Infosec.Pub

4,716 readers
115 users here now

To support infosec.pub, please consider donating through one of the following services:

Paypal: jerry@infosec.exchange

Ko-Fi: https://ko-fi.com/infosecexchange

Patreon: https://www.patreon.com/infosecexchange

founded 2 years ago

ADMINS

jerry

shellsharks

modbot

Can you trust ChatGPT’s package recommendations? (vulcan.io)

submitted 2 years ago by erlingur@programming.dev to c/programming@programming.dev

13 comments fedilink

From https://twitter.com/llm_sec/status/1667573374426701824

People ask LLMs to write code
LLMs recommend imports that don't actually exist
Attackers work out what these imports' names are, and create & upload them with malicious payloads
People using LLM-written code then auto-add malware themselves

Can you trust ChatGPT’s package recommendations? (vulcan.io)

submitted 2 years ago by activepeople@kbin.social to c/programming@kbin.social

4 comments fedilink

“* People ask LLMs to write code

LLMs recommend imports that don't actually exist
Attackers work out what these imports' names are, and create & upload them with malicious payloads
People using LLM-written code then auto-add malware themselves”

Hijacking hallucinated package dependencies suggested by ChatGPT (vulcan.io)

submitted 2 years ago by Captain to c/ai_infosec

0 comments fedilink