AI models are improving at code generation, but open source dependency decisions remain a weak spot. A recent study of 37,000 recommendations across seven models found that while newer LLMs hallucinate fewer upgrade targets, they often compensate by recommending no change at all, leaving avoidable severe risk in place. This session explores why safe dependency decisions require live package version, vulnerability, malicious package, and version compatibility intelligence, and shows how grounding AI recommendations produces more trustworthy, actionable upgrade decisions.