LLM-Assisted Dependency Confusion: A New Supply Chain Attack Vector Emerges

A developer flagged a scenario where AI coding tools blindly trust malicious package repositories — hallucinating dependency names that attackers can then squat on.