InfoWorld

Large language models hallucinating non-existent developer packages could fuel supply chain attacks

Large Language Models (LLMs) have a serious “package hallucination” problem that could lead to a wave of maliciously-coded packages in the supply chain, researchers have discovered in one of the ...
WeLiveSecurity

A pernicious potpourri of Python packages in PyPI

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...
CSOonline

Poisoned models in fake Alibaba SDKs show challenges of securing AI supply chains

Fake Alibaba Labs AI SDKs hosted on PyPI included PyTorch models with infostealer code inside. With support for detecting malicious code inside ML models lacking, expect the technique to spread.