874432+00:00",{"id":93,"slug":94,"title":95,"created_at":96},"cf046742-efb2-4753-aef9-caed5da5e32e","adaptive-block-scaled-data-types-zh","IF4：神經網路量化的聰明選擇","2026-03-31T06:00:36.990273+00:00",{"id":98,"slug":99,"title":100,"created_at":101},"53a0dc54-0371-4e40-8d5e-74e94a73840c","geometry-aware-similarity-metrics-for-neural-representations-zh","超越距離測量：用微分幾何重新理解神經網路","2026-03-31T06:01:01.241968+00:00",{"id":103,"slug":104,"title":105,"created_at":106},"fee7d472-a775-4b1d-bbc2-1e8bca1bbf8b","on-the-fly-repulsion-in-the-contextual-space-for-rich-divers-zh","讓AI繪圖更有創意：用排斥力提升生成多樣性","2026-03-31T06:01:25.439673+00:00",{"id":108,"slug":109,"title":110,"created_at":111},"a9901203-d69b-447b-8854-15d14eab32b4","vision-aided-beam-prediction-cnn-eca-zh","影像輔助波束預測升級 CNN","2026-04-01T10:00:25.8073+00:00",{"id":113,"slug":114,"title":115,"created_at":116},"b55e7dd4-0a24-4b3d-804d-b0309a03f498","triple-band-fss-mimo-antenna-sub-6-ghz-zh","三頻 FSS MIMO 天線瞄準 sub-6 GHz","2026-04-01T13:18:36.857305+00:00",{"id":118,"slug":119,"title":120,"created_at":121},"f68290bd-e7f3-4b30-ba22-dcd4e0130a66","openclaw-1299-repos-eight-weeks-analysis-zh","OpenClaw 1299 個 Repo 的資料解讀","2026-04-02T05:03:45.208411+00:00",{"id":123,"slug":124,"title":125,"created_at":126},"ed9f80eb-eb02-4d35-8ad4-0ddf428751dd","beam-coherence-aware-combining-mmwave-mimo-zh","毫米波 MIMO 的雙階合併法","2026-04-02T05:27:26.897188+00:00"]