# AI + Dependencies = The Next Big Security Problem

![](https://cdn.hashnode.com/uploads/covers/6980a4b13e205fb04cec3074/6478a16e-a5ac-487e-a696-db1a90d4e3d7.png align="center")

## The New Reality of AI-Assisted Development

Modern developers increasingly rely on AI coding assistants to generate code and suggest dependencies.

Typical workflow:

```plaintext
Developer Prompt
      │
      
AI Generates Code
      │
      
Suggested Dependency Installation
      │
      
Developer Executes pip / npm install
```

The problem is that **AI does not validate security of the dependencies it suggests.**

This creates a new attack surface in the **software supply chain**.

A supply-chain attack occurs when attackers compromise a trusted third-party component such as a dependency or library to inject malicious code into downstream software.

* * *

# Where the Attack Happens

```plaintext
AI Generated Code
        │
        
Dependency Suggestion
        │
        
Package Registry (PyPI / NPM)
        │
        
Malicious Package Installed
        │
        
Post-Install Script Executes
        │
        
Data Exfiltration / Backdoor
```

Attackers exploit the **trust developers place in open-source libraries**, inserting malicious code that executes once installed.

* * *

# The Most Common Attack Technique: Typosquatting

Example visualization:

```plaintext
Legitimate Package:
requests

Malicious Package:
requestss
reqeusts
requsets
```

Attackers publish packages with **names very similar to legitimate libraries** hoping developers install them accidentally.

Once installed, the malicious package may:

*   steal environment variables  
    extract SSH keys
    
*   capture cloud credentials
    
*   download remote malware  
    

* * *

# Real-World Supply Chain Incidents

### Compromised AI-related Python package

A compromised version of the AI library LiteLLM included a backdoor capable of stealing sensitive data such as SSH keys, Kubernetes secrets, and cloud credentials.

* * *

### Malicious dependency injection

Attackers compromised versions of a popular JavaScript library and inserted a dependency that installed a remote access trojan during installation.

* * *

### Malicious packages in public registries

Security researchers regularly discover packages in repositories like PyPI and npm that execute malware during installation or steal developer data.

* * *

# What Happens After Installation

Typical malicious package behavior:

```plaintext
pip install malicious_package
        │
        
setup.py or install script runs
        │
        
Collect system information
        │
        
Send credentials to attacker server
        │
        
Download secondary malware
```

Many malicious packages hide code in **setup scripts that run automatically during installation**.

* * *

# Why AI Makes This Risk Worse

AI assistants can:

*   hallucinate non-existent libraries
    
*   suggest outdated dependencies
    
*   recommend vulnerable packages  
      
    Some studies show LLMs may generate **fictitious dependencies that attackers could later publish**, creating a new attack vector.
    

* * *

# Secure Workflow for AI-Generated Code

Recommended developer workflow:

```plaintext
AI Generated Code
        │
        
Verify Dependency Source
        │
        
Run Vulnerability Scan
(pip-audit / npm audit)
        │
        
Static Code Security Scan
(Semgrep / SAST)
        │
        
Secret Detection
(Gitleaks)
        │
        
Run Code in Sandbox
(Docker / isolated environment)
```

This significantly reduces the risk of supply chain compromise.

* * *

# The Key Insight

AI tools accelerate development.

But they also introduce **automated trust in external dependencies**.

And attackers exploit exactly that trust.

The most dangerous line of code today might simply be:

```plaintext
pip install <unknown package>
```

* * *

# Takeaway for AI Engineers

When using AI-generated code:

*   Never blindly trust dependencies
    
*   Validate libraries before installation
    
*   Implement security scanning in CI/CD
    
*   Run AI-generated code in sandbox environments  
    

AI is transforming software development.

But **secure development practices must evolve with it.**
