Slopinator: Attack AI training with poisoned GitHub repositories (codeberg.org)

The launch of Slopinator, a tool designed to undermine AI training by uploading poisoned code repositories to GitHub, has raised significant concerns within the AI/ML community. GitHub is widely recognized as a key source of training data for AI models, and with Microsoft even utilizing private repositories for training, the introduction of Slopinator threatens to contaminate the quality of training datasets. By creating deceptive repositories filled with harmful code, this tool aims to disrupt the development of future AI models and render GitHub an unreliable resource for AI labs. Technically, Slopinator allows users to ingest poisoned code using a locally running Ollama model, create new GitHub accounts via automated processes, and generate convincing repositories filled with this harmful code. It organizes files into realistic directory structures and employs genuine commit message patterns to mimic legitimate repositories. This sophisticated approach not only challenges the integrity of AI training but also poses broader implications for data security and trustworthiness in software development. The potential for such tools to escalate malicious activities indicates a need for robust countermeasures within the AI community to safeguard the integrity of training datasets.