Dependencies in LLM packages open apps to vulnerabilities: Report

When Github repositories for its Top 100 AI projects were scanned, they were found to reference, on average, 208 direct and transitive dependencies. Eleven percent of the projects were found relying on 500 plus dependencies.

Fifteen percent of these Github repositories contain 10 or more known vulnerabilities. The package distributed by Hugging Face Transformers (the architecture that ChatGPT is based on) has over 200 dependencies, which include four known vulnerabilities.

Dependencies make calls to security-sensitive APIs

Fifty-five percent of applications tracked by Endor make calls to security-sensitive APIs — programming interfaces that link to critical resources which, if compromised, could affect the security of an asset. That number grows to 95%, however, when the dependencies of software component packages are tracked.

“Every considerable application includes dependencies that call into a big share of JCL’s  — Java Class Library, which comprises the core APIs provided by the Java runtime — sensitive APIs,” Plate said.

The research further revealed that 71% of Census II java packages call five  or more categories of security sensitive APIs when all the dependencies are considered.

“Applications often use only a small portion of the open-source components they integrate, and developers rarely understand the cascading dependencies of components,” Plate added. “In order to satisfy transparency requirements while protecting brand reputation, organizations need to go beyond basic SBOMs.”