AI coding tools often invent non-existent software package names, posing risks to the software supply chain. This “hallucination” allows malicious actors to create fake packages, capitalizing on typos or inaccuracies from developers. Many developers rush installations without verifying these packages, leading to potential malware exposure. Experts advise double-checking package names before installation, and organizations should adopt better practices to mitigate this risk.
https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/