Cory DoctorowApr 1, 2024

Here's a fun AI story: a security researcher noticed that large companies' AI-authored source-code repeatedly referenced a nonexistent library (an AI "hallucination"), so he created a (defanged) malicious library with that name and uploaded it, and thousands of developers automatically downloaded and incorporated it as they compiled the code:

https://www.theregister.com/2024/03/28/ai_bots_hallucinate_software_packages/

1/

AI hallucinates software packages and devs download them – even if potentially poisoned with malware

Simply look out for libraries imagined by ML and make them real, with actual malicious code. No wait, don't do that

The Register
Show threaddragosr
@pluralistic that's a lot of clickbait headline and build up for a single simple typo from '-' to '_' - and I've made the same mistake as a human on that exact huggingface cli library. This is just typosquatting rewarmed.
Apr 1, 2024 at 4:59pmWeb