2026-06-10 16:51:26 UTC / 路透社
作者:拉斐尔·萨特(Raphael Satter)
2026年6月10日 世界协调时下午4:51 更新,距发布仅8分钟
2024年2月19日的资料插画中,印有“人工智能 AI”字样的电脑与智能手机摆件。路透社/达多·鲁维奇(Dado Ruvic)/插画/资料图
购买授权,打开新标签页
华盛顿6月10日(路透社)——美国网络安全机构周三表示,联邦政府官员如今有三天时间来处理其网络中最严重的各类数字漏洞,这一压缩后的时限在一定程度上源于黑客对人工智能的使用。
这项由网络安全与基础设施安全局(CISA)发布的新指令中设定的时限,要求存在易受攻击软件或设备的民用联邦机构,根据威胁严重程度,在三个日历日内完成修复、禁用或从互联网上移除该漏洞的操作。
用最新法律新闻开启你的清晨:订阅《每日案卷》(The Daily Docket)新闻简报,直达你的收件箱。点击此处注册。
许多网络专家担忧,以Anthropic公司Mythos为代表的新型更先进AI模型,正在大幅提升黑客利用互联网上各类数字漏洞的能力,迫使技术人员几乎在漏洞被发现的同时就必须补上安全漏洞。
“防御方再也耗不起数周时间来修复可能被大规模自动利用的系统漏洞,”美国网络安全局代理 cybersecurity 执行助理主任克里斯·布特拉(Chris Butera)对记者表示。他说,这项指令是“应对新兴AI模型日益增强的能力的初步举措”。
路透社上月率先报道称,美国官员正考虑采用三天时限来处理具有潜在危险的软件漏洞。
即便根据这项新指令,对于严重性较低的漏洞仍有更充裕的处理时间,例如黑客和网络罪犯难以自动化利用的漏洞,或不涉及公开暴露的数字基础设施的漏洞。该指令的附录规定,多数漏洞可在两周内完成修复,最轻微的漏洞类别则可放宽至两个月的处理时限。
拉斐尔·萨特在华盛顿报道;马修·刘易斯(Matthew Lewis)与千住野山(Chizu Nomiyama)编辑
我们的准则:汤森路透信任原则,打开新标签页
US shortens cyber fix window to three days as AI threats rise
2026-06-10 16:51:26 UTC / Reuters
By Raphael Satter
June 10, 2026 4:51 PM UTC Updated 8 mins ago
Figurines with computers and smartphones are seen in front of the words “Artificial Intelligence AI” in this illustration taken, February 19, 2024. REUTERS/Dado Ruvic/Illustration/File Photo Purchase Licensing Rights, opens new tab
WASHINGTON, June 10 (Reuters) – The U.S. cyber defense agency said on Wednesday that government officials now have three days to deal with the most serious categories of digital vulnerabilities in their networks, a compressed timeline that is due in part to hackers’ use of artificial intelligence.
The deadline, which was set in a new directive, opens new tab issued by the Cybersecurity and Infrastructure Security Agency, obligates civilian federal agencies with vulnerable software or equipment to fix, disable, or remove it from the internet within three calendar days, depending on the severity of the threat.
Jumpstart your morning with the latest legal news delivered straight to your inbox from The Daily Docket newsletter. Sign up here.
Many cyber experts worry that new, more advanced AI models along the lines of Anthropic’s Mythos are supercharging hackers’ abilities to take advantage of digital vulnerabilities across the internet, forcing tech workers to plug security holes almost as soon as they are discovered.
“Defenders cannot afford to take weeks to patch systems that can be autonomously exploited en masse,” CISA Acting Executive Assistant Director for Cybersecurity Chris Butera told reporters. He said the directive was “an initial step to counter the increased capabilities of those emerging AI models.”
Reuters first reported last month that U.S. officials were considering the adoption of a three-day deadline to deal with potentially dangerous flaws.
Even under the new directive, there is still more time to deal with less severe weaknesses, such as ones that are not easy for hackers and cybercriminals to automate, or do not concern publicly exposed digital infrastructure. An appendix to the order leaves two weeks to deal with many vulnerabilities and as long as two months for the least serious category of flaw.
Reporting by Raphael Satter in Washington; Editing by Matthew Lewis and Chizu Nomiyama
Our Standards: The Thomson Reuters Trust Principles., opens new tab
发表回复