In the contributed article for Dark Reading, GW Engineering alumna Elaine Ly and co-author Georgianna Shea examine how the use of generative artificial intelligence (GenAI) is heightening risks to the software development supply chain. In “Generative AI Exacerbates Software Supply Chain Risks,” they highlight how developers may unknowingly introduce vulnerabilities by relying on inaccurate or hallucinated code generated by AI, and they argue for stronger transparency requirements to mitigate these growing risks.
Here is an excerpt from the article: “In the past year along, malicious actors have uploaded hundreds of thousands of malicious packages to open source software repositories. This exploitation of the open source ecosystem, combined with the frequency of hallucinations and confidence with which LLMs assert their accuracy, increases the risk that developers will fall victim to this scheme. This threatens the integrity of local and global software supply chains.”
Read the full article on Dark Reading.