<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Npm on AI内参</title>
    <link>https://www.neican.ai/tags/npm/</link>
    <description>Recent content in Npm on AI内参</description>
    <generator>Hugo</generator>
    <language>zh-cn</language>
    <lastBuildDate>Thu, 23 Oct 2025 13:10:04 +0800</lastBuildDate>
    <atom:link href="https://www.neican.ai/tags/npm/index.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>AI武器化：NPM供应链攻击敲响数字信任的警钟，CI/CD成博弈新战场</title>
      <link>https://www.neican.ai/insights/ainpmcicd-20251023131004950-0/</link>
      <pubDate>Thu, 23 Oct 2025 13:10:04 +0800</pubDate>
      <guid>https://www.neican.ai/insights/ainpmcicd-20251023131004950-0/</guid>
      <description>近期npm生态系统遭受的AI驱动供应链攻击，如s1ngularity和Shai-Hulud，标志着攻击者正将AI工具和LLM武器化，实现自动化、隐蔽性凭证窃取。这些事件不仅揭示了开源生态信任机制的深层脆弱性，更将持续集成/持续交付（CI/CD）管道推向网络安全博弈的最前沿，预示着AI赋能下数字信任体系面临的严峻挑战与结构性变革。企业亟需重构安全策略，强化AI驱动的防御、零信任原则与CI/CD审计，以应对日益复杂的AI攻击范式。</description>
    </item>
  </channel>
</rss>
