Developers using AI-generated suggestions

Incidents involved as Deployer

Incident 7314 Rapports
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

2023-12-01

Large language models have reportedly hallucinated non-existent software package names, some of which were subsequently uploaded to public repositories and incorporated into real codebases. In one case, a package named huggingface-cli, which was purported to have been originally suggested by an AI model, was downloaded more than 15,000 times. This dynamic enables what security researchers have termed "slopsquatting," in which attackers register hallucinated package names and introduce potential malware into software supply chains.

Related Entities

Bar Lanyado

Incidents involved as Deployer

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

OpenAI

Incidents involved as Developer

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

Meta

Incidents involved as Developer

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

Google

Incidents involved as Developer

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

DeepSeek AI

Incidents involved as Developer

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

Cohere

Incidents involved as Developer

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

BigScience

Incidents involved as Developer

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

Users downstream of software contaminated by hallucinated packages

Affecté par des incidents

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

Trust in open-source repositories and AI-assisted coding tools

Affecté par des incidents

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

Software ecosystems

Affecté par des incidents

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

Organizations that incorporated fake dependencies

Affecté par des incidents

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

Developers and businesses incorporating AI-suggested packages

Affecté par des incidents

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

Alibaba

Affecté par des incidents

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

Python Package Index (PyPI)

Incidents implicated systems

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

npm (Node.js)

Incidents implicated systems

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

LLM-powered coding assistants

Incidents implicated systems

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

LLaMA

Incidents implicated systems

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

Google Search / AI Overview

Incidents implicated systems

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

GitHub

Incidents implicated systems

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

Gemini Pro

Incidents implicated systems

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

DeepSeek Coder

Incidents implicated systems

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

Command

Incidents implicated systems

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

CodeLlama

Incidents implicated systems

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

ChatGPT 4

Incidents implicated systems

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

ChatGPT 3.5

Incidents implicated systems

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers

BLOOM

Incidents implicated systems

Incident 731
4 Report
Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers