Amazon(US:AMZN) 机器之心·2025-09-11 03:36Core Insights - The article discusses the emerging role of AI in cybersecurity, particularly through the development of large models that can simulate attacks and identify vulnerabilities without causing harm [2][3] - Amazon AWS AI's Q Developer team has introduced two innovative methods for training cybersecurity models: Cyber-Zero and CTF-Dojo, marking a shift from general tasks to the frontline of cybersecurity [3][9] Summary by Sections Cyber-Zero - Cyber-Zero focuses on generating high-quality training data without relying on real runtime environments, utilizing existing knowledge and language modeling to create behavior trajectories [10][11] - The method extracts key steps from public CTF competition writeups, allowing the model to simulate interactions between attackers and defenders in a safe, text-based environment [11][13] - Experimental results indicate that Cyber-Zero can produce diverse and effective training data, achieving comparable or superior performance in vulnerability detection and attack path reasoning compared to real environment-generated data [13][15] CTF-Dojo - CTF-Dojo provides a real operational environment for AI models to execute commands, interact with systems, and discover vulnerabilities, complementing the virtual training offered by Cyber-Zero [16][19] - The team developed CTF-Forge, a tool that automates the setup of CTF challenges, significantly reducing the time and labor required to create a stable operating environment for large language models [16][19] - The dataset for CTF-Dojo includes 658 independent task instances from top-tier CTF competitions, covering various categories such as web vulnerabilities and binary exploitation [19][21] Performance Evaluation - Models trained using CTF-Dojo demonstrated significant improvements in benchmark tasks, with the best-performing model achieving an absolute increase of 11.6% on the En IGM A+ benchmark [22][24] - The results highlight the scalability and effectiveness of using real execution data to enhance the performance of cybersecurity models, suggesting a pathway for AI to approach human-level capabilities in ethical hacking [24][26] Future Implications - The integration of Cyber-Zero and CTF-Dojo creates a comprehensive training and operational framework for AI in cybersecurity, addressing both data generation and practical application challenges [26][27] - The potential applications of AI white-hat hackers include automated code scanning, vulnerability discovery, and personalized training in educational settings, indicating a broad future impact [27][28] - However, the dual-use nature of this technology raises concerns about its potential misuse for offensive purposes, necessitating discussions on balancing accessibility with security [28][29]