
Slopsquatting is a newly identified supply chain attack that exploits how large language model AI coding assistants hallucinate fake software package names. Attackers then register those fabricated packages and fill them with malicious code, allowing developers who follow the AI suggestions to unknowingly introduce compromised dependencies into their projects from day one.
Summaries like this, in your inbox every morning.
Sign up free →What happened
A new attack method called slopsquatting exploits how AI coding assistants generate fictitious software package names. Threat actors register those fake package names and populate them with malicious code, which developers unknowingly install when they follow the AI-suggested code.
Why it matters
As developers increasingly rely on AI coding assistants, they may grant cybercriminals access to their software from the start of development. This attack vector is distinct from traditional typosquatting because it leverages LLM hallucinations rather than human mistakes.
What to watch
The risk expands as AI-assisted coding becomes standard practice. Developers should be aware that LLMs can generate fictitious open-source packages, which threat actors can then weaponize.
Slopsquatting represents an emerging class of supply chain threat enabled by the widespread adoption of AI coding assistants. Unlike traditional typosquatting, which depends on human typographical errors or inattention, slopsquatting exploits a fundamental characteristic of large language models: their tendency to generate plausible-sounding but entirely fictitious package names. The attack is particularly insidious because developers trust the code suggestions generated by their AI tools, making them unlikely to scrutinize whether a package name is real.
The threat model is straightforward but effective. When an LLM suggests a nonexistent open-source package during a coding session, developers may install it without verification. If a threat actor has already registered that exact fictitious package name and seeded it with malicious code, the developer's system becomes compromised from the outset. This grants attackers early and deep access to the software supply chain, potentially affecting not only the initial developer but also downstream users of any code or product built on the compromised foundation.
No comments yet. Be the first to share your thoughts!
Log in to join the discussion





Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.
Get Started FreeFree · takes 30 seconds · unsubscribe anytime
1 minute a day. The AI essentials.
200+ sources · Email / LINE / Slack