Computer code generated by AI It is full of references to non -existent libraries of other companies, creating a golden opportunity to attack the supply chain that poisoned justified programs with malicious packages that can steal data, plant and perform other wicked activities, show newly published studies.
In the study, which was used by the 16 most -used models of immense languages to generate 576,000 samples of codes, showed that 440,000 contained packages’ dependencies were “hallucinated”, which means that they did not exist. Open Source models were most hallucinated, and 21 percent of dependence were connected with non -existent libraries. The relationship is an indispensable component of the code, which a separate piece of code requires properly. Relationships Save programmers with the problem of rewriting the code and are an essential part of the state-of-the-art software supply chain.
Hallucination flashback packaging
These non -existent dependencies pose a threat to the software supply chain by tightening the so -called confusion of dependencies. These attacks work, causing a software package access to the wrong relationship of components, for example by publishing a malicious package and giving it the same name as justified, but with a later version of the version. The software that depends on the package, in some cases, will choose a malicious version, not justified, because the former seems fresh.
This form of attack was also known as a confusion demonstrated first In 2021, in Exploit from the concept that made a counterfeit code in networks belonging to some largest companies on the planet, Apple, Microsoft and Tesla. This is one type of technique used in the software supply chain attacks that are aimed at poisoning the software with its source to infect all users below.
“When the attacker publishes a package under the hallucinated name, containing a malicious code, they rely on the model suggesting this name of nothing suspected of users,” Joseph Przewrlen, the University of Texas in San Antonio PH.D. Student and main researcher, said ARS via e -mail. “If the user trusts the LLM output and installs the package without accurate verification, the attitude of the attacker, hidden in a malicious package, will be made in the user system.”
In artificial intelligence, hallucinations occur when LLM produces output data that is actually incorrect, nonsense or completely unrelated to the task that has been assigned. Hallucinations have long LLM because they degrade their usability and credibility and proved to be annoyingly complex to predict and resource. IN paper Planned on the Security Security 2025 symposium, they called the phenomenon “Hallucination of the package”.
In the study, scientists conducted 30 tests, 16 in the programming language in Python and 14 in JavaScript, which generated 19,200 code code samples, a total of 576,000 code samples. Of the 2.23 million references to the packages contained in these samples, 440 445, i.e. 19.7 percent, indicated packages that did not exist. Of these 440,445 Halucinations of Packages 205 474 had unique packet names.
One of the things that causes the hallucinations of packaging potentially useful in the supply chain attacks is that 43 percent of the packaging hallucinations have been repeated over 10 inquiries. “In addition”, the scientists wrote – “58 percent of the time, the hallucinated package is repeated more than once in 10 iterations, which shows that most hallucinations are not simply random mistakes, but a repetitive phenomenon that is kept in many iterations. This is significant, because lasting hallucination is more valuable for brittle acts that can choose this man and make it possible and make it possible and make it possible and make this manage Halacination is more threatened.