How Explosive Popularity of AI and LLMs Impact Application Security

ChatGPT’s API has been used in 900 npm and PyPi packages across diverse problem domains, with 75% of those being brand new packages.

July 24, 2023

Adam121 Adobe Stock 315095274

adam121 AdobeStock_315095274

As modern software development increasingly adopts distributed architectures and microservices alongside third party and open source components, a report from Endor Labs tracks the popularity of ChatGPT’s API, how current large language model (LLM)-based AI platforms are unable to accurately classify malware risk in most cases and how almost half of all applications make no calls at all to security-sensitive APIs in their code base.

“The fact that there’s been such a rapid expansion of new technologies related to artificial intelligence, and that these capabilities are being integrated into so many other applications, is truly remarkable—but it’s equally important to monitor the risks they bring with them,” says Henrik Plate, lead security researcher at Endor Labs Station9. “These advances can cause considerable harm if the packages selected introduce malware and other risks to the software supply chain. This report offers an early look into this critical function, just as early adopters of matching security protocols will benefit most from these capabilities.”

From Endor Labs:

● Existing LLM technologies still can’t be used to reliably assist in malware detection and scale. In fact, they accurately classify malware risk in barely 5% of all cases. They have value in manual workflows, but will likely never be fully reliable in autonomous workflows. That’s because they can’t be trained to recognize novel approaches, such as those derived through LLM recommendations.

● 45% of applications have no calls to security-sensitive APIs in their code base, but that number actually drops to 5% when dependencies are included. Organizations routinely underestimate risk when they don’t analyze their use of such APIs through open source dependencies.

● Even though 71% of typical Java application code is from open source components, applications use only 12% of imported code. Vulnerabilities in unused code are rarely exploitable; organizations can eliminate or de-prioritize 60% of remediation work with reliable insights into which code is reachable throughout an application.

ChatGPT’s API has been used in 900 npm and PyPi packages across diverse problem domains, with 75% of those being brand new packages.

Adobe Stock 361324625

Alexis Asks: Safer Trucking for Future Drivers

Managing editor Alexis Mizell-Pleasant asks industry experts about various topics developing in the supply chain. Campaigns like Distracted Driver Awareness Month further the importance of staying focused and alert at all times while behind the wheel.

Women In Supply Chain Vertical Color

Nominations Close June 7 for 2024 Women in Supply Chain Award

This award recognizes female supply chain leaders and executives whose accomplishments set a foundation for women in all levels of a company’s supply chain network. Submissions close June 7!

Adobe Stock 207220202

SCN Summit: State of the Supply Chain

June 4, 2024

Register now to hear from experts about the State of Today’s Supply Chains through topics revolve around Warehouse Automation, Generative AI, Automation, Electrification, Company Culture and more.

Pros to Know: Resilinc's Bindiya Vakil Talks Collaboration in the Supply Chain

Bindiya Vakil, CEO and co-founder of Resilinc, was named one of our Lifetime Achievement award winners from this year’s Pros to Know award.

Cac Tus Adobe Stock 591284638

U.S.-German Partnership Faces Loss of Trust but High Expectations

Declining optimism since 2022 may reflect a sense of disappointment rather than entrenched pessimism, as expectations in the partnership remain very high.

Baltimore Bridge Christine Adobe Stock 769092028

Baltimore Bridge Collapse Underscores Critical Importance of Modernizing Interstate Highways

From 2022-2050, freight moved annually in the United States by trucks is expected to increase 93% in value (inflation-adjusted dollars) and 47% by weight. U.S. business logistics costs reached $2.3 trillion in 2022, representing 9.1% of U.S. GDP.

Pexels Stock Cybersecurity

Deepfake Frauds on the Rise

According to data presented by AltIndex.com, one-third of businesses have already been affected by AI-assisted fraud, while more than 80% see it as a genuine threat.

Adobe Stock 763510398

Unlock Global Market Access with Deep Supply Chain Visibility

Here's a breakdown on the aspects of a supply chain sustainability management program that companies need to reach to support deep visibility.

Stock Sustainability

ESG Toolkit

TT Club debuted an active toolkit to assist members, partners and service providers in the development of relevant policies as they pertain to environmental, social, governance (ESG).

Adobe Stock 381817046

Passkeys to Prevent Fraud and Safeguard Supplier Data

Apexanalytix brings the launch of Passkeys. This feature enables suppliers to securely log into their accounts using biometrics like a fingerprint or face scan, or a screen lock PIN.

Adobe Stock 470988697

Semiconductor Supply Chain Dynamics: Navigating Complexity and Change

As the market continuously changes over the course of the next few years, it will be more important than ever for suppliers to be embedded in the events that will impact them not only in the U.S. but globally in terms of geopolitical conflict.

Adobe Stock 90106798 (1)

Research Finds 83% of Supply Chains Can’t Respond to Disruptions in 24 Hours

A new IDC study, sponsored by Kinaxis, reveals slow progress in making supply chains more flexible and resilient while also highlighting optimism towards supply chain orchestration tools.

Adobe Stock 373927171

Cleo's Business Commitment Monitoring for Logistics

This solution offers actionable data and proactive response solution designed to ensure that logistics companies’ business commitments are never missed.

Kalyakan Stock adobe com

Escalating Middle East Tensions Trigger Surge in Freight Rates

As the situation unfolds in the Middle East, stakeholders are closely monitoring developments and preparing for potential impacts on global trade and shipping markets.

Quality Stock Arts Adobe Stock 507033815

Safeguarding Platform to Help Combat Fraud in Transportation and Logistics

Descartes Systems Group developed Descartes MacroPoint FraudGuard to help freight brokers, 3PLs and shippers identify and prevent fraudulent activities related to carrier information, load tracking, and shipment status.

Adobe Stock 364357187 (1)

Dow Jones Risk & Compliance Deploys Generative AI to Transform Due Diligence

Dow Jones Integrity Check is a fully automated solution that goes beyond screening to identify risks and red flags from thousands of data sources.

Adobe Stock 508660919

Alexis Asks: Pricing Strategy in the Face of Inflation

Managing editor Alexis Mizell-Pleasant asks industry experts about various topics developing in the supply chain field. When it comes to economic pitfalls, technology and established networks might hold the greatest power.

Baltimore Bridge Christine Adobe Stock 769092028

Container Traders Anticipate Rise in Disruptions and Increase in Container Prices

In the aftermath of the Baltimore bridge collision, supply chain professionals are anticipating price hikes, as indicated by a significant rise in sentiment for container price increases released by Container xChange.

Pexels Stock Cybersecurity

Avetta Acquired by Private Equity Firm

EQT Private Equity acquired Avetta from Welsh, Carson, Anderson & Stowe, leveraging its global footprint, purpose-driven approach, and digital and sustainability expertise to support Avetta's ongoing growth journey.

Robert Paulus Adobe Stock 599970934

Biden-Harris Final Rule on Train Crew Size Safety Requirements to Improve Rail Safety

The new rule enhances safety in the rail industry by generally requiring and emphasizing the importance and necessity of a second crewmember on all trains.

Adobe Stock 364357187

It’s Time to Depart from the Binary Pass-Fail Metrics of Standard Compliance Testing

Brands that prioritize user-centric experiences set a higher standard, standing out with superior quality, functionality and durability.

Sittinan Stock adobe com

Descartes Strengthens Global Trade Intelligence with OCR Acquisition

Descartes Systems Group acquired OCR Services, Inc. for $90 million.

Adobe Stock 526136148

Alexis Asks: The Impact of the Francis Scott Key Bridge Collapse

Managing editor Alexis Mizell-Pleasant asks industry experts about various topics developing in the supply chain field. Eyes have shifted quickly with questions about the implications this catastrophe may have for shippers.

Dali Zapper Adobe Stock 450977438 Editorial Use Only

How Baltimore Bridge Collapse Impacts Movement of Vehicles, Raw Materials and More

While the full extent of the impact is yet to be determined, the collision is likely to have far-reaching consequences for the Port of Baltimore and its role in the regional and national economy.

Adobe Stock 241274431

Utilizing ML Models for Cargo Insurance in the Wake of the Red Sea Crisis

Machine Learning risk pricing models offer a transformative solution, enabling insurers to adapt dynamically to changing conditions, enhance accuracy in risk assessment and provide real-time monitoring.

Adobe Stock 475597494

Alexis Asks: The Supply Chain Impact of Canada's Modern Slavery Act

Managing editor Alexis Mizell-Pleasant asks industry experts about various topics developing in the supply chain field. Canada's strides in labor laws wield significant influence in shaping ethical supply chains.

Adobe Stock 476558953

Digitizing Supply Chains for Enhanced Due Diligence and Trade Compliance

In an era of rapid globalization, utilizing global trade technology is not just a convenience but a strategic necessity for companies aiming to stay competitive, efficient and ESG conscious in the global marketplace.