AI-generated code could be a disaster for the software supply chain. Here’s why.

Jump to latest Follow Reply
Status
You're currently viewing only graylshaped's posts. Click here to go back to viewing the entire thread.
Muted (0)
Sort by date Sort by votes
graylshaped

graylshaped

Ars Legatus Legionis
68,227
Subscriptor++
  • #95
    Renx said:
    Oh, that's fascinating!

    Best quote I heard on the subject was "Why are we using AI to create new problems instead of solving old problems?" and that, of course, is the heart of the matter. LLMs do not solve old problems.

    I was wondering how the heck do you detect hallucinations, but I did not at all think of package names as an attack vector. How remarkably insidious! Of course, this has always been a problem with people dropping package names with typos and just waiting for someone to bite, but now your code copilot brings the exploit to you!

    I wouldn't even know where I'd start with coding today, since you apparently need to understand supply chain first.
    Click to expand...
    Throughout history, the one class that has always prospered is the one that mastered schlepping things efficiently.
     
    Upvote
    1 (1 / 0)
    graylshaped

    graylshaped

    Ars Legatus Legionis
    68,227
    Subscriptor++
  • #123
    silverboy said:
    I'd say lying is a small word, and what's more, it applies well, because intelligence (really be used as a substitute for self-awareness) is irrelevant. It is telling us things that are factually false as though they are true. If that's not lying, then the definition of lying is meaningless.
    Click to expand...
    Lying is the wrong word because it implies intent, which LLMs do not have.

    An LLM is, simply, wrong too often. It is unreliable. It is prone to errors of unpredictable frequency and severity. It lacks the sense [deity] gave a goose. It is a loose cannon. It clogs the development pipeline for promising entry-level candidates. At no point should the output of an LLM be handled any differently than the work of an intern who you suspect was out too late trying to impress colleagues the night before, and whose work product seems somewhat...off when compared to the recommendations accorded that individual.

    The developers who sell these beta-caliber products without these caveats in bold letters, rather than in fine print, are the lying liars who lie.
     
    Upvote
    7 (7 / 0)
    You must log in or register to reply here.
    Status
    You're currently viewing only graylshaped's posts. Click here to go back to viewing the entire thread.
    Jump to latest Follow Reply
    Jump to latest Follow Reply