GitHub
Incidents involved as both Developer and Deployer
Incident 2405 Report
GitHub Copilot, Copyright Infringement and Open Source Licensing
2021-06-29
Users of GitHub Copilot can produce source code subject to license requirements without attributing and licensing the code to the rights holder.
MoreIncidents implicated systems
Incident 111837 Report
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers
2021-01-01
North Korean operatives have reportedly used AI-generated identities to secure remote jobs or impersonate employers in order to infiltrate companies. These tactics allegedly support sanctions evasion through wage theft, credential exfiltration, and malware deployment. Workers reportedly use fake resumes, VPNs, and face-altering tools; some deploy malware like OtterCookie after embedding, while others lure targets via spoofed job interviews. AI systems are reportedly used to generate fake resumes, alter profile photos, and assist in real-time responses during video interviews.
MoreIncident 7314 Report
Hallucinated Software Packages with Potential Malware Downloaded Thousands of Times by Developers
2023-12-01
Large language models are reportedly hallucinating software package names, some of which are uploaded to public repositories and integrated into real code. One such package, huggingface-cli, was downloaded over 15,000 times. This behavior enables "slopsquatting," a term coined by Seth Michael Larson of the Python Software Foundation, where attackers register fake packages under AI-invented names and put supply chains at serious risk.
MoreIncident 9502 Report
NullBulge's AI-Powered Malware Allegedly Compromises Disney Employee and Internal Data
2024-07-11
A Disney employee, Matthew Van Andel, reportedly downloaded AI-powered malware allegedly developed by the cybercriminal group NullBulge, resulting in a major cybersecurity breach. Hackers purportedly accessed Disney's Slack system, exposing 44 million internal messages, employee and customer data, and financial records. NullBulge also reportedly leaked Van Andel’s personal financial information, leading to identity theft and his eventual termination.
More