The only way to mitigate this risk is to verify package names manually and never assume a package mentioned in an AI-generated code snippet is real or safe.
We’re doomed
Mearuu@kbin.melroy.org
on 13 Apr 02:53
nextcollapse
I can’t imagine how a “black box” that is AI can ever be anything but a security risk. Compounding the problem are lazy developers that push code that they do not fully understand.
But it’s sTaTiStiCaLlY ReLeVaNt…
atzanteol@sh.itjust.works
on 13 Apr 12:32
collapse
Generating dependencies is a huge weak point of ai right now. Version numbers are typically made up or very out of date at best. I just assume they’re wrong from the start now.
threaded - newest
We’re doomed
I can’t imagine how a “black box” that is AI can ever be anything but a security risk. Compounding the problem are lazy developers that push code that they do not fully understand.
But it’s sTaTiStiCaLlY ReLeVaNt…
Generating dependencies is a huge weak point of ai right now. Version numbers are typically made up or very out of date at best. I just assume they’re wrong from the start now.