Hacker News new | past | comments | ask | show | jobs | submit login
AI Hallucinations Are Fueling a New Class of Supply Chain Attacks (socket.dev)
31 points by sksxihve 8 days ago | hide | past | favorite | 6 comments





I was talking about this issue with a friend a while ago: If an LLM often hallucinates the same package name for a common problem you could copy an existing library, adapt the API to fit the hallucination, use the same hallucinated name and finally include a backdoor.

reply


"They found that 8.7% of hallucinated Python packages were actually valid npm (JavaScript) packages"

reply


So those package names are not really hallucinated, since the packages actuualy exist?

reply


I’m not sure if you know this, but Python and JavaScript are different languages. Their libraries are different ecosystems, so that’s definitely a hallucination.

reply


Yes, but the names are not hallucinated

They being python is the hallucination- the names exist in its training data

reply


it's two different languages

reply




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: