The National Internet Emergency Response Center (CNCERT) has issued a warning about certain AI agent skill packages that pose significant security risks. These packages, including those named "LLM jailbreaking" and "crypto-mining for profit," have been publicly disseminated and could lead to serious consequences for users. The "godmode" skill package, for instance, bypasses safety restrictions on large language models, potentially resulting in account suspensions and privacy breaches. Meanwhile, the "Bonero-Miner" package induces AI agents to download cryptocurrency-mining software, risking user involvement in illegal activities such as money laundering.
CNCERT advises users to download skill packages only from official sources and to follow the principle of least privilege. Enterprises are encouraged to implement a whitelist admission mechanism for skills and to manage AI agents with tiered access. The report received technical support from Tencent, VolcEngine, Baidu, NSFOCUS, and Qi An Xin.
CNCERT Warns of AI Skill Packages Posing Jailbreak and Cryptomining Risks
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.