Large Language Models (LLMs) have a critical “package hallucination” downside that would result in a wave of maliciously-coded packages within the provide chain, researchers have found in one of many largest and most in-depth ever research to research the issue.
It’s so unhealthy, in actual fact, that throughout 30 completely different checks, the researchers discovered that 440,445 (19.7%) of two.23 million code samples they generated experimentally in two of the preferred programming languages, Python and JavaScript, utilizing 16 completely different LLM fashions for Python and 14 fashions for JavaScript, contained references to packages that had been hallucinated.
The multi-university examine, first revealed in June however just lately up to date, additionally generated “a staggering 205,474 unique examples of hallucinated package names, further underscoring the severity and pervasiveness of this threat.”