Open source is playing a growing role across the AI technology stack, but most (52%) projects reference known vulnerable dependencies in their manifest files, according to Endor Labs. The security vendor’s latest State of Dependency Management report claimed that just five months after its release, ChatGPT’s API is used in 900 npm and PyPI packages across “diverse problem domains,” with 70% of these brand new packages.

Source: Infosecurity