Codex scraped the ICM website and discovered 2026 Fields Medal winner list
151 points
• 3 days ago
• Article
Link
据报道,2026 年 Fields Medal 获奖者名单因 International Congress of Mathematicians (ICM) 官方网站的一处技术疏漏而提前泄露。有人在大会日程的前端代码中发现了四条隐藏的讲座条目,并通过命令行查询曝光了预期获奖者的姓名。
泄露名单包括数学家 Yu Deng 、 John Pardon 、 Jacob Tsimerman 和 Hong Wang 。值得注意的是,名单中有两位 Peking University 校友——Hong Wang 和 Yu Deng 。如果这些名字在 7 月 23 日得到官方确认,这将成为中国数学史上的重要时刻:首次有两位中国数学家在同一年同时获得这一殊荣。
此外,若 Hong Wang 入选,她将成为历史上第三位获得 Fields Medal 的女性数学家。尽管此次泄露为公众提供了提前线索,但这些荣誉仍需等待本月晚些时候的官方宣布才能最终确认。
The upcoming 2026 Fields Medal recipients have apparently been revealed ahead of schedule due to a technical oversight on the official International Congress of Mathematicians (ICM) website. Four hidden lecture entries were discovered within the front-end code of the event's schedule, exposing the names of the expected winners through a command-line query.
The leaked list includes mathematicians Yu Deng, John Pardon, Jacob Tsimerman, and Hong Wang. This discovery is particularly notable for the inclusion of two alumni from Peking University, Hong Wang and Yu Deng. Should these names be officially confirmed on July 23, it would represent a historic milestone for Chinese mathematics, marking the first time two mathematicians from China have been honored with the prestigious award in the same year.
Furthermore, the inclusion of Hong Wang on the list carries additional significance, as she would become only the third female mathematician in history to receive the Fields Medal. While this leak provides an early glimpse into the event, formal verification of these honors remains pending until the official announcement later this month.
109 comments • Comments Link
• Fields Medal 获奖者名单被泄露,原因是他们的名字出现在前端代码中标注为 "hidden" 的元素里。这样的漏洞反映出业余开发者经常错误配置访问控制—无论用什么工具去发现,问题往往出在基本的开发疏忽上。
• 尽管像 LLMs 这样的自动化工具可以加速发现过程,但这类数据泄露并不是 AI 带来的新风险,而是长期存在的由基础开发失误引发的问题。
• 有关"AI 驱动"安全泄露的媒体叙事常被夸大,把标准的侦察行为渲染成灾难性事件,同时忽视了多数安全缺陷本质上源于人为疏忽。
• Google 会索引未链接、不可猜测的 URL,这一点被广泛怀疑与 Chrome 的数据收集实践有关:已登录用户的浏览历史和导航数据被用作搜索索引的种子信号。
• 反垄断诉讼中的文件显示,Google 确实使用来自 Chrome 的"流行度"信号来影响搜索结果,这加剧了人们对隐私设置无法阻止私人浏览活动被纳入其更大数据生态系统的担忧。
• 现代软件中普遍存在的系统性监控(从浏览器行为追踪到操作系统层面的遥测)让真正的数字隐私难以维系,因为科技公司往往为了改进服务和投放广告而优先采集数据。
• 对发现漏洞的安全研究人员常遭遇不成比例的法律反制,例如把"查看源代码"之类的探索行为按 CFAA 归类为黑客攻击,这持续对负责任披露产生寒蝉效应。
• 商业中的 Pareto spiral 激励公司更注重快速上市而非安全,导致竞争者能靠质量较低的产品生存,从而进一步削弱了构建高度安全、稳健系统所需的投入与努力。
• 关于中文名字"正确"罗马化拼写的争论凸显了西方命名规范与追求文化准确性之间的张力,学术界与个人在命名偏好上存在较大差异。
• 越来越多人认为,人类成就(例如获得 Fields Medal)正进入一个由 AI 辅助研究和共同署名成为常态的时代,这可能改变学术界认可智力贡献的方式。
这些论述反映出公众对数字安全认识的转变:从依赖"隐蔽式安全"的想法,转向接受这样一个现实——几乎所有面向公众的数据,以及许多原本应为私有的数据,正在被自动化系统抓取、记录或索引。共识逐渐明确:根本问题在于以人为本的失败,例如糟糕的网页开发和过度侵入的浏览器遥测,而不是 AI 工具本身的内在危险。最终,这场讨论凸显了对大型科技公司普遍缺乏信任——它们被视为将用户行为系统性地转化为数据资产,使得传统的隐私期望在高度互联、 AI 驱动的环境中显得过时。 • The Fields Medal winners were leaked because their names were included in the front-end code of a website with a "hidden" tag, a vulnerability that mirrors how amateur developers often misconfigure access controls, regardless of the tools used to discover them.
• While modern automation tools like LLMs can accelerate discovery, this type of data exposure is a long-standing issue caused by fundamental development oversights rather than a novel risk created by AI.
• The media narrative surrounding "AI-driven" security leaks is often overblown, framing standard reconnaissance as a catastrophic event while ignoring that the underlying security flaws are frequently the result of human negligence.
• Google's indexing of unlinked, "unguessable" URLs is widely suspected to stem from Chrome's data collection practices, where browsing history and navigation data from signed-in users serve as signals to seed the search index.
• Documented evidence from antitrust proceedings confirms that Google uses "popularity" signals derived from Chrome to influence search, reinforcing concerns that privacy settings do not prevent the ingestion of private browsing activity into their broader data ecosystem.
• The systematic surveillance inherent in modern software—ranging from browser behavior tracking to operating system-level telemetry—makes true digital privacy difficult to maintain, as tech companies prioritize data harvesting for service improvement and advertising.
• Disproportionate legal responses toward security researchers who uncover flaws, such as labeling "view source" exploration as hacking under the CFAA, continue to create a chilling effect on responsible disclosure.
• The "Pareto spiral" in business incentivizes companies to prioritize speed-to-market over security, leading to a landscape where competitors can survive with lower-quality products, further devaluing the effort required to build highly secure, robust systems.
• Arguments regarding the "proper" romanization of Chinese names highlight a broader tension between Western naming conventions and the desire for cultural accuracy, though current academic and personal naming preferences vary widely.
• There is growing sentiment that human achievement, such as earning a Fields Medal, is entering an era where AI-assisted research and co-authorship will become the standard, potentially shifting how the community recognizes intellectual merit.
The discourse reflects a shift in how society perceives digital security, moving from "security through obscurity" toward an acceptance that almost all public-facing data—and much that is intended to be private—is being scraped, logged, or indexed by automated systems. There is a clear consensus that the fundamental issue lies in human-centric failures, such as poor web development and overly invasive browser telemetry, rather than the intrinsic dangers of AI tools. Ultimately, the conversation highlights a pervasive lack of trust in tech giants, who are seen as systematically converting user behavior into data assets, rendering traditional privacy expectations obsolete in a hyper-connected, AI-driven environment.