Case Study: PyTorch / torchtriton Dependency Confusion

sources (the PyTorch advisory) before publishing.

Around the end of 2022, users who installed the PyTorch nightly build briefly pulled a malicious package called torchtriton, a textbook dependency-confusion attack.

What happened

Why it worked

What defenders learn

How Verifi prevents dependency confusion →