Aggregator

This is the first post in a series exploring security vulnerabilities in Windsurf. If you are unfamiliar with Windsurf, it is a fork of VS Code and the coding agent is called Windsurf Cascade.

The attack vectors we will explore today allow an adversary during an indirect prompt injection to exfiltrate data from the developer’s machine.

These vulnerabilities are a great example of Simon Willison’s lethal trifecta pattern.

Overall, the security vulnerability reporting experience with Windsurf has not been great. All findings were responsibly disclosed on May 30, 2025, and receipt was acknowledged a few days later. However, all further inquiries regarding bug status or fixes remain unanswered. The recent business disruptions and departure of CEO and core team members certainly put Windsurf in the news.

传统安全运营正面临巨大的挑战，过度依赖专家团队，人力资源和知识有限等问题尤为突出。碳基生命的生理极限决定了在未来网络安全攻防战场，单纯依靠传统安全工具和方法是无法赢得战争的，必须借助当前最前沿的人工智能技术。

本议题将重点分享多个安全运营场景中使用大模型技术改进和增强现有的安全运营工作机制，全面提升安全运营的水准，包括：如果充分发挥智能体、大模型生成能力、编码能力实现几十倍甚至上百倍的运营效率提升。

当然，大模型的应用并非没有挑战，尤其是“幻觉”问题——即大模型在某些情况下可能会做出错误的推理和判断，从而导致误报或漏报。本议题在讨论大模型应用安全运营场景时，还将介绍作者所在团队过去的一些技术尝试，介绍如何克服“幻觉”问题，降低AI出错的概率，让大模型给出更加精准和可靠的决策结果。

通过对这些技术细节的深入分析，旨在帮助与会者理解大模型在安全运营中的实际应用价值，并展望其未来的发展方向。

记录第一次成功完成从电路设计到能正常使用的过程。