Hacker News new | past | comments | ask | show | jobs | submit login
Humans are not perfectly vigilant from Cory Doctorow (pluralistic.net)
27 points by malshe 67 days ago | hide | past | favorite | 3 comments



I was genuinely hoping this article was going to be about training humans to be perfectly vigilant from stories written by Cory Doctorow.


The headline here is generic, but the real TLDR of this article is that a security researcher was able to inject code into thousands of compilation environments by creating a real library that matches the name of a library that is commonly hallucinated in AI-generated code. Apparently many references to the nonexistent library weren't cleaned up by any human in the loop.

This is another interesting supply-chain attack risk that seems fairly novel.

I wonder if we could change the headline to a better summary, like "Malicious code injection when AI hallucinations reference a nonexistent library"? (I tried to submit under that title but got redirected to this existing thread).


That's only the intro to the article and if you want to discuss that you can do so here - https://news.ycombinator.com/item?id=39848657

The article then goes on to make other points about AI and automation.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: