开源软件运行着几乎所有系统，但多数重要程序仅由单个维护者负责。在1180万个开源项目中，700万个只有一个维护者。最近AI编程工具显著改进，Linux内核维护者等专家注意到AI生成的安全报告质量大幅提升。虽然AI仍无法完全替代程序员，但已能帮助清理旧代码、维护废弃程序和改进现有代码。然而仍存在法律争议、代码质量和维护问题需要解决。

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

IntroductionOn March 31, 2026, Anthropic accidentally exposed the full source code of Claude Code (its flagship ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

It is exactly this backdoor that had Google conclude this was a North Korea-sponsored campaign. GTIG said WAVESHAPER.V2 is an ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

开发者广泛使用的Axios HTTP客户端库这一Java组件最近遭到黑客攻击，通过被入侵的账户分发恶意软件。

Anthropic accidentally exposed over half a million lines of its Claude Code, triggering a rapid global effort to copy and ...

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...

This is the mothership of all code leaks! The code of #ClaudeCode has been leaked! The big deal is that #Anthropic is a ...

Anthropic has exposed Claude Code's source code, with a packaging error triggering a rapid chain reaction across GitHub and ...

最新研究显示，AI编程工具在实际生产环境中的成功率不足23%，远低于基准测试中85%的表现。技术专家警告，AI正被严重过度营销，成本可能是传统系统的10-20倍。研究涵盖57个大语言模型和9种编程语言，发现成功率在不同语言间差异巨大。专家建议企业应寻求真正理解AI优势与局限的专业人士，避免盲目采用导致资源浪费和战略失误。