Purportedly Hallucinated Software Packages with Potential Malware Reportedly Downloaded Thousands of Times by Developers
December 1, 2023
Large language models have reportedly hallucinated non-existent software package names, some of which were subsequently uploaded to public repositories and incorporated into real codebases. In one case, a package named huggingface-cli, which was purported to have been originally suggested by an AI model, was downloaded more than 15,000 times. This dynamic enables what security researchers have termed "slopsquatting," in which attackers register hallucinated package names and introduce potential malware into software supply chains.
- Alleged deployer
- developers-using-ai-generated-suggestions, bar-lanyado
- Alleged developer
- openai, meta, google, deepseek-ai, cohere, bigscience
- Alleged harmed parties
- users-downstream-of-software-contaminated-by-hallucinated-packages, trust-in-open-source-repositories-and-ai-assisted-coding-tools, software-ecosystems, organizations-that-incorporated-fake-dependencies, developers-and-businesses-incorporating-ai-suggested-packages, alibaba
Source
Data from the AI Incident Database (AIID). Cite this incident: https://incidentdatabase.ai/cite/731
Data source
Incident data is from the AI Incident Database (AIID).
When citing the database as a whole, please use:
McGregor, S. (2021) Preventing Repeated Real World AI Failures by Cataloging Incidents: The AI Incident Database. In Proceedings of the Thirty-Third Annual Conference on Innovative Applications of Artificial Intelligence (IAAI-21). Virtual Conference.
Pre-print on arXiv · Database snapshots & citation guide
We use weekly snapshots of the AIID for stable reference. For the official suggested citation of a specific incident, use the “Cite this incident” link on each incident page.