Bar Lanyado

Incidents involved as both Developer and Deployer

Incident 7311 Report
Hallucinated Software Packages with Potential Malware Downloaded Thousands of Times by Developers

2023-12-01

Generative AI hallucinated non-existent software packages, which were then created and uploaded (as an experiment) by security researcher Bar Lanyado. One such package, "huggingface-cli," was downloaded over 15,000 times, including by large companies like Alibaba. Regardless of the framing of it as an experiment, this incident is an example of harm caused by AI-generated hallucinations in coding, as the fake packages were still distributed widely and with potential malware.