Can you trust ChatGPT’s package recommendations?
“* People ask LLMs to write code
LLMs recommend imports that don't actually exist
Attackers work out what these imports' names are, and create & upload them with malicious payloads
People using LLM-written code then auto-add malware themselves”
![](https://kbin.cafe/media/cache/resolve/entry_thumb/d5/0a/d50ab70c012cb600e117eb1ee7971488df91bf023ace7e080e3e07e4ed6fdbae.png)
Add comment