top | item 45267221

(no title)

brianleb | 5 months ago

>>a few lines of own (LLM generated) code.

... and now you've switched the attack vector to a hostile LLM.

discuss

Sure but that's a one time vector. If the attacker didn't infiltrate the LLM before it generated the code, then the code is not going to suddenly go hostile like an npm package can.

zelphirkalt|5 months ago

Though you will see the code at least, when you are copy pasting it and if it is really only a few lines, you may be able to review it. Should review it of course.

LtWorf|5 months ago

If it's that little review the dependency.

lukan|5 months ago

I did not say to do blind copy paste.

A few lines of code can be audited.