| ▲ | resfirestar a day ago | |||||||
If someone can write instructions to download a malicious script into an codebase, hoping an AI agent will read and follow them, they could just as easily write the same wget command directly into a build script or the source itself (probably more effective). In that way it's a very similar threat to the supply chain attacks we're hopefully already familiar with. So it is a serious issue but not necessarily one we don't know how to deal with. The solutions (auditing all third party code, isolating dev environments) just happen to be hard in practice. | ||||||||
| ▲ | yoz-y a day ago | parent | next [-] | |||||||
Given the displeasure a lot of developers have towards AI, I would not be surprised if such attacks became more common. We’ve seen artists poisoning their uploads to protect them (or rather, try and take revenge), I don’t doubt it might be the same for a non-negligible part of developers. | ||||||||
| ▲ | lazide a day ago | parent | prev [-] | |||||||
It’s easier to hide a poem in the comments of a random web page, than it is the obvious wget, etc. | ||||||||
| ||||||||