1
I Gave Claude Code the Keys. So Did a Worm.
用真实攻击案例揭示AI助手权限下放的供应链安全风险:OIDC令牌被盗、Sigstore签名伪造,SLSA隔离要求形同虚设。
Three vulnerabilities from the last few months, three different layers of the AI-coding-agent stack, one root cause. None of them is the model getting…