MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
code
Recherche

AI-Generated Code Creates Major Security Risk Through 'Package Hallucinations'

mardi 29 avril 2025, 21:25 , par Slashdot
AI-Generated Code Creates Major Security Risk Through 'Package Hallucinations'
A new study [PDF] reveals AI-generated code frequently references non-existent third-party libraries, creating opportunities for supply-chain attacks. Researchers analyzed 576,000 code samples from 16 popular large language models and found 19.7% of package dependencies -- 440,445 in total -- were 'hallucinated.'

These non-existent dependencies exacerbate dependency confusion attacks, where malicious packages with identical names to legitimate ones can infiltrate software. Open source models hallucinated at nearly 22%, compared to 5% for commercial models. 'Once the attacker publishes a package under the hallucinated name, containing some malicious code, they rely on the model suggesting that name to unsuspecting users,' said lead researcher Joseph Spracklen. Alarmingly, 43% of hallucinations repeated across multiple queries, making them predictable targets.

Read more of this story at Slashdot.
Lire la suite sur Slashdot
https://developers.slashdot.org/story/25/04/29/1837239/ai-generated-code-creates-major-security-risk...

Voir aussi

code Apiiro launches AI-powered risk analysis map for software InfoWorld30 Apr
ai-generated Homeland Security boss says CISA has gone off the rails, vows to set it right TheRegister30 Apr
models SK Telecom Offers SIM Replacements After Major Data Breach Slashdot29 Apr
name India Court Orders Proton Mail Block On Security Grounds Slashdot29 Apr
non-existent Yes, connected accessories are security risks, too ComputerWorld29 Apr
malicious Poor architecture documentation leads to project delays and security risks BetaNews29 Apr
hallucinated Compliance is a major obstacle to data management strategies BetaNews29 Apr
attacks Infosec pros tell Trump to quit bullying Chris Krebs – it's undermining security TheRegister29 Apr
dependencies Security updates for Tuesday LWN.net29 Apr
package Car Subscription Features Raise Your Risk of Government Surveillance, Police Records Show Slashdot29 Apr
through Security updates for Monday LWN.net28 Apr
risk Car Subscription Features Raise Your Risk of Government Surveillance, Police Records Show Wired: Tech.28 Apr
'package What the **** did you put in that code? The client thinks it's a cyberattack TheRegister28 Apr
major Crucial Wii homebrew library contains code stolen from Nintendo, RTEMS OS News27 Apr
hallucinations' Security footage shows teacher bludgeoning "love rival" with wrench BoingBoing26 Apr
security Devs Sound Alarm After Microsoft Subtracts C/C++ Extension From VS Code Forks Slashdot26 Apr
code Signalgate lessons learned: If creating a culture of security is the goal, America is screwed TheRegister26 Apr
ai-generated US wants to nix the EU AI Act’s code of practice, leaving enterprises to develop their own risk standards ComputerWorld26 Apr
models Security updates for Friday LWN.net25 Apr
name Behold the Social Security Administration’s AI Training Video Wired: Tech.25 Apr
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Date Actuelle
mer. 30 avril - 05:56 CEST