AI Package Hallucinations: A New Threat to Supply Chain Security
90% of the code in Apps today comes from Open Source Software. Whether through infiltrating the software delivery pipeline, deliberately uploading malicious components to popular repositories, or taking advantage of existing vulnerabilities in open source components, attackers are leveraging gaps in supply chain controls to compromise organizations. With GenAI quickly becoming a popular tool for developers to generate code, a new threat has emerged. AI package hallucinations is one of the more recent attack types within supply chain that is easy to execute and can have devastating effects. During this presentation we will give an overview of Supply Chain Security with some examples of the current threats, discuss AI package hallucinations, and preventative measures.