Alibaba
Incidents involved as both Developer and Deployer
Incident 10012 Report
LLM Scrapers Allegedly Target Multiple Open Source Projects Disrupting the FOSS Ecosystem
2025-03-17
In mid-March 2025, KDE’s GitLab infrastructure was disrupted by aggressive AI web scrapers originating from Alibaba IP ranges. These bots ignored robots.txt and spoofed browser headers, which in turn overwhelmed the site and caused outages for developers. Similar incidents affected other FOSS projects like GNOME, SourceHut, and Fedora. The scraping is tied to large language model training, and reportedly imposes real costs and delays.
MoreIncidents Harmed By
Incident 7314 Report
Hallucinated Software Packages with Potential Malware Downloaded Thousands of Times by Developers
2023-12-01
Large language models are reportedly hallucinating software package names, some of which are uploaded to public repositories and integrated into real code. One such package, huggingface-cli, was downloaded over 15,000 times. This behavior enables "slopsquatting," a term coined by Seth Michael Larson of the Python Software Foundation, where attackers register fake packages under AI-invented names and put supply chains at serious risk.
MoreIncidents involved as Developer
Incident 1072 Report
Chinese Tech Firms Allegedly Developed Facial Recognition to Identify People by Race, Targeting Uyghur Muslims
2018-07-20
Various Chinese firms were revealed by patent applications to have developed facial recognition capable of detecting people by race, which critics feared would enable persecution and discrimination of Uyghur Muslims.
More