To highlight an attack vector, a researcher made a package with a name hallucinated by ChatGPT; it had 30K+ downloads in three months and appeared in many repos (Lasso Security)

Lasso Security:

To highlight an attack vector, a researcher made a package with a name hallucinated by ChatGPT; it had 30K+ downloads in three months and appeared in many repos  —  I kicked start on this follow-up research for several reasons:  —  ‍  —  1️⃣ I investigate whether package …