네임스페이스 메뚜기 떼: AI가 잠식한 패키지 저장소의 위기

최근 3년간 RubyGems, npm 등 주요 저장소에 200만 개의 신규 패키지가 등록되었으나, 대다수는 AI가 생성한 저품질의 중복 패키지이거나 이름 선점용이다.

🔗 원문 보기

Фантазии LLM воплощаются в реальности — фальшивые опенсорсные библиотеки

LLM придумывает названия несуществующих библиотек и предлагает разработчикам-вайбкодерам пользоваться ими. Если есть спрос — возникнет и предложение. Вскоре эти библиотеки действительно появляются в реальности , но уже с вредоносным кодом.

https://habr.com/ru/companies/globalsign/articles/946872/

#llm #галлюцинации #slopsquatting #генерация_кода #фальшивки

**Check this out: techno feudalism, chatons, slopsquatting and more (9. 8. 2025)**

• The future is not self-hosted: https://www.drewlyton.com/story/the-future-is-not-self-hosted

(Self-sustainable organic farms (and self-hosted IT stuff) are a nice idea, but they are difficult to maintain in ‘island mode’. Are community owned shared data servers a solution?)

• Chatons: https://www.chatons.org/en/presentation

(Examples of community data servers in France)

• Your first FOSS contribution: https://collaboraonline.github.io/post/easyhacks/

(If you’re masochistic enough to join FOSS development and don’t know where to start, well, you can do it here. A list of open issues that are ‘easy’ solvable.)

• Slopsquatting: https://en.wikipedia.org/wiki/Slopsquatting

(If you’re using LLM for code generation and then you install a non-existing library (that is hosted by the attacker), well, it’s your own fault.)

• Home Assistant and 433Mhz devices: https://www.wswapps.com/books/home-assistant/page/433-mhz-devices

(You want to see what are your neighbours’ devices, like garage opener, up to? )

• Nice fonts – 7 and 14-segment display: https://www.keshikan.net/fonts-e.html

(You never know when you need retro-style display fonts)

• Replace your Windows 10 with Linux, https://endof10.org/

(Windows 10 support is running out soon. Don’t buy a new computer, shoot yourself in the foot with a Linux! You will limp, but you’ll be free from mass-scale espionage.)

• How to detect AI writing: https://en.wikipedia.org/wiki/Wikipedia:Signs_of_AI_writing

(Forget AI detector tools, hoomanz are also able to detect AI slop. Actually, the signs of slop are pretty straight forward. AI sounds like you listened to a hyped ultra positive grifter salesman/politician)

https://blog.rozman.info/check-this-out-techno-feudalism-chatons-slopsquatting-and-more-9-8-2025/

#endof10 #fonts #FOSS #homeassistant #LLM #slopsquatting

"#Slopsquatting is a type of #cybersquatting. It is the practice of registering a non-existent software package name that a large language model (#LLM) may hallucinate in its output, whereby someone unknowingly may copy-paste and install the #software package without realizing it is #fake."

https://en.wikipedia.org/wiki/Slopsquatting

Ok, ich lass mich mal zu einer #Prophezeiung hinreißen.

#Slopsquatting ist ja ein alter Hut.

Aber was haltet ihr von #Slopswatting? Also das gezielte Platzieren von Falschinfos im Internet, sodass AI-aided Policing-Systeme kunkludieren, dass eine bestimmte Person ein ganz gefährlicher Gefährder ist, den man mal hochnehmen sollte?

📢 AI coding tools are creating silent vulnerabilities through "slopsquatting"—where attackers register package names hallucinated by AI.
This attack vector “exploits vibecoding" (using AI without review) and specifically targets less technical developers. 

#AISecurityRisks #Slopsquatting #VibeCoding #SecureCoding #CyberSecurity

https://www.lotharschulz.info/2025/05/12/the-hidden-poison-in-ai-generated-code-how-vibecoding-enables-slopsquatting-attacks/