Scott states: “Attackers can now publish malicious packages under these hallucinated names, leading unsuspecting company developers into using them, perhaps under recommendation from their own use of AI. Many gen-AI coding users execute gen-AI code to test it without verifying the legitimacy of the code created. ‘Trust but verify’ applies to software created by AI, and we need to train a new age of developers to verify the packages recommended to them by AI systems.”

Authors

• Person: Not available Organization: SecurityWeek
  Cyber Insights 2025: Open Source and Software Supply Chain ...

Sources

• Cyber Insights 2025: Open Source and Software Supply Chain ... www.securityweek.com SecurityWeek via serper

Referenced by nodes (2)

• artificial intelligence concept
• Scott entity