中国的天府杯骇客竞赛在 2026 年 1 月下旬复办，距离 2023 年后中断已有 3 年，且相较于先前由阿里巴巴、华为等企业主导的届次，国家介入程度更强。该竞赛于 2018 年启动，作为中国在禁止研究人员参与部分国际赛事后的国内替代方案；如今其运作似乎与与公安部相关的实体相连，显示协调模式已在量化上由企业主导转向与警方关联的控制。于 2026 年 2 月 11 日发表的研究指出，今年赛事优先聚焦以人工智慧驱动的漏洞发掘，涵盖行动平台、作业系统、浏览器、云端／资安产品、电子邮件伺服器与即时通讯应用程式等高价值目标。

所引述的证据包含营运保密与参与者揭露：该竞赛网站在中国境外无法存取，且在活动后被移除，降低了外界对结果的可见度。2026年2月2日，安恒资讯（DBAPPSecurity）表示其团队在某项竞赛赛道获得第3名，并使用AI安全代理发现多个漏洞，显示AI已可被量化地整合进攻击型安全研究。文章也报导另一项战时网路通讯发展：据称星链在乌克兰的新白名单系统把俄军前线终端使用降至0，而一个亲俄Telegram频道（追随者超过1.5百万）在声称通讯几近全面丧失后，寻求8.5百万卢布（约110,000美元）用于更换无线电设备。

主要含意是，随著治理走向集中化，漏洞留存风险可能正在上升：若可供修补而被揭露的错误更少、且更多被导入国家管线，利用与揭露之比可能会偏向作战运用，但由于处置规则不透明，确切比率仍未知。关键但书是，对每个已发现缺陷最终流向的证据仍具不确定性；然而，文中将 2024 年安泄漏事件作为支持资料，指出公安部搜集了天府杯漏洞并再分发给承包商。该通讯中更广泛的数值讯号也强化了网路风险升高的态势，包括据报横跨 37 个国家的入侵，以及另一项企业网路冲击造成 386 million 美元损失，显示规模、成本与地缘政治外溢皆呈上升趋势。

China’s Tianfu Cup hacking contest resumed in late January 2026 after a 3-year gap since 2023, with stronger state involvement than in prior editions run by firms such as Alibaba and Huawei. Launched in 2018 as a domestic alternative after China barred researchers from some international events, the competition now appears tied to entities linked to the Ministry of Public Security, signaling a quantitative shift from company-led coordination to police-linked control. Research published on February 11, 2026 highlights that this year’s event prioritized AI-enabled vulnerability discovery across high-value targets including mobile platforms, operating systems, browsers, cloud/security products, email servers, and messaging apps.

Evidence cited includes operational secrecy and participant disclosures: the contest site was inaccessible outside China and then removed after the event, reducing external visibility into outcomes. On February 2, 2026, Anheng Information (DBAPPSecurity) said its teams finished 3rd in one contest track and used an AI security agent to find multiple vulnerabilities, indicating measurable AI integration in offensive-style security research. The article also reports a separate wartime cyber-communications development in which Starlink’s new Ukrainian whitelist system reportedly cut Russian frontline terminal use to 0, with a pro-Russia Telegram channel of more than 1.5 million followers seeking 8.5 million rubles (about $110,000) for replacement radios after claiming near-total communications loss.

The main implication is that vulnerability retention risk may be rising as governance centralizes: if fewer bugs are disclosed for patching and more are routed into state pipelines, the exploit-to-disclosure ratio could tilt toward operational use, though the exact ratio remains unknown because handling rules are opaque. A key caveat is evidentiary uncertainty about each discovered flaw’s final disposition, but the 2024 I-Soon leak is presented as supporting data that MPS collected Tianfu Cup vulnerabilities and redistributed them to contractors. Broader numeric signals across the newsletter reinforce escalating cyber stakes, including reported intrusions spanning 37 nations and a separate corporate cyber impact of $386 million in losses, suggesting a trend of increasing scale, cost, and geopolitical spillover.