Latest in AI

Showing:supply-chainDevelopersClear ×

🔥 Trending today

nvidia6 agentic-ai4 enterprise-ai4 microsoft-build3 rtx-spark3 security3 ai-agent3 fundraising3 ai-agents2 ai-assistant2

Topic

Release New Tool Tutorial Business Paper Benchmark Opinion Regulation

For

General Developers Designers Product Founders Marketing Researchers Students

Fed up with vibe coders, dev sneaks data-nuking prompt injection into code
Ars Technica AI4d agoIncident
Ars Technica reports that a developer frustrated with vibe coders slipped an undisclosed prompt injection into jqwik-related code. The injected text allegedly instructed AI coding agents to delete application output. The incident highlights a new supply-chain risk: source code and project text can become adversarial instructions for agentic coding tools.
Samsung to Build $1.5B Vietnam Chip Testing Plant for AI-Driven Memory Shortage
INSIDE 硬塞 AI6d agoHardware
Samsung is investing $1.5 billion to build its first chip testing plant in Vietnam, aiming to respond to memory supply gaps created by surging AI demand. The report says AI-related demand has crowded out capacity for traditional DRAM and NAND products, creating pressure in legacy memory supply. The move also reflects Samsung’s broader supply-chain diversification strategy amid U.S.-China competition and rising geopolitical risk.
Millions of AI agents imperiled by critical vulnerability in open source package★ 78
Ars Technica AI6d agoIncident
Ars Technica reports that Starlette, a Python package with about 325 million weekly downloads, has a critical vulnerability called BadHost. The flaw can let crafted Host headers confuse request.url.path, potentially bypassing middleware-based path authorization. AI infrastructure using FastAPI or Starlette, including vLLM, LiteLLM, MCP servers, LLM proxies, and agent frameworks, should upgrade Starlette and audit custom middleware.
The memory shortage is causing a repricing of consumer electronics★ 75
Simon Willison's Weblog10d agoBusiness
隨著 AI 資料中心爆發，高頻寬記憶體（HBM）需求大增。由於全球僅剩三大記憶體廠且晶圓總產能固定，HBM 預計在 2026 年底將搶佔 20% 的晶圓產能。由於生產 1GB 的 HBM 所消耗的晶圓是普通 DDR 的三倍以上，這將嚴重擠壓手機與電腦記憶體（LPDDR/DDR）的產量，導致消費性電子產品（尤其是百元美金以下的平價手機）價格上漲。
Shai-Hulud 2.0 Supply Chain Compromise★ 75
Vercel Changelog190d agoIncident
Vercel 於 Changelog 發布關於「Shai-Hulud 2.0」供應鏈妥協事件的安全公告。此類攻擊主要針對開源套件生態系（如 npm），可能影響部署於 Vercel 的應用程式。Vercel 已採取相應防護措施，並提醒開發者審查專案中的第三方依賴項目，鎖定套件版本，以確保建置流程與執行環境的安全。
Hugging Face and JFrog partner to make AI Security more transparent★ 70
Hugging Face Blog455d agoBusiness
Hugging Face 與軟體供應鏈安全領導廠商 JFrog 展開戰略合作。雙方將整合 Hugging Face 的開源模型生態系與 JFrog 的安全平台，讓企業在引進 AI 模型時能進行自動化漏洞掃描與惡意代碼檢測。此舉旨在解決 AI 供應鏈中的安全隱憂，讓 AI 開發流程更加透明且符合企業合規要求。
2024 Security Feature Highlights★ 75
Hugging Face Blog665d agoRelease
Hugging Face 發布 2024 年安全功能亮點，展示其在保護開源 AI 生態系上的多項努力。平台引入了自動化惡意軟體與 Safetensors 安全掃描、敏感金鑰（Secrets）偵測，並與 Sigstore 合作推出模型加密簽章。此外，也強化了細粒度存取權限（Scoped Tokens）與多因素驗證（MFA），為開發者與企業提供更安全可靠的模型託管環境。