Фантазии LLM воплощаются в реальности — фальшивые опенсорсные библиотеки

LLM придумывает названия несуществующих библиотек и предлагает разработчикам-вайбкодерам пользоваться ими. Если есть спрос — возникнет и предложение. Вскоре эти библиотеки действительно появляются в реальности , но уже с вредоносным кодом.

https://habr.com/ru/companies/globalsign/articles/946872/

#llm #галлюцинации #slopsquatting #генерация_кода #фальшивки

**Check this out: techno feudalism, chatons, slopsquatting and more (9. 8. 2025)**

• The future is not self-hosted: https://www.drewlyton.com/story/the-future-is-not-self-hosted

(Self-sustainable organic farms (and self-hosted IT stuff) are a nice idea, but they are difficult to maintain in ‘island mode’. Are community owned shared data servers a solution?)

• Chatons: https://www.chatons.org/en/presentation

(Examples of community data servers in France)

• Your first FOSS contribution: https://collaboraonline.github.io/post/easyhacks/

(If you’re masochistic enough to join FOSS development and don’t know where to start, well, you can do it here. A list of open issues that are ‘easy’ solvable.)

• Slopsquatting: https://en.wikipedia.org/wiki/Slopsquatting

(If you’re using LLM for code generation and then you install a non-existing library (that is hosted by the attacker), well, it’s your own fault.)

• Home Assistant and 433Mhz devices: https://www.wswapps.com/books/home-assistant/page/433-mhz-devices

(You want to see what are your neighbours’ devices, like garage opener, up to? )

• Nice fonts – 7 and 14-segment display: https://www.keshikan.net/fonts-e.html

(You never know when you need retro-style display fonts)

• Replace your Windows 10 with Linux, https://endof10.org/

(Windows 10 support is running out soon. Don’t buy a new computer, shoot yourself in the foot with a Linux! You will limp, but you’ll be free from mass-scale espionage.)

• How to detect AI writing: https://en.wikipedia.org/wiki/Wikipedia:Signs_of_AI_writing

(Forget AI detector tools, hoomanz are also able to detect AI slop. Actually, the signs of slop are pretty straight forward. AI sounds like you listened to a hyped ultra positive grifter salesman/politician)

https://blog.rozman.info/check-this-out-techno-feudalism-chatons-slopsquatting-and-more-9-8-2025/

#endof10 #fonts #FOSS #homeassistant #LLM #slopsquatting

"#Slopsquatting is a type of #cybersquatting. It is the practice of registering a non-existent software package name that a large language model (#LLM) may hallucinate in its output, whereby someone unknowingly may copy-paste and install the #software package without realizing it is #fake."

https://en.wikipedia.org/wiki/Slopsquatting

Ok, ich lass mich mal zu einer #Prophezeiung hinreißen.

#Slopsquatting ist ja ein alter Hut.

Aber was haltet ihr von #Slopswatting? Also das gezielte Platzieren von Falschinfos im Internet, sodass AI-aided Policing-Systeme kunkludieren, dass eine bestimmte Person ein ganz gefährlicher Gefährder ist, den man mal hochnehmen sollte?

📢 AI coding tools are creating silent vulnerabilities through "slopsquatting"—where attackers register package names hallucinated by AI.
This attack vector “exploits vibecoding" (using AI without review) and specifically targets less technical developers. 

#AISecurityRisks #Slopsquatting #VibeCoding #SecureCoding #CyberSecurity

https://www.lotharschulz.info/2025/05/12/the-hidden-poison-in-ai-generated-code-how-vibecoding-enables-slopsquatting-attacks/

Curious about the buzzwords shaping the future of AI?

From vibe coding to ‘slopsquatting’, we're breaking down what these mean and their impact on tech and cybersecurity. Check out the latest @sharedsecurity episode for insights!

Watch on YouTube:
https://youtu.be/vi7a9ciHPjg

Listen and subscribe to the podcast!
https://sharedsecurity.net/subscribe

https://sharedsecurity.net/2025/05/05/what-vibe-coding-mcp-and-slopsquatting-reveal-about-the-future-of-ai-development/

#cybersecurity #ai #podcast #vibecoding #slopsquatting #mcp

Researchers have uncovered a new supply chain attack called #Slopsquatting where threat actors exploit hallucinated, non-existent package names generated by #AI coding tools like #GPT4 and #CodeLlama

These believable yet fake packages (amounting to 19.7% or 205,000 packages), recommended in test samples were found to be fakes., can be registered by attackers to distribute malicious code.

Open-source models -- like #DeepSeek and #WizardCoder -- hallucinated more frequently, at 21.7% on average, compared to the commercial ones (5.2%) like GPT 4.

We Have a Package for You! A Comprehensive Analysis of Package Hallucinations
by Code Generating LLMs (PDF) https://arxiv.org/pdf/2406.10279

Ich lese von #vibecoding und #Slopsquatting und und stelle mir vor, wie eine Unzahl von Teens und Erwachsenen sich völlig arglos malware installiert, weil "coder" der KI blind vertrauen.

Naja, zumindest werden wir mit Jakkaru genug zu tun haben... 🤷‍♀️