Nsfocus(SZ:300369) Lv Meng Ke Ji·2026-01-14 14:02Investment Rating - The report does not explicitly provide an investment rating for the industry or specific companies. Core Insights - The report highlights a new trend where AI security risks are deeply integrated with cloud infrastructure attack surfaces, indicating that attackers are leveraging vulnerabilities like SSRF to exploit AI models for accessing cloud metadata [12] - The report emphasizes the ongoing issues with credential management in DevOps environments, particularly the prevalence of hard-coded keys and supply chain poisoning, which expose significant blind spots in cloud-native asset management [12] - The analysis of ten significant data breach incidents reveals that basic web application attacks and system intrusions are the primary causes of data leaks, with lost and stolen assets also representing a significant portion of incidents [12] Summary by Sections Section 1: Global Data Breach Events Analysis - Event 1: AI startups faced severe risks due to improper cloud asset configuration, leading to the exposure of core credentials and private model data on GitHub, affecting approximately 65% of top AI companies [17] - Event 2: The React2Shell vulnerability (CVE-2025-55182) allowed unauthorized remote code execution in widely used React/Next.js applications, with a potential impact on 40% of cloud environments [26][27] - Event 3: A breach in the third-party ecosystem of Salesforce, involving Gainsight, led to the exposure of data from over 200 companies, highlighting the risks associated with third-party integrations [38][39] - Event 4: A supply chain attack on npm resulted in the leakage of over 500 GitHub usernames and tokens, affecting approximately 400,000 unique keys [50][53] - Event 5: DockerHub revealed that over 10,000 public images leaked sensitive keys, impacting more than 100 companies, including Fortune 500 firms [68][69] - Event 6: A SSRF vulnerability in ChatGPT allowed attackers to access Azure instance metadata, potentially exposing high-privilege OAuth2 tokens [77][81] Section 2: Security Recommendations - The report provides security recommendations targeting social engineering and system intrusion, as well as advice for managing lost and stolen credentials [10]