thomasapowell, With the reveal an #LLM initial prompt ruckus from today maybe that should be a feature not a bug ?
Idea
#AI being used for code generation could be used to turbo charge supply chain attacks & get exploits inserted into code bases
Plan
- find hosted LLM service which can do code gen
- exploit site to change controlling prompt to add subtle bugs or references to malware dependencies in package.json
- pwn at scale
Don’t worry webapp sec is so good this will never happen! 😬