黑暗代码
A few months ago, a founder I know had a data leak that took his security team four days to understand. That’s a long time for a CEO to be glued to an incident channel.
几个月前,我认识的一个创始人发生数据泄露,他的安全团队花了四天时间才理解。那对 CEO 来说,盯着事件频道的时间太长了。
Customer data from one tenant was showing up in another tenant’s dashboard. Earlier, a non-technical but high-agency employee had connected a customer data API into a reporting pipeline. An agent in the middle selected steps at runtime, and one of those steps cached results somewhere another service could read.
一个租户的客户数据出现在另一个租户的仪表板中。此前,一位非技术但高能动性的员工将客户数据 API 连接到报告管道中。中间的一个 agent 在运行时选择步骤,其中一个步骤将结果缓存到另一个服务可以读取的位置。
Every individual service stayed within its permissions. Nothing was obviously misconfigured. If you reviewed each component in isolation, you wouldn’t have seen the issue. The path only existed at runtime, assembled by an agent that no longer existed by the time anyone went looking.
每个独立的服务都保持在其权限范围内。没有明显的错误配置。如果你孤立地审查每个组件,你不会发现问题。该路径仅在运行时存在,由一个在任何人查看时已经不存在的 agent 组装而成。
When the security lead tried to answer the most basic question—who did this—they couldn’t. There was a workflow someone had set up, an agent executing it, a chain of tools. You could reconstruct what happened from the logs. You couldn’t cleanly assign it to a single actor.
当安全负责人试图回答最基本的问题——谁干的——时,他们无法回答。有人设置了一个 workflow,一个 agent 在执行它,一连串的工具。你可以从日志中重建发生了什么。但无法干净地将它归因于单个行为者。
I’ve seen versions of this pattern across companies in our portfolio and beyond. The details vary; the structure doesn’t. It’s showing up in the largest organizations too: at Meta, an internal agent bypassed a human review step while still passing identity checks. Salesforce’s Agentforce had a vulnerability in which instructions embedded in a web form could cause the agent to exfiltrate CRM data through a trusted domain.
我在我们投资组合中的公司以及之外的公司中见过这种模式的各种版本。细节各异;结构不变。它也出现在最大的组织中:在 Meta,一个内部代理绕过了人工审查步骤,同时仍通过身份检查。Salesforce 的 Agentforce 有一个漏洞,其中嵌入在 web 表单中的指令可能导致代理通过受信任的域窃取 CRM 数据。
Cross-tenant exposure, supply-chain failures, agent leaks, credentials...