AI genuinely accelerates work on old code. It also invents packages that do not exist. How we get the speed without importing the failure modes.
Draft outline · Productivity / delivery lensA 2025 USENIX Security study found roughly 20% of packages recommended by LLMs do not exist, giving rise to slopsquatting (attackers pre-registering the hallucinated names), and research found AI-assisted repositories leaked secrets at a higher rate. The upside is real, so the piece is about capturing it safely, not refusing it.
Peer-reviewed measurement of how often LLMs invent dependencies, across 16 models.
Independent reporting on how hallucinated packages become a live supply-chain attack.
The clearest not-just-security piece: it leads with productivity and delivery, treating AI as a genuine accelerator, then is honest about the failure modes. That balance is exactly the sceptical-practitioner tone the brand wants, and it differentiates us from both AI hype and AI fear.