You can now run LLMs for software development on consumer-grade PCs. But we’re still a ways off from having Claude at home.

A method for exfiltrating sensitive data from AI-powered code execution environments using domain name system (DNS) queries has been demonstrated by security researchers, highlighting potential risks ...

When you're trying to get the best performance out of Python, most developers immediately jump to complex algorithmic fixes, using C extensions, or obsessively running profiling tools. However, one of ...

DNS flaw in Amazon Bedrock and critical AI vulnerabilities expose data and enable RCE, risking breaches and infrastructure ...

网络安全研究人员披露了一种利用域名系统（DNS）查询从人工智能代码执行环境中窃取敏感数据的新方法。 BeyondTrust公司在周一发布的报告中透露，Amazon Bedrock AgentCore Code Interpreter的沙盒模式允许出站DNS查询，攻击者可以利用这一点启用交互式shell并绕过网络隔离。该问题没有CVE标识符，CVSS评分为7.5分（满分10分）。 Amazon Be ...

【新智元导读】Anthropic发布Cowork新功能Dispatch，用手机即可远程指挥Mac上的Claude执行任务。MacStories实测成功率约50%，但AI Agent从「坐在电脑前用」到「随时随地遥控」的关键一步，已经迈出。 3月17日 ...

安全审计一查，512 个漏洞，其中 8 个是「严重」级别。更离谱的是，有人发现互联网上有超过 2 万个 OpenClaw 实例直接暴露在公网上，API 密钥、OAuth token 全都裸奔。

这个工具比大家熟悉的代码解释器更有优势。以前的 Code Interpreter 只能跑 Python，现在的 Shell Tool 可以说是开了挂。它基于熟悉的 Unix 工具链构建，默认就支持 curl、grep、awk等所有命令行环境的操作，甚至能运行 Go、Java 或 NodeJS。

IntroductionOn March 1, 2026, ThreatLabz observed new activity from a China-nexus threat actor targeting countries in the Persian Gulf region. The activity took place within the first 24 hours of the ...