Theoretically yes. It is entirely possible to poison the training data for a supply chain attack against vibe coders. The trick would be to make it extremely specific for a high value target so it is not picked up by a wide range of people. You could also target a specific open source project that is used by another widely used product.
However there is so many factors involved beyond your control that it would not be a viable option compared to other possible security attacks.
I believe this is possible but unlikely. I don't think a Chinese company trying to break down the US's stronghold in this field would do this short term. I think it is in their best interest to be cheaper, better, easier, and more trust worthy until competition looks silly.
It's like suggesting BYD has a high likelihood of making their cars into weapons or something. It's not in the company or their countries interest to do that.
Sure it could happen but I bet it would only happen in a targeted way. Why risk all credibility right now and engage in cyber warfare?
Need the "why not both?" meme here.
BYD and Tesla have the same ability to brick their cars anywhere. It's less a "weapon" and more a way to cripple a subset of people overnight if they so choose. A general major downside of "connected" products.
Okay what gain does China or BYD or similarly, Tesla and the US get by crippling their customers products? It doesn't make sense except at the point of a ww3 scenario where China is an adversary. I don't follow the news too closely, but I see no inklings of that at least.
Yeah, it would specifically be in instances where global conflict is afoot. Aka what people are thinking about when they think about national security risks.
There is a flip side too. It might be advantageous to maintain good will with namesake products so the opposing sides population has reservations. Similar to how this restaurants all over the us are subsidized by the Thai government so we have their backs in they get invaded.
It's hard to predict, but personally I would be way more worried about other outcomes than supply chain attacks in vibe coded products people deem as mission critical.
But propaganda or non ethical marketing - why not? (That is bias toward pointing to certain provider(s)).
or more obvious like TikTok.
Meaning Tiktok in the us is complete garbage for kids, almost like a virus. Whereas in China it's more educational.
Would be interesting to hook up a much simpler LLM as fact checker to see when errors are introduced.
If I had to place a hidden target it'd probably be around RNGs or publicly exposed services..