Sunday, 12 Jul 2026
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • DMCA
logo logo
  • World
  • Politics
  • Crime
  • Economy
  • Tech & Science
  • Sports
  • Entertainment
  • More
    • Education
    • Celebrities
    • Culture and Arts
    • Environment
    • Health and Wellness
    • Lifestyle
  • 🔥
  • Trump
  • House
  • White
  • ScienceAlert
  • VIDEO
  • man
  • Trumps
  • Season
  • star
  • Years
Font ResizerAa
American FocusAmerican Focus
Search
  • World
  • Politics
  • Crime
  • Economy
  • Tech & Science
  • Sports
  • Entertainment
  • More
    • Education
    • Celebrities
    • Culture and Arts
    • Environment
    • Health and Wellness
    • Lifestyle
Follow US
© 2024 americanfocus.online – All Rights Reserved.
American Focus > Blog > Tech and Science > Forget typosquatting; slopsquatting is the software supply chain threat created by AI coding tools
Tech and Science

Forget typosquatting; slopsquatting is the software supply chain threat created by AI coding tools

Last updated: July 12, 2026 12:00 am
Share
Forget typosquatting; slopsquatting is the software supply chain threat created by AI coding tools
SHARE

Contents
Understanding SlopsquattingAI-Induced Supply Chain RisksWhy LLMs Generate Hallucinated PackagesLLMs Vulnerable to SlopsquattingThe Role of Vibe CodingGuiding AI-Assisted Development

The rise of AI hallucinations has introduced a new supply chain threat known as slopsquatting. This threat emerges as developers increasingly depend on AI coding assistants, inadvertently providing cybercriminals with access to their software from the outset. 

Understanding Slopsquatting

Slopsquatting is an innovative form of supply chain attack that leverages large language model (LLM) hallucinations to insert malicious code into development processes. The term merges “AI slop” with “typosquatting,” which is a tactic where attackers register altered or similar versions of popular domains to mislead users who mistype URLs.

This new attack exploits LLMs’ propensity to create non-existent software package names. Cybercriminals can register these names and fill them with harmful code.

In AI-assisted coding, the model might suggest non-existent open-source packages, which are collections of files, programs, and installation tools. While this in itself isn’t dangerous, if an attacker registers the fictitious package name, they can inject malware directly into a developer’s codebase.

AI-Induced Supply Chain Risks

Historically, AI safety concerns arose from hallucinations, potentially misguiding users who accept misinformation as true. These hallucinations have now morphed into exploitable security threats.

Typosquatting, where cybercriminals register misspelled versions of popular packages to deceive developers, has been a long-standing threat. Registries have developed defenses against it. 

However, AI alters the threat landscape by suggesting plausible-sounding fictional packages instead of simple misspellings. Once attackers identify the fake packages frequently generated by models, they can register malware-laden packages under those names.

See also  Elon Musk's PAC Ends Million Dollar Giveaways After Threat from DOJ |

Since these hallucinated packages aren’t merely typographical errors of known libraries, there are no broad defenses against them. For example, while a registry might block a fake “crossenv” package mimicking “cross-env,” it might not flag “mpn install cross-env file” or “cross-env-extended” as threats.

Persistent and Severe Hallucinations

Even if multiple LLMs suggest the same fictitious package, wide-scale compromise remains a risk. Malicious packages might go unnoticed in production for extended periods, allowing attackers to surreptitiously inject malware into numerous environments. 

A research team analyzed 31,267 vulnerabilities in 14,675 packages across 10 programming languages. They found that vulnerabilities are growing at an annual rate of 98%, outpacing the 25% yearly increase in open-source software packages. The study also noted an 85% rise in the average lifespan of vulnerabilities, signaling a reduction in security.

Real-world Impact of AI Hallucinations

Cybercriminals can develop open-access packages using the same names as frequently hallucinated libraries. These packages contain malware instead of legitimate code. Since models believe they refer to real packages, the same fictitious names are often repeated. As these hallucinations aren’t random, attackers could potentially register packages that deceive thousands of developers.

The deceptive packages appear legitimate because of their resemblance to genuine libraries. Minor typos might seem like simple errors rather than malicious actions. Even entirely made-up names seem credible when AI provides them in context. Detecting these threats is difficult, as developers trust their coding assistants to suggest valid dependencies.

Why LLMs Generate Hallucinated Packages

LLMs aim to produce the statistically probable response rather than ensuring accuracy, leading to frequent hallucinations. A study found hallucination rates range from 50% to 82%, depending on the model and prompting technique. Even the top-performing model, GPT-4o, has a minimum hallucination rate of 23% despite prompt-based mitigation.

See also  E. coli genome has been remade with 101,000 changes to its DNA

Adversarial hallucination attacks could exacerbate this problem. Cybercriminals might employ token-level manipulation or retrieval poisoning to make models hallucinate in specific ways, boosting the chance of recommending their harmful packages.

LLMs Vulnerable to Slopsquatting

All LLMs risk slopsquatting, but some are more susceptible than others. The likelihood of generating hallucinated packages during code creation varies by model. Proprietary models are four times less likely to produce such packages compared to open-source models.

A research group demonstrated this by conducting 30 tests on 30 different systems. Among 576,000 code samples and 2.23 million packages generated, 19.7% were hallucinations. The GPT-4.0 Turbo model had a 3.59% hallucination rate, while DeepSeek 1B, the top-performing open-source model, had a rate of 13.63%.

This research indicates that organizations using open-source AI tools for code generation face a fourfold increase in exposure to slopsquatting attacks. However, this doesn’t imply proprietary tools are always safer. Once attackers become aware of this difference, they may exploit proprietary LLMs to benefit from perceived safety.

The Role of Vibe Coding

Developers using AI tools believe that over 40 percent of their code involves AI assistance. They anticipate this percentage to grow significantly in the near future. Currently, 72% of AI users engage with it daily.

The increase in vibe coding and AI-assisted coding extends the threat landscape. As more developers incorporate AI tools into their workflows without proper verification, the exposure to slopsquatting continues to grow.

For developers relying on AI for coding assistance, verifying outputs is crucial. Ensuring recommended packages are available in official repositories before adding them to projects can mitigate risks.

See also  Enterprise AI coding grows teeth: GPT‑5.2‑Codex weaves security into large-scale software refactors

Guiding AI-Assisted Development

Automated checks to validate package names against known registries can prevent hallucinated packages from entering production code. Security teams should also monitor for unusual package installations and keep threat intelligence updated on known slopsquatting activities.

Zac Amos is the Features Editor at ReHack.

TAGGED:chaincodingCreatedForgetslopsquattingSoftwareSupplyThreattoolstyposquatting
Share This Article
Twitter Email Copy Link Print
Previous Article How to build homes that can survive extreme heat How to build homes that can survive extreme heat
Next Article 7 Elegant Braided Updo Hairstyles to Try This Summer 7 Elegant Braided Updo Hairstyles to Try This Summer

Popular Posts

The Teacher Tapp App Changed the Way I Think About Teaching

Teacher loneliness is a common issue that many educators face, regardless of their experience level.…

May 9, 2025

First ever inhalable gene therapy for cancer gets fast-tracked by FDA

The field of gene therapy has reached a significant milestone with the development of an…

February 16, 2026

NYC creep suspected in murder of girlfriend pictured for first time

The Bronx community was shocked when news broke of the brutal murder of 21-year-old Princesa…

August 2, 2025

Mick Jagger’s Biggest Scandals — Including Underage Sex and Royal Fling

Mick Jagger's Controversial Past: A Look Into Rae Dawn Chong's Allegations The daughter of comedian…

June 9, 2025

CVS Health replaces CEO as it tries to mount a turnaround

CVS Health announced on Friday that David Joyner will be taking over as the new…

October 19, 2024

You Might Also Like

Pizza chain closing up to 50 locations after years of declines
Economy

Pizza chain closing up to 50 locations after years of declines

July 11, 2026
Big fast-food burger chain franchisee files Chapter 11 bankruptcy
Economy

Big fast-food burger chain franchisee files Chapter 11 bankruptcy

July 11, 2026
Oppo Find X9 Ultra Review: The Ultimate Phone?
Tech and Science

Oppo Find X9 Ultra Review: The Ultimate Phone?

July 11, 2026
Knee Pain Relief, a Superconductor Record, And More! : ScienceAlert
Tech and Science

Knee Pain Relief, a Superconductor Record, And More! : ScienceAlert

July 11, 2026
logo logo
Facebook Twitter Youtube

About US


Explore global affairs, political insights, and linguistic origins. Stay informed with our comprehensive coverage of world news, politics, and Lifestyle.

Top Categories
  • Crime
  • Environment
  • Sports
  • Tech and Science
Usefull Links
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • DMCA

© 2024 americanfocus.online –  All Rights Reserved.

Welcome Back!

Sign in to your account

Lost your password?