•

Can you trust ChatGPT’s package recommendations?

https://vulcan.io/blog/ai-hallucinations-package-risk

ChatGPT can offer coding solutions, but its tendency for hallucination presents attackers with an opportunity. Here's what we learned.

People ask LLMs to write code
LLMs recommend imports that don't actually exist
Attackers work out what these imports' names are, and create & upload them with malicious payloads
People using LLM-written code then auto-add malware themselves

•

I quite like this blog post why LLM are bad for software quality in general: https://softwarecrisis.dev/letters/ai-and-software-quality/