alt Hacker NewsIf someone can write instructions to download a malicious script into an codebase, hoping an AI agent will read and follow them, they could just as easily write the same wget command directly into a build script or the source itself (probably more effective). In that way it's a very similar threat to the supply chain attacks we're hopefully already familiar with. So it is a serious issue but not necessarily one we don't know how to deal with. The solutions (auditing all third party code, isolating dev environments) just happen to be hard in practice.
Replies
lazide • last Thursday at 7:51 PM
It’s easier to hide a poem in the comments of a random web page, than it is the obvious wget, etc.
➕ show 1 reply
Given the displeasure a lot of developers have towards AI, I would not be surprised if such attacks became more common. We’ve seen artists poisoning their uploads to protect them (or rather, try and take revenge), I don’t doubt it might be the same for a non-negligible part of developers.