Ars Technica

AI-generated code could be a disaster for the software supply chain. Here’s why.

AI-generated computer code is rife with references to non-existent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...
Wired

AI Code Hallucinations Increase the Risk of ‘Package Confusion’ Attacks

AI-generated computer code is rife with references to nonexistent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...
Bleeping Computer

Malware found in NPM packages with 1 million weekly downloads

These packages are very popular, with approximately 1,020,000 weekly downloads, making this a massive supply chain attack that could have widespread consequences. The malicious code is heavily ...
Dark Reading

AI Code Tools Widely Hallucinate Packages

The tendency of code-generating large language models (LLMs) to produce completely fictitious package names in response to certain prompts is significantly more widespread than commonly recognized, a ...
Dark Reading

Malicious NPM Packages Disguised With 'Invisible' Dependencies

As poisoned software continues to pop up across the industry, some threat actors have found a way to hide malicious code in npm packages and avoid detection from most security tools. In an blog post ...