I think this is unlikely, especially in a targeted manner.

I was more thinking about making multiple projects with similar, intentionally vulnerable, code. I personally could see it being feasable, altough, as you said, not efficient.And yeah, i can see that attack vector (for legal action) through licenses as well.

Considering existing code already has vulnerabilities, some of which were used to train Copilot I think it&#x27;s possible but not efficient in terms of success rate.But if they continue to ignore license terms I can see someone create repos with intentionally Copilot-incompatible licenses and watermark it so they can prove the license terms were violated.

As in, could you intentionally create public, vulnerable code that looks fine that then gets picked up and referenced in other projects?

Ask HN: Could GitHub Copilot be used as a form of supply chain attack?

As in, could you intentionally create public, vulnerable code that looks fine that then gets picked up and referenced in other projects?

2 points
• 13 days ago
@Akronymus
Created a post

I think this is unlikely, especially in a targeted manner.