GitHub
Incidents involved as both Developer and Deployer
Incident 2405 Report
GitHub Copilot, Copyright Infringement and Open Source Licensing
2021-06-29
Users of GitHub Copilot can produce source code subject to license requirements without attributing and licensing the code to the rights holder.
MoreIncidents implicated systems
Incident 7314 Report
Hallucinated Software Packages with Potential Malware Downloaded Thousands of Times by Developers
2023-12-01
Large language models are reportedly hallucinating software package names, some of which are uploaded to public repositories and integrated into real code. One such package, huggingface-cli, was downloaded over 15,000 times. This behavior enables "slopsquatting," a term coined by Seth Michael Larson of the Python Software Foundation, where attackers register fake packages under AI-invented names and put supply chains at serious risk.
MoreIncident 9502 Report
NullBulge's AI-Powered Malware Allegedly Compromises Disney Employee and Internal Data
2024-07-11
A Disney employee, Matthew Van Andel, reportedly downloaded AI-powered malware allegedly developed by the cybercriminal group NullBulge, resulting in a major cybersecurity breach. Hackers purportedly accessed Disney's Slack system, exposing 44 million internal messages, employee and customer data, and financial records. NullBulge also reportedly leaked Van Andel’s personal financial information, leading to identity theft and his eventual termination.
More