組織

npm (Node.js)

Incidents implicated systems

インシデント 7314 Report
Hallucinated Software Packages with Potential Malware Downloaded Thousands of Times by Developers

2023-12-01

Large language models are reportedly hallucinating software package names, some of which are uploaded to public repositories and integrated into real code. One such package, huggingface-cli, was downloaded over 15,000 times. This behavior enables "slopsquatting," a term coined by Seth Michael Larson of the Python Software Foundation, where attackers register fake packages under AI-invented names and put supply chains at serious risk.

もっと

Entity

Developers using AI-generated suggestions

もっと
Entity

Bar Lanyado

もっと
Entity

OpenAI

もっと
Entity

Google

もっと
Entity

Cohere

もっと
Entity

Meta

もっと
Entity

DeepSeek AI

もっと
Entity

BigScience

もっと
Entity

Developers and businesses incorporating AI-suggested packages

もっと
Entity

Alibaba

もっと
Entity

Organizations that incorporated fake dependencies

もっと
Entity

Software ecosystems

もっと
Entity

Users downstream of software contaminated by hallucinated packages

もっと
Entity

Trust in open-source repositories and AI-assisted coding tools

もっと
Entity

LLM-powered coding assistants

もっと
Entity

ChatGPT 3.5

もっと
Entity

ChatGPT 4

もっと
Entity

Gemini Pro

もっと
Entity

Command

もっと
Entity

LLaMA

もっと
Entity

CodeLlama

もっと
Entity

DeepSeek Coder

もっと
Entity

BLOOM

もっと
Entity

Python Package Index (PyPI)

もっと
Entity

GitHub

もっと
Entity

Google Search / AI Overview

もっと