Comment by jameslk

2 days ago

Malicious libraries will drive more code to be written by LLMs. Currently, malicious libraries seem to be typically trivial libraries. A WhatsApp API library is just on the edge of something that can be vibe coded, and avoiding getting pwned may be a good enough tipping point to embrace NIH syndrome more and more, which I think would be a net negative for F/OSS

The incentives are aligned with the AI models companies, which benefit from using more tokens to code something from scratch

Security issues will simply move to LLM related security holes

2 comments

jameslk

Reply
Kwpolska  2 days ago

The library in question is a malicious fork of a library which reverse engineered the undocumented WhatsApp Web API. Good luck making a slop generator reverse engineer an API.

  • jameslk  2 days ago

    I would wager LLMs in a good enough tool/eval loop would actually do pretty well at that task. But they may also be pretty good at just replicating existing libraries wholesale, sans the malicious bits