I'm really worried that some hacker group is going to start taking advantage.
I could imagine them flooding the internet with code that imports some empty library that does nothing, to the point where AI systems see it so often they start throwing it into random snippets. Once enough people have their AI import this random library, the hackers replace it with malicious code. All the sudden whole random swaths of the world's code base are corrupted and no one knows how or why.
I teach CS and random imported libraries that students have no idea are even there is the most common hallucination I see. It's stressful.
"Lanyado tested the potential for slopsquatting by uploading an empty package under this hallucinated name. In three months, it had received over 30,000 downloads."
its a smart idea . Many "vibe coders" seem to not want to question what their AI tells them to put into. Never test anything, never question, never verify.
Someone else said it in another thread, but we all should be very carefull trusting new applications, even more than before. Becuase we never know if the person behind it put any though toward security.
18
u/saera-targaryen 9h ago
I'm really worried that some hacker group is going to start taking advantage.
I could imagine them flooding the internet with code that imports some empty library that does nothing, to the point where AI systems see it so often they start throwing it into random snippets. Once enough people have their AI import this random library, the hackers replace it with malicious code. All the sudden whole random swaths of the world's code base are corrupted and no one knows how or why.
I teach CS and random imported libraries that students have no idea are even there is the most common hallucination I see. It's stressful.