好的,我现在需要帮用户总结一篇文章,控制在100字以内。用户给的文章挺长的,主要讲的是软件行业和安全运营中心(SOC)中AI生成代码和警报分类的问题,称为“slop”。 首先,我得理解文章的主要内容。文章提到亚马逊因为强制使用AI编码助手导致系统故障,损失了大量订单。接着,同样的问题出现在安全领域,AI生成的警报分类虽然看起来专业,但缺乏深度和准确性,导致安全问题更难被发现。 然后,文章解释了“triage slop”的概念,即AI生成的警报分类虽然看似专业,但实际上不够可靠。这类似于软件开发中的“vibe coding”,即开发者不仔细检查AI生成的代码,导致更多问题。 接下来,文章讨论了初级和高级分析师之间的差异。初级分析师更容易接受AI生成的结果而不做详细检查,而高级分析师则能更好地利用AI工具。这在SOC中也表现出来:当AI工具给出分类结果时,初级分析师可能直接接受而不深入分析。 然后是问题的连锁反应:更多的漏洞代码导致更多警报,增加了分析压力,进而促使更多人依赖未经检查的AI分类结果。这形成一个自我强化的循环。 文章还指出问题的根本原因在于结构上的缺陷:通用LLM缺乏领域知识、静态剧本无法适应上下文、缺乏对AI决策的质量框架。最后介绍了Morpheus AI如何通过专门设计来解决这些问题。 现在我需要将这些要点浓缩到100字以内。要抓住关键点:亚马逊的例子、slop在安全中的影响、原因以及解决方案。 可能的结构是:首先提到亚马逊事件引出slop问题;接着说明在安全中的表现;然后指出原因;最后提到解决方案如Morpheus AI。 确保语言简洁明了,不使用复杂的术语。避免使用用户不需要的专业术语。 最后检查字数是否符合要求,并确保信息准确传达。 </think> 文章指出亚马逊因强制使用AI编码助手导致系统故障后引发关注,“slop”成为2025年新词。类似问题正在影响安全运营中心(SOC),AI生成的警报分类看似专业但缺乏深度和准确性。专家指出初级分析师更易接受未经验证的AI结果,形成自我强化循环。 2026-3-20 23:33:1 Author: securityboulevard.com(查看原文) 阅读量:6 收藏
The software industry has a new word for the torrent of low-quality, AI-generated code flooding production systems: slop. Merriam-Webster named it Word of the Year for 2025. The crisis hit its most visible peak when Amazon, after mandating 80% weekly usage of its AI coding assistant Kiro, suffered a six-hour outage that knocked out checkout, login, and product pricing, costing an estimated 6.3 million orders.
The same failure pattern is now emerging in security operations. And the consequences will be harder to detect.
What Is Triage Slop?
When Andrej Karpathy coined “vibe coding” in February 2025, he described a state where developers “fully give in to the vibes” and forget the code exists. Collins English Dictionary named it Word of the Year. The practice (describing what you want in natural language, accepting whatever the LLM generates, and shipping without review) produced measurable damage: 1.7 times more major issues, up to 2.7 times more XSS vulnerabilities, and a 23.5% increase in production incidents per pull request (CodeRabbit, December 2025).
Triage slop is the SOC equivalent: AI-generated alert classifications, investigation summaries, and response recommendations that look professional but lack the depth, context, and accuracy that security operations demand. The failure mode is identical: an inexperienced operator uses a natural language interface to produce output they cannot critically evaluate.
The Junior-Senior Divide Applies to Analysts Too
Amazon’s experience made the pattern undeniable. Junior and mid-level engineers accepted AI-generated code at high rates without catching subtle flaws. After the outages, Amazon issued a 90-day mandate requiring senior engineer sign-off on all AI-assisted production deployments.
D3 Security observed the same dynamic on our own engineering team during the 24-month development of Morpheus AI. Junior developers produced code that required extensive rework. Senior developers, once they learned to direct the LLM with architectural intent, achieved up to 10 times their normal output.
The parallel to SOC operations is direct. The average enterprise SOC receives over 4,400 alerts per day. Analysts get 70 minutes per full investigation. When an AI tool presents a classification with a confidence score and a professional summary, a Tier-1 analyst under time pressure will accept it, just as a junior developer accepts generated code. The 61% of SOC teams that already report ignoring alerts later confirmed as genuine compromise are about to get a new mechanism for doing so. One wrapped in AI confidence scores.
The Downstream Cascade
These problems are directly connected. On March 18, 2026, the Linux Foundation announced a $12.5 million initiative (backed by Anthropic, AWS, GitHub, Google, Microsoft, and OpenAI) to address the open-source security crisis driven by AI-generated code. The National Vulnerability Database has over 30,000 CVEs backlogged.
More vulnerable code in production means more alerts. More alerts means more pressure on triage systems. More pressure means more temptation to accept AI-generated triage without review. The feedback loop is self-reinforcing.
Why the Problem Is Architectural
Three structural failures produce triage slop:
General-purpose LLMs lack domain knowledge. A general-purpose model can summarize a phishing alert. It cannot trace how a phishing payload transitions to credential theft, how compromised credentials enable lateral movement, or how each stage manifests differently across vendor telemetry. Cisco’s Foundation-sec-8b (an 8-billion parameter cybersecurity-specific model) outperforms general-purpose models nearly 10 times its size on security benchmarks. Domain-specific training data produces domain-specific accuracy.
Static playbooks cannot adapt to context. Most AI-augmented SOAR platforms use LLMs to speed up authoring of the same rigid, pre-authored workflows. A phishing playbook runs the same 15–20 steps whether the target is an intern or the VP of Finance. Adding a natural language interface speeds creation. It does not fix the inability to adapt.
No quality framework for AI triage decisions. In software engineering, code review, automated testing, and CI/CD pipelines catch slop before production. Vibe coding bypasses these gates. Most AI triage products have no equivalent. They classify alerts without exposing reasoning, without validating against ground truth, and without giving analysts a visible framework to assess correctness.
How Morpheus AI Is Built to Prevent Triage Slop
D3 Security built Morpheus AI with the explicit goal of producing triage decisions that withstand scrutiny.
- Purpose-built cybersecurity LLM: 24 months, 60 specialists, trained on security telemetry and attack patterns. Built from the ground up for security, not a general-purpose model with a security prompt.
- Attack Path Discovery on every alert: multi-dimensional correlation across the full security stack that exposes every node, connection, and reasoning step
- Contextual Playbook Generation: bespoke response workflows generated at runtime from evidence, not static templates
- Self-Healing Integrations: autonomous drift detection and remediation across 800+ tools
- Deterministic/Indeterministic Trust Model: every AI decision goes through human validation before earning autonomous execution privileges
- Visible code and reasoning chains: full access to back-end Python code for every AI-generated playbook
- Attack simulation with known ground truth: realistic multi-stage attacks that validate whether the AI discovers complete attack paths
The Question Every Security Leader Should Ask
Does your AI triage platform show you the complete reasoning chain for every decision? Can analysts trace exactly how it reached each conclusion? Does it validate its accuracy against known ground truth?
If the answer to any of these is no, the system is producing triage slop by design. Confident-looking output from a system no one can verify.
The lesson from vibe coding is definitive: the tool’s value depends entirely on the operator’s ability to evaluate what it produces.
See Morpheus AI in Action
Request a live demonstration of Morpheus AI to see how it prevents triage slop in your SOC environment.
Read the Full Resource: SOC Alert Triage Slop: When AI-Generated Security Decisions Follow the Same Path as AI-Generated Code
A comprehensive analysis of how AI coding slop parallels AI triage slop, why the problem is architectural, and how purpose-built cybersecurity AI prevents it.
The post Amazon Lost 6.3 Million Orders to Vibe Coding. Your SOC Is Next. appeared first on D3 Security.
*** This is a Security Bloggers Network syndicated blog from D3 Security authored by Shriram Sharma. Read the original post at: https://d3security.com/blog/amazon-lost-6-million-orders-vibe-coding-soc-next/
如有侵权请联系:admin#unsafe.sh