The analysis of codogenic neural networks revealed an unexpected problem: models “invent” non -existing software components, open meshes for cyber attacks. Researchers from the University of Texas in San Antonio checked 576 thousand fragments of code made by 16 popular AI models, including GPT-4 and Claude. In 19.7% of the cases, algorithms referred to fictional libraries – only 440 thousand incorrect dependencies.
Attackers can register packages with names that AI often generates by accident and fill them with malignant code. When the developers establish such components without checking their authenticity, the malignant program is activated. In the experiment, test packages with fictional names have downloaded tens of thousands of times.
Details of the study:
- Open code -algorithms (Codellama, Deepseek) were since – in 22% of the cases – 4 times more than commercial analogues (5%). Scientists associate this with the size of models: Commercial AI has 10 times more parameters.
- JavaScript is more vulnerable to Python: in the first 21% errors, in the second – 16%. The reason is 10 times more packages in the JS transist, which makes the selection of the right names for neuralates more difficult.
- Error -Herhaleability: 43% of the “Hallucinations” performed at least 10 times. This simplifies attacks – hackers do not have to guess, it is enough to follow frequent “typing errors” AI.
With the dependency confusion technique you can harm the legal package harmfully, with the help of the name. For example, an attacker publishes a package with Trojan in the Repository. If AI recommends it instead of the civil servant, the developer will set a dangerous code without checking the source.
The prediction of Microsoft, which is generated by AI by 2030 95% of the code, makes these recommendations particularly relevant. Until the neural networks have learned to distinguish fiction from reality, the responsibility for security for people remains.
🇷🇺 For Remaster Tes 4: Oblivion, a high -quality Russifier came out – the one who was in the original (good)
Source: VG Times
Gregory Robert is a sports aficionado and a writer for “Social Bites”. He provides in-depth coverage of the latest sporting events and trends, offering a unique and knowledgeable perspective on the world of sports.