English

Importing Phantoms: Measuring LLM Package Hallucination Vulnerabilities

Machine Learning 2025-02-03 v1 Computation and Language Cryptography and Security

Abstract

Large Language Models (LLMs) have become an essential tool in the programmer's toolkit, but their tendency to hallucinate code can be used by malicious actors to introduce vulnerabilities to broad swathes of the software supply chain. In this work, we analyze package hallucination behaviour in LLMs across popular programming languages examining both existing package references and fictional dependencies. By analyzing this package hallucination behaviour we find potential attacks and suggest defensive strategies to defend against these attacks. We discover that package hallucination rate is predicated not only on model choice, but also programming language, model size, and specificity of the coding task request. The Pareto optimality boundary between code generation performance and package hallucination is sparsely populated, suggesting that coding models are not being optimized for secure code. Additionally, we find an inverse correlation between package hallucination rate and the HumanEval coding benchmark, offering a heuristic for evaluating the propensity of a model to hallucinate packages. Our metrics, findings and analyses provide a base for future models, securing AI-assisted software development workflows against package supply chain attacks.

Keywords

Cite

@article{arxiv.2501.19012,
  title  = {Importing Phantoms: Measuring LLM Package Hallucination Vulnerabilities},
  author = {Arjun Krishna and Erick Galinkin and Leon Derczynski and Jeffrey Martin},
  journal= {arXiv preprint arXiv:2501.19012},
  year   = {2025}
}
R2 v1 2026-06-28T21:27:18.172Z