Skip Navigation

Hallucinated AI Dependencies as Vectors for Attack

www.theregister.com AI bots hallucinate software packages and devs download them

Simply look out for libraries imagined by ML and make them real, with actual malicious code. No wait, don't do that

AI bots hallucinate software packages and devs download them

Archive Link: https://web.archive.org/web/20240330224149/https://www.theregister.com/2024/03/28/ai_bots_hallucinate_software_packages/

This is fascinating. I've certainly seen AI hallucinating things like imaginary functions in gdscript. Admittedly, it does it a lot more with gpt3 than with gpt4 on a subscription, which is consistent with what 3 vs 4 has access to, but I'm sure the problems apply in a lot of other use cases that might have not had the benefit of more recent documentation.

I suppose it's not surprising that a number of larger entities have been falling prey to this, as they keep trying to inappropriately jam AI into their production lines where it's incapable of doing the job. Pretty clever vulnerability to find, though.

Ultimately, this is probably a good thing for human coders, imo. The more LLMs demonstrate that they're not effective without robust human intervention, the better.

5

You're viewing a single thread.

5 comments