AI-powered language models have gained popularity for their ability to generate human-like text, but recent research has uncovered potential security risks associated with these models. In a study conducted by cyber risk management company, researchers revealed how hackers can exploit OpenAI’s ChatGPT to spread malicious code. This article delves into the findings of the study, explores the methodology used, and provides insights into the implications of these security risks.

Understanding ChatGPT and its Recommendations

ChatGPT, developed by OpenAI, is an advanced language model that utilizes deep learning techniques to generate human-like responses. It has been trained on a vast amount of text data and can provide suggestions and answers to various queries. However, the study conducted by highlights the potential dangers of relying solely on ChatGPT’s recommendations, specifically in the context of coding solutions.

The Methodology of the Study

To assess the risks associated with ChatGPT’s code recommendations, the researchers collected frequently asked coding questions from Stack Overflow. They selected 40 coding subjects and obtained the first 100 questions for each subject. The queries were filtered for “how-to” questions that involved programming packages. The study focused on Node.js and Python contexts.

Using ChatGPT’s API, the researchers posed these questions to the language model and analyzed the responses. They specifically looked for recommendations of code packages that did not exist in trusted repositories. By collecting and scrutinizing the conversations, the researchers were able to identify potential security vulnerabilities.

Unveiling the Risks: Hallucinated Code Packages

The study revealed alarming results regarding the recommendations provided by ChatGPT. Out of the Node.js questions, approximately 20% of the answers contained suggestions for code packages that did not exist. For Python questions, the situation was even more concerning, with over a third of the answers including recommendations for non-existent code packages.

Furthermore, the researchers discovered that these recommendations involved a significant number of unpublished packages. In Node.js, over 50 unpublished npm packages were suggested, while in Python, the number exceeded 100 unpublished pip packages. These findings highlight the prevalence of hallucinated code packages in ChatGPT’s responses.

Proof of Concept: Malicious Code Installation

To demonstrate the potential consequences of relying on ChatGPT’s recommendations, the researchers developed a proof of concept. They created a non-existent code package with a similar name to an imaginary package suggested by ChatGPT. Although the uploaded file was not malicious, it established communication with a server to indicate its installation.

In the scenario, a user approached ChatGPT with the same question that the attacker did. ChatGPT recommended the package containing the “malicious” code and instructed how to install it. The victim, unaware of the risks, proceeded to install the package. As a result, the attacker received data from the victim’s device, enabling potential exploitation.

Protecting Against Malicious Code Recommendations

Given the risks associated with ChatGPT’s code recommendations, it is crucial to exercise caution when installing packages suggested by the language model. The researchers advise several precautions to mitigate potential security vulnerabilities:

  1. Verify Package Validity: Before installing any package, thoroughly examine its credentials. Look for creation dates, download counts, positive feedback, and accompanying notes.
  2. Community Feedback: Rely on community discussions and reviews to gain insights into the reliability of a package. Prioritize packages with positive feedback and active community engagement.
  3. Package Source: Ensure that the package is sourced from reputable and trusted repositories. Stick to well-known platforms with established security measures.
  4. Code Auditing: Consider conducting code audits to identify potential security issues within the suggested packages. This will help identify any vulnerabilities before installation.

By following these precautions, developers can reduce the risk of installing malicious code recommended by ChatGPT.

Evaluating ChatGPT’s Trustworthiness

The study raises concerns about the trustworthiness of ChatGPT’s recommendations. While ChatGPT was not designed to provide accurate responses, rather those that sound correct, this research underscores the importance of verifying all facts and recommendations before implementation. Users should exercise caution and not blindly accept ChatGPT’s suggestions without thorough evaluation.

Implications for AI Language Models

The vulnerabilities exposed in ChatGPT have broader implications for the field of AI and natural language processing. As AI language models become more advanced, it is crucial to address potential security risks associated with their outputs. Developers, researchers, and organizations must prioritize the development of robust mechanisms to ensure the reliability and safety of AI-generated recommendations.


The study conducted by sheds light on the security risks involved in relying on ChatGPT’s code recommendations. The prevalence of hallucinated code packages and the potential for malicious code installation highlight the need for caution and verification when implementing ChatGPT’s suggestions. As AI language models continue to evolve, it is essential to prioritize security and establish guidelines to mitigate potential risks. By doing so, developers can leverage the benefits of AI while ensuring the safety and integrity of their systems.