Several big businesses have published source code that incorporates a software package previously hallucinated by generative AI.
Not only that but someone, having spotted this reoccurring hallucination, had turned that made-up dependency into a real one, which was subsequently downloaded and installed thousands of times by developers as a result of the AIβs bad advice, weβve learned. If the package was laced with actual malware, rather than being a benign test, the results could have been disastrous.
You are viewing a single thread.
View all comments 9 points
I am lazy too and admittedly have copy pasted code from an LLM but adding a new dependency without looking at a package registry seems crazy to me.
