Entités

Organizations that incorporated fake dependencies

Affecté par des incidents

Incident 7314 Rapports
Hallucinated Software Packages with Potential Malware Downloaded Thousands of Times by Developers

2023-12-01

Large language models are reportedly hallucinating software package names, some of which are uploaded to public repositories and integrated into real code. One such package, huggingface-cli, was downloaded over 15,000 times. This behavior enables "slopsquatting," a term coined by Seth Michael Larson of the Python Software Foundation, where attackers register fake packages under AI-invented names and put supply chains at serious risk.

Plus

Entity

Developers using AI-generated suggestions

Plus
Entity

Bar Lanyado

Plus
Entity

OpenAI

Plus
Entity

Google

Plus
Entity

Cohere

Plus
Entity

Meta

Plus
Entity

DeepSeek AI

Plus
Entity

BigScience

Plus
Entity

Developers and businesses incorporating AI-suggested packages

Plus
Entity

Alibaba

Plus
Entity

Software ecosystems

Plus
Entity

Users downstream of software contaminated by hallucinated packages

Plus
Entity

Trust in open-source repositories and AI-assisted coding tools

Plus
Entity

LLM-powered coding assistants

Plus
Entity

ChatGPT 3.5

Plus
Entity

ChatGPT 4

Plus
Entity

Gemini Pro

Plus
Entity

Command

Plus
Entity

LLaMA

Plus
Entity

CodeLlama

Plus
Entity

DeepSeek Coder

Plus
Entity

BLOOM

Plus
Entity

Python Package Index (PyPI)

Plus
Entity

npm (Node.js)

Plus
Entity

GitHub

Plus
Entity

Google Search / AI Overview

Plus