SlowMist 与某 CEX 联合发布 AI Agent 安全报告，梳理 Web3 交易七大安全威胁

GateNews

2026-03-18 04:30:41

Gate News 消息，3 月 18 日，SlowMist 与某 CEX 联合发布 AI Agent 安全报告。报告指出，随着 AI Agent 在 Web3 生态中承担行情分析、策略生成及自动化交易等任务，其攻击面正在扩大。报告系统梳理了七大安全威胁：提示词注入攻击可操控 Agent 决策逻辑；Skills/插件生态存在供应链投毒风险，SlowMist 在 OpenClaw 插件中心 ClawHub 中发现超 400 个恶意 Skill 样本，呈现团伙化批量攻击特征；任务编排层可被篡改关键参数导致异常执行；IDE/CLI 环境中的敏感信息可能被恶意插件外发；模型幻觉可能在链上操作中引发不可逆资金损失；Web3 高价值操作的不可逆性放大了自动化风险；高权限执行可能导致系统级风险。该 CEX 安全团队从实践角度提出防护建议，包括启用 Passkey 无密码登录和双重验证、遵循最小权限原则配置 API Key 并绑定 IP 白名单、通过子账号隔离机制限制潜在损失上限、建立持续交易监控与异常检测体系，以及仅安装经官方审核的 Skill。SlowMist 同时提出 L1 至 L5 五层安全治理框架，覆盖从开发基线、权限收敛、威胁感知、链上风险分析到持续巡检的完整防护体系。

Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to Disclaimer.

Commento

0/400

Nessun commento