今日已更新 215 条资讯 | 累计 21081 条内容
关于我们

SOC analysts pasting incident data into AI tools for triage and the data handling implications were never in the policy

/u/Only_Helicopter_8127 2026年05月29日 21:07 2 次阅读 来源:Reddit r/artificial

Found this during a routine review. Analysts discovered that pasting alert context into an AI tool cut triage time significantly and started doing it because it worked, which is a reasonable thing to do when you are under pressure to move faster. The problem is that alert context includes internal hostnames, IP ranges, user identities and sometimes partial log data, none of which was supposed to leave the environment. No policy covered it because the productivity gain was not something that had been thought through when the AI use policy was written. Now trying to figure out how to give them a sanctioned version of the same capability without the data handling risk, which is harder than it sounds because the whole point is that the external tool is faster than what we have internally. submitted by /u/Only_Helicopter_8127 [link] [留言]

本文内容来源于互联网,版权归原作者所有
查看原文