• About Us
  • Disclaimer
  • Contact Us
  • Privacy Policy
Sunday, July 12, 2026
mGrowTech
No Result
View All Result
  • Technology And Software
    • Account Based Marketing
    • Channel Marketing
    • Marketing Automation
      • Al, Analytics and Automation
      • Ad Management
  • Digital Marketing
    • Social Media Management
    • Google Marketing
  • Direct Marketing
    • Brand Management
    • Marketing Attribution and Consulting
  • Mobile Marketing
  • Event Management
  • PR Solutions
  • Technology And Software
    • Account Based Marketing
    • Channel Marketing
    • Marketing Automation
      • Al, Analytics and Automation
      • Ad Management
  • Digital Marketing
    • Social Media Management
    • Google Marketing
  • Direct Marketing
    • Brand Management
    • Marketing Attribution and Consulting
  • Mobile Marketing
  • Event Management
  • PR Solutions
No Result
View All Result
mGrowTech
No Result
View All Result
Home Technology And Software

Forget typosquatting; slopsquatting is the software supply chain threat created by AI coding tools

Josh by Josh
July 12, 2026
in Technology And Software
0
Forget typosquatting; slopsquatting is the software supply chain threat created by AI coding tools



Slopsquatting represents an emerging supply chain threat made possible by AI hallucinations. As developers increasingly rely on AI coding assistants, they unknowingly grant cybercriminals access to their software from day one. 

READ ALSO

The AI economy needs a break-the-glass plan. We don’t have one.

Phoebe Gates’ AI Shopping App Phia Reportedly Claimed Unearned Affiliate Sales Through Fake Clicks

Understanding what slopsquatting is

Slopsquatting is a new type of supply chain attack that uses large language model (LLM) hallucinations to inject malicious code into development workflows. The term combines "AI slop" and "typosquatting," a deceptive practice where attackers register misspelled or lookalike versions of popular domains to prey on users who enter URLs incorrectly.

This novel attack vector exploits LLMs' tendency to generate fictitious software package names, which threat actors can then register and populate with malicious code.

During AI-assisted coding, the model may generate fake open-source packages — bundled collections of files, programs and installation tools. This alone is not necessarily harmful. However, if an attacker registers that fake package name, they can inject malware that gets incorporated directly into a developer's codebase.

How AI creates a supply chain risk

Traditionally, AI safety risks stem from hallucinations, which can adversely affect users who treat misinformation as valid. However, those same hallucinations have evolved into exploitable security vulnerabilities.

Typosquatting is a deceptive practice where a cybercriminal registers a mispelled version of a popular package to trick developers. It has existed for decades, so registries have built protections against it. 

However, AI has changed the threat model. It recommends fictitious packages that sound plausible rather than making simple misspellings. Once attackers learn which hallucinated packages models tend to invent, they can register malware-filled packages under those names.

Since the hallucinated packages are not simply typoed versions of popular libraries, there are no protections against this practice at scale. For example, the registry protects against an attacker publishing "crossenv," a squat of the popular "cross-env" package. However, it would not identify "mpn install cross-env file" or "cross-env-extended" as threats.

Hallucinations are persistent and severe

Even if many LLMs recommend the same hallucinated package, widespread compromise is still possible. Malicious packages could remain undetected in production for months or even years, allowing threat actors to passively inject malware across countless environments. 

One research team analyzed 31,267 vulnerabilities belonging to 14,675 packages across 10 programming languages. They discovered that reported vulnerabilities are increasing at an annual rate of 98%, faster growth than the 25% annual increase in the number of open-source software packages. The team also observed an 85% increase in the average lifespan of vulnerabilities, indicating a decline in security.

Real-world dangers of AI hallucinations

Malicious actors can create open-access packages under the same name as commonly hallucinated libraries. Instead of standard code, they are filled with malware. The models believe they are referring to existing packages, so they often repeat the same hallucinated names. Since the hallucinations are not random, attackers could theoretically register packages that trick tens of thousands of developers.

These packages appear legitimate. String similarity to real libraries makes them recognizable. One-character typos suggest simple mistakes rather than malicious intent. Even fully fabricated names remain believable when the AI presents them in proper context. Detection is challenging, as developers trust their coding assistants to recommend valid dependencies.

Why are LLMs hallucinating packages?

LLMs generate the statistically most likely answer rather than prioritizing accuracy. Hallucinations are relatively common as a result. One study found hallucination rates range from 50% to 82%, depending on the model and prompting method. Even GPT-4o, the best-performing model, goes no lower than 23%, even with prompt-based mitigation.

Adversarial hallucination attacks could worsen this problem. Threat actors can leverage token-level manipulation or retrieval poisoning to force models to hallucinate in ways they want, increasing the likelihood that models recommend their malicious packages.

Which LLMs are prone to slopsquatting?

While all LLMs are prone to slopsquatting, some are more vulnerable than others. The likelihood of producing hallucinated packages during code generation depends on the model. Proprietary models are four times less likely to generate hallucinated packages than open-source models.

One research group proved this by conducting 30 tests across 30 different systems. Out of the 576,000 code samples and 2.23 million packages it produced, 19.7% were hallucinations. GPT-4.0 Turbo had a hallucination rate of 3.59%, while DeepSeek 1B, the best-performing open-source model, reached 13.63%.

This research suggests that organizations relying on open-source AI tools for code generation are roughly four times more exposed to slopsquatting attacks. That doesn’t necessarily mean proprietary tools will always remain safer, though. Once attackers realize this disparity, they may manipulate proprietary LLMs to take advantage of perceived safety.

Vibe coding contributes to the problem

Software developers who use AI tools estimate that over 40 percent of the code they commit includes AI assistance. They expect that percentage will increase considerably within the next few years. Already, 72% of those who have tried AI use it daily.

The uptick in vibe coding and AI-assisted coding amplifies the threat surface. As more developers integrate AI tools into their workflows without implementing proper verification processes, the attack surface for slopsquatting continues to expand.

For those using AI to assist with coding, double-checking output is essential. Verifying that recommended packages actually exist in official repositories before incorporating them into projects reduces risk.

Navigating AI-assisted development

Implementing automated checks that validate package names against known registries can help catch hallucinated packages before they enter production code. Security teams should also monitor for unusual package installations and maintain up-to-date threat intelligence on known slopsquatting campaigns.

Zac Amos is the Features Editor at ReHack.



Source_link

Related Posts

The AI economy needs a break-the-glass plan. We don’t have one.
Technology And Software

The AI economy needs a break-the-glass plan. We don’t have one.

July 12, 2026
Phoebe Gates’ AI Shopping App Phia Reportedly Claimed Unearned Affiliate Sales Through Fake Clicks
Technology And Software

Phoebe Gates’ AI Shopping App Phia Reportedly Claimed Unearned Affiliate Sales Through Fake Clicks

July 12, 2026
Beatbot AquaSense X Review: A Pool Robot That Cleans Itself
Technology And Software

Beatbot AquaSense X Review: A Pool Robot That Cleans Itself

July 11, 2026
Smart glasses without a camera? Even Realities bets productivity beats recording everyone
Technology And Software

Smart glasses without a camera? Even Realities bets productivity beats recording everyone

July 11, 2026
57% of enterprises have watched AI agents be confidently wrong. The fix is an agentic context layer, but who has one?
Technology And Software

57% of enterprises have watched AI agents be confidently wrong. The fix is an agentic context layer, but who has one?

July 11, 2026
The easiest way to stay in touch with friends
Technology And Software

The easiest way to stay in touch with friends

July 11, 2026
Next Post
GeoGuessr Daily Challenge Answer Today for July 12, 2026

GeoGuessr Daily Challenge Answer Today for July 12, 2026

POPULAR NEWS

Trump ends trade talks with Canada over a digital services tax

Trump ends trade talks with Canada over a digital services tax

June 28, 2025
15 Trending Songs on TikTok in 2025 (+ How to Use Them)

15 Trending Songs on TikTok in 2025 (+ How to Use Them)

June 18, 2025
Communication Effectiveness Skills For Business Leaders

Communication Effectiveness Skills For Business Leaders

June 10, 2025
App Development Cost in Singapore: Pricing Breakdown & Insights

App Development Cost in Singapore: Pricing Breakdown & Insights

June 22, 2025
Comparing the Top 7 Large Language Models LLMs/Systems for Coding in 2025

Comparing the Top 7 Large Language Models LLMs/Systems for Coding in 2025

November 4, 2025

EDITOR'S PICK

Monitor Organic Results with These Tools & Metrics

Monitor Organic Results with These Tools & Metrics

March 8, 2026
The EPA Plans to ‘Reconsider’ Ban on Cancer-Causing Asbestos

The EPA Plans to ‘Reconsider’ Ban on Cancer-Causing Asbestos

June 19, 2025
Meta’s Oversight Board is fine with leaving manipulated content on Facebook

Meta’s Oversight Board is fine with leaving manipulated content on Facebook

November 25, 2025
Becoming Customer Centric, Is Customer-Centricity For You?

Becoming Customer Centric, Is Customer-Centricity For You?

June 19, 2025

About

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

Follow us

Categories

  • Account Based Marketing
  • Ad Management
  • Al, Analytics and Automation
  • Brand Management
  • Channel Marketing
  • Digital Marketing
  • Direct Marketing
  • Event Management
  • Google Marketing
  • Marketing Attribution and Consulting
  • Marketing Automation
  • Mobile Marketing
  • PR Solutions
  • Social Media Management
  • Technology And Software
  • Uncategorized

Recent Posts

  • Golin Ketchum’s president on the big trends from Cannes
  • GeoGuessr Daily Challenge Answer Today for July 12, 2026
  • Forget typosquatting; slopsquatting is the software supply chain threat created by AI coding tools
  • Best Ad Networks Software for 2026: My Top Picks
  • About Us
  • Disclaimer
  • Contact Us
  • Privacy Policy
No Result
View All Result
  • Technology And Software
    • Account Based Marketing
    • Channel Marketing
    • Marketing Automation
      • Al, Analytics and Automation
      • Ad Management
  • Digital Marketing
    • Social Media Management
    • Google Marketing
  • Direct Marketing
    • Brand Management
    • Marketing Attribution and Consulting
  • Mobile Marketing
  • Event Management
  • PR Solutions