Slopsquatting

Slopsquatting – when an LLM hallucinates a non-existent package name, and a bad actor registers it maliciously. The AI brother of typosquatting. Credit to @sethmlarson for the name

One such risk is slopsquatting, a new term for a surprisingly effective type of software supply chain attack that emerges when LLMs “hallucinate” package names that don’t actually exist. If you’ve ever seen an AI recommend a package and thought, “Wait, is that real?”—you’ve already encountered the foundation of the problem.

The best way to mitigate slopsquatting is for developers to proactively monitor every dependency and use tools to vet dependencies before adding them to projects, the vendor concluded.