AI bots hallucinate software packages and devs download them

*bad Devs

Always look on the official repository. Not just to see if it exists, but also to make sure it isn't a fake/malicious one

Can we fucking stop anthropomorphising software?

I just want an LLM with a reasonable context window so we can actually write real working packages with it.

The demos look great, but it’s always just around 100 lines of code, which is beginner level. The only use case right now is fake packages.

One of the first things I noticed when I asked ChatGPT to write some terraform for me a year ago was that it uses modules that don't exist.

Yeah, had that on my very first attempt at using it.

It used a component that didn't exist. I called it out and it went "you are correct, that was removed in <older version>. Try this instead." and created an entirely new set of bogus components and functions. This cycle continued until I gave up. It knows what code looks like, and what the excuses look like and that's about it. There's zero understanding.

It's probably great if you're doing some common homework (Javascript Fibonacci sequence or something) or menial task, but for anything that might reach the edges of its "knowledge", it has no idea where those edges may lie so just bullshits.

This is the best summary I could come up with:

In-depth Several big businesses have published source code that incorporates a software package previously hallucinated by generative AI.

Not only that but someone, having spotted this reoccurring hallucination, had turned that made-up dependency into a real one, which was subsequently downloaded and installed thousands of times by developers as a result of the AI's bad advice, we've learned.

He created huggingface-cli in December after seeing it repeatedly hallucinated by generative AI; by February this year, Alibaba was referring to it in GraphTranslator's README instructions rather than the real Hugging Face CLI tool.

Last year, through security firm Vulcan Cyber, Lanyado published research detailing how one might pose a coding question to an AI model like ChatGPT and receive an answer that recommends the use of a software library, package, or framework that doesn't exist.

The willingness of AI models to confidently cite non-existent court cases is now well known and has caused no small amount of embarrassment among attorneys unaware of this tendency.

As Lanyado noted previously, a miscreant might use an AI-invented name for a malicious package uploaded to some repository in the hope others might download the malware.

The original article contains 1,143 words, the summary contains 190 words. Saved 83%. I'm a bot and I'm open source!

From the article...

hallucinated software packages – package names invented by generative AI models, presumably during project development

It's 2024. No more quality control, no more double-checking, not in any industry at this point. We're all alpha testers. Not even beta testers.

As the old entertainment industry adage goes when anything goes wrong on the set, "we'll fix it in post."

Lie.. no hallucinate..they lie and make shit up... just like a real hooman!! :))

daily PSA that something like [insert number of packages] are deprecated on shipment of software.

Thanks guys, very cool.

I'm honestly starting to get tired about "people confuses advanced chatbot with Jarvis and bad things happen".

Specially when it's shitty/lazy devs that don't code review.