Large language models are reshaping how we write software. With a few prompts, developers can generate boilerplate, integrate dependencies, write tests, and scaffold entire systems in a fraction of the time it used to take.

But for all that acceleration, there’s a blind spot forming right at the foundation: how these systems choose dependencies.

LLMs don’t understand context. They don’t know what’s secure, what’s actively maintained, or what your organization has flagged as off-limits. They simply surface what looks common — which is often outdated, vulnerable, or legally risky.

And when developers treat those outputs as trustworthy by default, bad choices make it into production at machine speed.

It Looks Right, So It Must Be Fine

Most of these models were trained on years of public code — GitHub, Stack Overflow, old docs, even abandoned projects. The result is that their recommendations often reflect what’s been used a lot, not what’s safe to use now.

We often find AI recommending deprecated packages, such as ‘request,’ in new Node applications, or outdated Python modules that haven’t been updated in years. Worse still, AI can suggest unvetted packages, introducing layers of unchecked transitive dependencies that compromise security and stability.

It works, until it doesn’t. And most teams don’t realize what they’ve inherited until it breaks — or until legal or security comes asking.

Attackers Know This Too

They’ve seen this before — when developers started trusting auto-complete too much, or copy-pasting code without checking. LLMs are the next iteration of that behavior, scaled up.

Attackers are now exploiting vulnerabilities by releasing malicious packages that mimic common LLM hallucinations. They are manipulating prompt patterns to boost the likelihood of being recommended and planting traps within the ecosystem, targeting speed-over-safety pipelines.

The AI doesn’t know better. And if your devs aren’t questioning the (Read more...)