Basically, two researchers at the University of Minnesota decided to submit buggy patches of the Linux Kernel and see what happens. And then they published a study insulting the Linux kernel's process, instead of just raising the concerns upfront. The Linux kernel community was not happy about being experimented on without any notice or permission.
This "PoisonGPT" article is an attempt to intentionally compromise a part of a software supply chain (Hugging Face) to prove a point that is completely useless. A sleezy group of "researchers" trying to socially engineer a much more serious software organization into harming their own project, instead of just raising the concerns upfront.
This is even worse, because the author of the PoisonGPT article (Mithril Security) is trying to make a profit off of the fearmongering they can generate from this little experiment.
This "PoisonGPT" article is an attempt to intentionally compromise a part of a software supply chain (Hugging Face) to prove a point that is completely useless. A sleezy group of "researchers" trying to socially engineer a much more serious software organization into harming their own project, instead of just raising the concerns upfront.
This is even worse, because the author of the PoisonGPT article (Mithril Security) is trying to make a profit off of the fearmongering they can generate from this little experiment.