经济学人精读: AI 驱动的网络安全未来-夜雨聆风

经济学人精读: AI 驱动的网络安全未来

来源: The Economist | May 2, 2026 | A glimpse into cyber-security’s AI-driven future主题: 本文探讨 Black Hat 网络安全大会如何运用 AI 技术防御日益复杂的网络攻击，揭示了 AI 在网络安全领域攻防双方的应用现状与未来趋势。

Paragraph 1

IT TAKES ONLY a brief chat with the organisers of Black Hat Asia to realise this is no ordinary conference. Whereas most professional get-togethers invite their guests to piggyback on the hotel Wi-Fi, Black Hat builds the network for its annual conferences in Las Vegas, London and Singapore from scratch, installing switches, access points, firewalls and monitoring sensors before the conference opens. The Network Operations Centre (NOC) must then defend it in real time from thousands of the world’s best hackers—not just the conference’s adversaries, but also those attending, who are explicitly tasked with attacking its infrastructure.

• organisers: /ˈɔːɡənaɪzəz/ n. 组织者，主办方
• realise: /ˈrɪəlaɪz/ v. 意识到，认识到（英式拼写）
• ordinary: /ˈɔːdnri/ adj. 普通的，平常的
• get-togethers: /ˈɡet təˈɡeðəz/ n. 聚会，集会
• piggyback: /ˈpɪɡibæk/ v. 搭便车，借用
• scratch: /skrætʃ/ n. 从零开始（from scratch 为固定搭配）

只需与 Black Hat Asia 的组织者简单聊上几句，就能意识到这绝非普通会议。大多数专业聚会邀请与会者蹭用酒店 Wi-Fi，而 Black Hat 却为其在拉斯维加斯、伦敦和新加坡的年度大会从零开始搭建网络——在会议开幕前安装交换机、接入点、防火墙和监控传感器。网络运营中心（NOC）必须实时防御来自全球顶尖黑客的数千次攻击——不仅是会议的对手，还包括那些明确被指派攻击其基础设施的与会者。

Paragraph 2

This year’s Singapore edition, held from April 21st to 24th, took place in the shadow of announcements from large tech companies that artificial-intelligence models could now outperform all but the best hackers. Anthropic’s Mythos, for example, the most prominent such model, is already said to have identified severevulnerabilities in “every major operating system and web browser”. For most tech users, this feels like a watershed moment. For those at Black Hat, however, it is confirmation of what they have long seen coming.

• shadow: /ˈʃædəʊ/ n. 阴影，影响（in the shadow of 表示”在…的阴影下”）
• outperform: /ˌaʊtpəˈfɔːm/ v. 超越，胜过…的表现
• prominent: /ˈprɒmɪnənt/ adj. 杰出的，突出的
• severe: /sɪˈvɪə/ adj. 严重的，严峻的
• vulnerabilities: /ˌvʌlnərəˈbɪlətiz/ n. 漏洞，弱点（复数）
• watershed: /ˈwɔːtəʃed/ n. 分水岭，转折点

今年 4 月 21 日至 24 日在新加坡举行的这届大会，举行之际正值大型科技公司宣布人工智能模型现已能超越除顶尖黑客外的所有黑客。Anthropic 的 Mythos 便是此类模型中最突出的代表，据称它已经发现了”所有主流操作系统和网页浏览器”中的严重漏洞。对大多数科技用户而言，这感觉像是一个分水岭时刻。然而，对 Black Hat 的与会者来说，这不过是证实了他们早已预见之事。

Paragraph 3

Defending Black Hat is “orders of magnitude” harder than ordinary corporate cyber-security, says Neil “Grifter” Wyler who has run the NOC for 24 years, all but 6 of which have been alongside his colleague Bart Stump. Indeed, when the head of cyber-security for the Paris Olympics needed a model for his own security-operations centre, he spent a week with the NOC at Black Hat London. Part of the challenge is scale: a typical firm faces one or two attackers at a time whereas Black Hat must deal with thousands, many testing exploits freshly taught by world-class instructors. The other challenge is filtering: the NOC team must allow such coursework to happen while distinguishing it from real attacks.

• magnitude: /ˈmæɡnɪtjuːd/ n. 量级，规模（orders of magnitude 表示”数量级”）
• model: /ˈmɒdl/ n. 模范，样板，模型
• exploits: /ɪkˈsplɔɪts/ n. 漏洞利用程序，攻击手段
• instructors: /ɪnˈstrʌktəz/ n. 讲师，指导者
• filtering: /ˈfɪltərɪŋ/ n. 过滤，筛选
• distinguishing: /dɪˈstɪŋɡwɪʃɪŋ/ v. 区分，辨别（distinguish 的现在分词）

保卫 Black Hat 比普通企业网络安全”难上数个数量级”，这是运营 NOC 长达 24 年的 Neil “Grifter” Wyler 的说法，其中除 6 年外，他一直与同事 Bart Stump 并肩作战。事实上，当巴黎奥运会的网络安全负责人需要为自己安全运营中心寻找样板时，他曾在 Black Hat 伦敦站与 NOC 共事一周。挑战之一在于规模：典型企业一次只面对一两个攻击者，而 Black Hat 必须应对数千人，其中许多人在测试世界级讲师刚刚教授的漏洞利用技术。另一挑战是过滤：NOC 团队必须允许此类教学实践进行，同时将其与真实攻击区分开来。

Paragraph 4

What they see ranges from the trivial to the unsettling. Some of those attending used a weather app that leaked their GPS co-ordinates. Another was feeding their cat remotely through an app that others could have hijacked. Visits were logged to 81 unique adult-website domains.

• trivial: /ˈtrɪviəl/ adj. 琐碎的，微不足道的
• unsettling: /ʌnˈsetlɪŋ/ adj. 令人不安的
• leaked: /liːkt/ v. 泄露（leak 的过去式）

他们观察到的攻击从琐碎小事到令人不安的情况都有。一些与会者使用的天气应用泄露了他们的 GPS 坐标。另一人通过应用远程给猫喂食，而该应用本可能被他人劫持。系统还记录到访问了 81 个不同的成人网站域名。

Paragraph 5

But the same tools that spot compromised pet feeders catch nefarious activity. A few years ago a participant used the conference network to hack a water-treatment facility in America (Messrs Wyler and Stump are cagey about the details). Another hid behind the din of legitimate hacker traffic to attack government websites and payment systems. The NOC team traced him, sent him a message reminding him that doing illegal things from Black Hat was still illegal, then watched him close his laptop and walk away. Hackers on the other side of the world try their luck too. When the registration server was switched on, attacks began at once, including traffic that appeared to originate in Romania. “It would be a feather in their cap to take down Black Hat,” says Mr Wyler.

• compromised: /ˈkɒmprəmaɪzd/ adj. 被入侵的，被攻陷的
• nefarious: /nɪˈfeəriəs/ adj. 邪恶的，不法的
• cagey: /ˈkeɪdʒi/ adj. 守口如瓶的，谨慎的
• din: /dɪn/ n. 喧嚣，嘈杂声
• originate: /əˈrɪdʒɪneɪt/ v. 起源于，来自
• feather in their cap: /ˈfeðə ɪn ðeə kæp/ idiom. 值得骄傲的成就，荣耀

但那些发现被入侵宠物喂食器的同样工具也能捕捉不法活动。几年前，一名与会者利用会议网络入侵了美国一处水处理设施（Wyler 和 Stump 先生对细节守口如瓶）。另一人躲在合法黑客流量的喧嚣背后攻击政府网站和支付系统。NOC 团队追踪到他，发消息提醒他在 Black Hat 做违法的事仍然是违法的，然后看着他合上笔记本电脑离开。世界各地的黑客也前来碰运气。当注册服务器开启时，攻击立刻开始，其中包括看似来自罗马尼亚的流量。”如果能攻破 Black Hat，那将是他们值得骄傲的成就，”Wyler 先生说。

Paragraph 6

The team has used AI to defend the network for years, says Mr Wyler, against bots as well as humans. But the bots are becoming noticeably more skilled. “The problem is that the attacks have gone from taking a week to a day to hours or minutes.” The NOC team has, therefore, built a stack of AI tools to fight fire with fire.

• bots: /bɒts/ n. 机器人程序，自动脚本
• noticeably: /ˈnəʊtɪsəbli/ adv. 明显地，显著地
• stack: /stæk/ n. 堆栈，一套，一系列
• fight fire with fire: /faɪt ˈfaɪə wɪð ˈfaɪə/ idiom. 以火攻火，以牙还牙

Wyler 先生说，团队多年来一直使用 AI 防御网络，对抗的不仅是人类还有机器人程序。但这些机器人程序正变得明显更加熟练。”问题在于攻击耗时已从一周缩短到一天，再到数小时甚至数分钟。”因此，NOC 团队搭建了一套 AI 工具来以牙还牙。

Paragraph 7

Trevor, for example, an AI chatbot, can turn questions written in plain English into code that can navigate the NOC’s complex database. This helps get members of the team, many of whom are freelancers, up to speed more quickly. Another tool monitors the patterns of encrypted beacons—the small, regular check-ins that compromised devices send back to attackers’ servers—and uses machine learning to distinguish them from the millions of legitimate connections the devices make each day.

• chatbot: /ˈtʃætbɒt/ n. 聊天机器人
• plain: /pleɪn/ adj. 简单的，朴素的（plain English 指简明英语）
• navigate: /ˈnævɪɡeɪt/ v. 导航，操作，浏览
• complex: /ˈkɒmpleks/ adj. 复杂的
• freelancers: /ˈfriːlɑːnsəz/ n. 自由职业者
• encrypted: /ɪnˈkrɪptɪd/ adj. 加密的

例如，名为 Trevor 的 AI 聊天机器人可以将用简明英语写就的问题转化为能操作 NOC 复杂数据库的代码。这有助于让团队成员（其中许多是自由职业者）更快上手。另一款工具监控加密信标（即被入侵设备发回攻击者服务器的小型定期签到信号）的模式，并使用机器学习将其与设备每天发出的数百万合法连接区分开来。

Paragraph 8

It was with the help of this tool that the computer of a Taiwanese journalist attending Black Hat was found to have been infected with malware: among the noise of normal traffic, it was making connections to an unfamiliar server at a metronomiccadence, repeating at intervals that no legitimate app would produce.

• infected: /ɪnˈfektɪd/ adj. 被感染的
• malware: /ˈmælweə/ n. 恶意软件
• metronomic: /ˌmetrəˈnɒmɪk/ adj. 像节拍器一样有规律的
• cadence: /ˈkeɪdns/ n. 节奏，韵律
• repeating: /rɪˈpiːtɪŋ/ v. 重复（repeat 的现在分词）

正是在这款工具的帮助下，发现一名与会台湾记者的电脑已被恶意软件感染：在正常流量的噪音中，它正以节拍器般的节奏连接一台陌生服务器，重复间隔是任何合法应用都不会产生的。

Paragraph 9

A third tool makes use of an AI agent to profile every device on the network, flagging unusual behaviour. Once the NOC saw suspicious traffic on the journalist’s laptop, the agent checked clues obtained from the network against information available on the internet to quickly identify the owner. The team used the conference’s registration database to confirm the match before compiling a report and informing both the journalist and his organisation.

• agent: /ˈeɪdʒənt/ n. 代理程序，智能体
• profile: /ˈprəʊfaɪl/ v. 绘制…的轮廓，分析…的特征
• flagging: /ˈflæɡɪŋ/ v. 标记，标示（flag 的现在分词）
• suspicious: /səˈspɪʃəs/ adj. 可疑的
• clues: /kluːz/ n. 线索，提示
• informing: /ɪnˈfɔːmɪŋ/ v. 通知，告知（inform 的现在分词）

第三款工具使用 AI 智能体为网络上每台设备建立档案，标记异常行为。一旦 NOC 发现记者笔记本电脑上的可疑流量，该智能体就会将来自网络的线索与互联网上可获取的信息进行比对，快速识别设备所有者。团队使用会议的注册数据库确认匹配后，编制报告并通知了记者本人及其所属机构。

Paragraph 10

Mr Stump says the NOC has seen a pattern across multiple Black Hat conferences in which Taiwanese participants show up with hacked devices. “Most of [the traffic] goes back to China,” he says. AI-powered attacks by nation-states or cybercriminals are likely to intensify.

• pattern: /ˈpætn/ n. 模式，规律
• hacked: /hækt/ adj. 被黑客入侵的
• cybercriminals: /ˈsaɪbəkrɪmɪnlz/ n. 网络罪犯

Stump 先生说，NOC 在多次 Black Hat 大会中观察到一种模式：台湾与会者带着被入侵的设备出现。”[大部分流量]都回流到中国，”他说。由国家或网络罪犯发起的 AI 驱动攻击可能会加剧。

Paragraph 11

The team thinks the AI race is only beginning. For Mr Wyler, the vulnerabilities discovered by Mythos, including some that have gone undetected for decades, are to be welcomed rather than feared. “We now know they’re there.”

• undetected: /ˌʌndɪˈtektɪd/ adj. 未被发现的

团队认为 AI 竞赛才刚刚开始。对 Wyler 先生而言，Mythos 发现的漏洞（包括一些数十年来未被发现的问题）应该被欢迎而非畏惧。”我们现在知道它们在那里了。”

Paragraph 12

All the same, cautions Mr Stump, the next two years will be turbulent, as more flaws will be uncovered; more breaches will occur as firms feed sensitive data into AI systems; and more insecure code will be written. If that transitional period can be handled responsibly, a new equilibrium may be reached that resembles the one now being left behind. One thing, says Mr Stump, is certain. “In a year there will be a new AI model that makes Mythos look like a toddler with a keyboard.”

• cautions: /ˈkɔːʃnz/ v. 警告，提醒注意（caution 的第三人称单数）
• turbulent: /ˈtɜːbjələnt/ adj. 动荡的，混乱的
• breaches: /briːtʃɪz/ n. 破坏，违反，入侵（复数）
• transitional: /trænˈzɪʃənl/ adj. 过渡的，转变期的
• equilibrium: /ˌiːkwɪˈlɪbriəm/ n. 平衡，均衡
• toddler: /ˈtɒdlə/ n. 学步的幼儿

尽管如此，Stump 先生警告道，未来两年将是动荡的，因为更多漏洞将被发现；更多入侵将发生，因为企业向 AI 系统输入敏感数据；更多不安全的代码将被编写。如果这一过渡期能被负责任地应对，可能会达到一种新的平衡，类似于正在被淘汰的旧平衡。Stump 先生说，有一点是确定的。”一年后，将会出现一款新的 AI 模型，让 Mythos 看起来像是拿着键盘的学步幼儿。”

Reading Comprehension / 阅读理解

Instructions: Choose the best answer (A, B, C, or D) for each question.

1. What makes Black Hat conferences unique compared to ordinary professional conferences?A. They build their own network infrastructure from scratch instead of using hotel Wi-FiB. They invite only government hackers to participateC. They prohibit any form of network attacks during the eventD. They focus exclusively on AI-powered cyber-security tools

2. What can be inferred about the NOC team’s attitude toward AI models like Mythos discovering vulnerabilities?A. They feel threatened and concerned about losing their jobsB. They believe AI models are less effective than human hackersC. They view it as confirmation of expected developments and welcome the knowledgeD. They think these discoveries should be kept secret from the public

3. According to the article, what was one of the challenges the NOC team faced during the conference?A. Finding qualified cybersecurity experts to join their teamB. Distinguishing between legitimate coursework traffic and real attacksC. Convincing participants not to attack the network infrastructureD. Obtaining funding for building the network from scratch

4. In Paragraph 5, what does the phrase “cagey about the details” most likely mean?A. Eager to share all the informationB. Confused about what happenedC. Writing a detailed report about itD. Reluctant to reveal specific information

5. What is the main theme of the article?A. The evolving role of AI in cyber-security defense and offense at Black Hat conferencesB. The history of Black Hat conferences in Las Vegas, London and SingaporeC. A comparison between different AI models used in cyber-securityD. The personal stories of NOC team members Wyler and Stump

Key Expressions / 重点表达

1. orders of magnitude – 数量级，指程度上的巨大差异例句：Defending Black Hat is “orders of magnitude” harder than ordinary corporate cyber-security.
2. fight fire with fire – 以火攻火，以牙还牙，用相同手段反击例句：The NOC team has built a stack of AI tools to fight fire with fire.
3. feather in one’s cap – 值得骄傲的成就，荣耀的标志例句：It would be a feather in their cap to take down Black Hat.
4. up to speed – 跟上进度，了解最新情况，熟练掌握例句：This helps get members of the team up to speed more quickly.
5. from scratch – 从零开始，从头做起例句：Black Hat builds the network for its annual conferences from scratch.

Word Family Trees / 词汇家族树

Word 1: VULNERABILITY

核心词：vulnerability /ˌvʌlnərəˈbɪləti/ n. 漏洞，弱点，脆弱性

词根与词族：这个词来自拉丁语 vulnus（伤口）+ -abilis（能够…的）。词根 vuln- 表示”伤口”，-able/-ible 表示”能够被…的”，-ity 构成名词。因此 vulnerability 字面意思是”能够被伤害的属性”，即脆弱性、弱点。

• vulnerable /ˈvʌlnərəbl/ adj. 脆弱的，易受伤害的，有漏洞的（形容词形式）
• vulnerably /ˈvʌlnərəbli/ adv. 脆弱地，易受攻击地（副词形式）
• invulnerable /ɪnˈvʌlnərəbl/ adj. 无懈可击的，不会受伤害的（in-否定前缀 + vulnerable）

搭配网络：

• security vulnerability 安全漏洞
• software vulnerability 软件漏洞
• vulnerable population 脆弱人群
• vulnerable to attack 易受攻击
• economic vulnerability 经济脆弱性

近义词辨析：

• vulnerability：指系统、结构或人的弱点，可被利用的漏洞（技术/安全语境）
• weakness：泛指弱点，可以是身体、性格或系统上的（更口语化）
• flaw：指设计或性格上的缺陷，通常是固有的

文中例句：“Anthropic’s Mythos… is already said to have identified severe vulnerabilities in ‘every major operating system and web browser’.”

Word 2: DETECT

核心词：detect /dɪˈtekt/ v. 发现，检测，察觉

词根与词族：来自拉丁语 detegere，由 de-（去除）+ tegere（覆盖）组成，字面意思是”揭开覆盖物”，即发现、揭露。词根 tect/teg 与”覆盖”相关（同根词有 protect 保护 = pro-前面 + tect 覆盖，即在前面覆盖以防护）。

• detection /dɪˈtekʃn/ n. 检测，发现（名词形式）
• detective /dɪˈtektɪv/ n./adj. 侦探；侦探的（从事发现/侦查工作的人）
• detector /dɪˈtektə/ n. 探测器，检测器（执行检测的工具）
• undetected /ˌʌndɪˈtektɪd/ adj. 未被发现/检测到的（un-否定前缀 + detected）

搭配网络：

• early detection 早期发现
• detect a problem 发现问题
• fraud detection 欺诈检测
• lie detector 测谎仪
• go undetected 未被察觉

近义词辨析：

• detect：通过观察、分析或技术手段发现（强调过程和方法）
• discover：偶然或经过探索发现原本存在但未知的事物
• notice：注意到，察觉到（强调感官上的觉察）

文中例句：“For Mr Wyler, the vulnerabilities discovered by Mythos, including some that have gone undetected for decades, are to be welcomed rather than feared.”

Answer Key / 答案

1. A 2. C 3. B 4. D 5. A