Large-scale Language Models (LLMs) suffer from a serious “package illusion” problem that could cause a wave of maliciously coded packages in the supply chain, researchers have found in one of the largest and most in-depth studies ever to investigate the problem.
So bad, in fact, that across 30 different tests, the researchers found that 440,445 (19.7%) of the 2.23 million code samples they generated experimentally in two of the most popular programming languages, Python and JavaScript, using 16 types of Various LLMs for Python. and 14 JavaScript models, which contain references to packages associated with negative views.
The multi-university study, first published in June but recently updated, also produced “a staggering 205,474 examples of package names associated with false positives, further highlighting the severity and prevalence of this threat.”
Source link