{"id":469,"date":"2024-10-02T16:39:39","date_gmt":"2024-10-02T16:39:39","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=469"},"modified":"2024-10-02T16:39:39","modified_gmt":"2024-10-02T16:39:39","slug":"llms-hallucinating-non-existent-developer-packages-could-fuel-supply-chain-attacks","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=469","title":{"rendered":"LLMs hallucinating non-existent developer packages could fuel supply chain attacks"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Large Language Models (LLMs) have a serious \u201cpackage hallucination\u201d problem that could lead to a wave of maliciously-coded packages in the supply chain, researchers have discovered in one of the largest and\u00a0<a href=\"https:\/\/arxiv.org\/html\/2406.10279v2#S5\">most in-depth ever studies<\/a>\u00a0to investigate the problem.<\/p>\n<p>It\u2019s so bad, in fact, that across 30 different tests, the researchers found that 440,445 (19.7%) of 2.23 million code samples they generated experimentally in two of the most popular programming languages, Python and JavaScript, using 16 different LLM models for Python and 14 models for JavaScript, contained references to packages that were hallucinated.<\/p>\n<p><a href=\"https:\/\/www.infoworld.com\/article\/3542884\/large-language-models-hallucinating-non-existent-developer-packages-could-fuel-supply-chain-attacks.html\">Continue reading on InfoWorld.<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Large Language Models (LLMs) have a serious \u201cpackage hallucination\u201d problem that could lead to a wave of maliciously-coded packages in the supply chain, researchers have discovered in one of the largest and\u00a0most in-depth ever studies\u00a0to investigate the problem. It\u2019s so bad, in fact, that across 30 different tests, the researchers found that 440,445 (19.7%) of [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":470,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-469","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/469"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=469"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/469\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/470"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=469"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=469"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=469"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}