Posted 3/28/2024, 7:01:00 AM
AI Chatbots Trick Developers into Downloading Imaginary Software
- AI chatbots are hallucinating fake software packages that developers are then downloading
- Security researcher Bar Lanyado tested this by creating real packages with names invented by AI
- Thousands downloaded Lanyado's fake "huggingface-cli" Python package
- Major companies like Alibaba have included the fake package in their documentation
- This attack vector could be used to distribute malware, but hasn't yet been exploited by bad actors