😔
1. AI code assistant suggest software package dependencies that don't exist to developer
2. Malicious actor see that's happening, creates those dependencies
3. Developers use them, following the bad AI advice
4. We're fscked - dependency chain is poisoned and not trustworthy anymore
AI hallucinates software packages and devs download them – even if potentially poisoned with malware https://www.theregister.com/2024/03/28/ai_bots_hallucinate_software_packages/
#AI #malware #security
Vladimir Savić /
npub16g…45mgn
2024-03-28 19:48:47
Author Public Key
npub16gwdrptcxzppxyx4vmzza3l4kl9xg8qxs29y64w0g6wurqnms80sv45mgnPublished at
2024-03-28 19:48:47Event JSON
{
"id": "c221a85bc7513753d2070d9e5cb2936a081f7f202d131499520002c2280fbd4c",
"pubkey": "d21cd1857830821310d566c42ec7f5b7ca641c06828a4d55cf469dc1827b81df",
"created_at": 1711651727,
"kind": 1,
"tags": [
[
"t",
"ai"
],
[
"t",
"malware"
],
[
"t",
"security"
],
[
"proxy",
"https://mastodon.social/users/firusvg/statuses/112174807641346548",
"activitypub"
]
],
"content": "😔\n\n1. AI code assistant suggest software package dependencies that don't exist to developer\n\n2. Malicious actor see that's happening, creates those dependencies\n\n3. Developers use them, following the bad AI advice\n\n4. We're fscked - dependency chain is poisoned and not trustworthy anymore\n\nAI hallucinates software packages and devs download them – even if potentially poisoned with malware https://www.theregister.com/2024/03/28/ai_bots_hallucinate_software_packages/ \n\n#AI #malware #security",
"sig": "2330f818d9925de405aabf6d347a7d40da841c31aac75d6d4b4a3018c3473f276cf5d11727f122e5babaec07826fa225778054f4e5063964f5521cb1af0cabfb"
}