Vladimir Savić on Nostr: 😔 1. AI code assistant suggest software package dependencies that don't exist to ...
😔
1. AI code assistant suggest software package dependencies that don't exist to developer
2. Malicious actor see that's happening, creates those dependencies
3. Developers use them, following the bad AI advice
4. We're fscked - dependency chain is poisoned and not trustworthy anymore
AI hallucinates software packages and devs download them – even if potentially poisoned with malware
https://www.theregister.com/2024/03/28/ai_bots_hallucinate_software_packages/ #AI #malware #security
Published at
2024-03-28 19:48:47Event JSON
{
"id": "c221a85bc7513753d2070d9e5cb2936a081f7f202d131499520002c2280fbd4c",
"pubkey": "d21cd1857830821310d566c42ec7f5b7ca641c06828a4d55cf469dc1827b81df",
"created_at": 1711651727,
"kind": 1,
"tags": [
[
"t",
"ai"
],
[
"t",
"malware"
],
[
"t",
"security"
],
[
"proxy",
"https://mastodon.social/users/firusvg/statuses/112174807641346548",
"activitypub"
]
],
"content": "😔\n\n1. AI code assistant suggest software package dependencies that don't exist to developer\n\n2. Malicious actor see that's happening, creates those dependencies\n\n3. Developers use them, following the bad AI advice\n\n4. We're fscked - dependency chain is poisoned and not trustworthy anymore\n\nAI hallucinates software packages and devs download them – even if potentially poisoned with malware https://www.theregister.com/2024/03/28/ai_bots_hallucinate_software_packages/ \n\n#AI #malware #security",
"sig": "2330f818d9925de405aabf6d347a7d40da841c31aac75d6d4b4a3018c3473f276cf5d11727f122e5babaec07826fa225778054f4e5063964f5521cb1af0cabfb"
}