📄 中文摘要
根据对847个生产AI代理部署的分析,只有不到8%的代理维护行为审计日志,这些日志记录了工具调用序列——即代理在何种环境下使用了何种数据所执行的操作的有序记录。其余92%的代理则在没有可验证执行记录的情况下,向自主系统授予了对文件、API、数据库和网络资源的广泛访问权限。该研究强调了审计的重要性,尤其是在AI系统拥有根权限的情况下,缺乏审计可能导致严重的安全隐患。
你的 AI 代理拥有根权限。为什么没有人审计这一点?
出处: Your AI Agent Has Root Access. Why Does Nobody Audit That?
发布: 2026年3月22日
📄 English Summary
Your AI Agent Has Root Access. Why Does Nobody Audit That?
An analysis of 847 production AI agent deployments revealed that fewer than 8% maintain behavioral audit logs that capture tool call sequences, which document the ordered record of what the agent did, with what data, in what environment. The remaining 92% granted autonomous systems broad access to files, APIs, databases, and network resources without any verifiable execution records. This highlights the critical importance of auditing, especially when AI systems have root access, as the absence of such audits can lead to significant security risks.