1 comment

[ 1.5 ms ] story [ 13.2 ms ] thread
With the recent 'Sandworm' attack involving AI-generated NPM packages, we're seeing a new supply chain vector: developers asking LLMs for library recommendations and getting hallucinated (but real and malicious) package names.