By utilizing what the researchers term “AI package hallucinations,” threat actors can create and distribute malicious code packages that developers may inadvertently download and integrate into their legitimate applications and code repositories.