To highlight an attack vector, a researcher made a package with a name hallucinated by ChatGPT; it had 30K+ downloads in three months and appeared in many repos (Lasso Security)