My AI told me to pip install a package that doesn't exist. Turns out someone already weaponized that.

A developer installed a non-existent PyPI package recommended by Claude, which was registered by a security researcher after noticing the AI's constant recommendation. This incident highlights a new software supply chain security vulnerability where AIs can suggest non-existent or malicious dependencies.