Hacker News Re-Imagined

Ask HN: Could GitHub Copilot be used as a form of supply chain attack?

As in, could you intentionally create public, vulnerable code that looks fine that then gets picked up and referenced in other projects?

  • 2 points
  • 13 days ago

  • @Akronymus
  • Created a post

Ask HN: Could GitHub Copilot be used as a form of supply chain attack?


@absolyul 13 days

Replying to @Akronymus 🎙

I think this is unlikely, especially in a targeted manner.

Reply


@alpaca128 13 days

Replying to @Akronymus 🎙

Considering existing code already has vulnerabilities, some of which were used to train Copilot I think it's possible but not efficient in terms of success rate.

But if they continue to ignore license terms I can see someone create repos with intentionally Copilot-incompatible licenses and watermark it so they can prove the license terms were violated.

Reply


About Us

site design / logo © 2022 Box Piper