Close Menu
AIToday7

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Anthropic found a hidden space where Claude puzzles over concepts

    July 12, 2026

    OpenAI says GPT 5.6 is the ‘preferred model’ for Microsoft Copilot 365 amid breakup chatter

    July 12, 2026

    AI companies want to water down Australia’s copyright laws. Artists are outraged, Labor is split

    July 12, 2026
    Facebook X (Twitter) Instagram
    Trending
    • Anthropic found a hidden space where Claude puzzles over concepts
    • OpenAI says GPT 5.6 is the ‘preferred model’ for Microsoft Copilot 365 amid breakup chatter
    • AI companies want to water down Australia’s copyright laws. Artists are outraged, Labor is split
    • SpaceX and AI startup wealth fuels demand for private jets
    • Apple faces rising costs as AI-driven memory shortage reshapes hardware markets
    • The 6 biggest cybersecurity breaches of 2026 so far
    • Forget typosquatting; slopsquatting is the software supply chain threat created by AI coding tools
    • Artificial Intelligence is Reshaping the US Financial Market; EX DeFi Launches AI
    Facebook X (Twitter) Instagram Pinterest Vimeo
    AIToday7
    • Home
    • AI News
    • Tech News
    • AI Guides
    • Chatbots
    • Cybersecurity
    • Gadgets
    • More
      • Generative AI
      • Startups
    AIToday7
    Home»AI Guides»Forget typosquatting; slopsquatting is the software supply chain threat created by AI coding tools
    AI Guides

    Forget typosquatting; slopsquatting is the software supply chain threat created by AI coding tools

    stamilhstgr0518@gmail.comBy stamilhstgr0518@gmail.comJuly 12, 2026No Comments5 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Forget typosquatting; slopsquatting is the software supply chain threat created by AI coding tools
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Featured
    Zac Amos, ReHack
    9:00 am, PT, July 11, 2026

    Slopsquatting
    CleoPtolemy made with Midjourney

    Slopsquatting represents an emerging supply chain threat made possible by AI hallucinations. As developers increasingly rely on AI coding assistants, they unknowingly grant cybercriminals access to their software from day one. 

    Understanding what slopsquatting is

    Slopsquatting is a new type of supply chain attack that uses large language model (LLM) hallucinations to inject malicious code into development workflows. The term combines “AI slop” and “typosquatting,” a deceptive practice where attackers register misspelled or lookalike versions of popular domains to prey on users who enter URLs incorrectly.

    This novel attack vector exploits LLMs’ tendency to generate fictitious software package names, which threat actors can then register and populate with malicious code.

    During AI-assisted coding, the model may generate fake open-lation tools. This alone is not necessarily harmful. However, if an attacker registers that fake package name, they can inject malware that gets incorporated directly into a developer’s codebase

    How AI creates a supply chain risk

    Traditionally, AI safety risks stem from hallucinations, which can adversely affect users who treat misinformation as valid. However, those same hallucinations have evolved into exploitable security vulnerabilities.

    Typosquatting is a deceptive practice where a cybercriminal registers a mispelled version of a popular package to trick developers. It has existed for decades, so registries have built protections against it. 

    However, AI has changed the threat model. It recommends fictitious packages that sound plausible rather than making simple misspellings. Once attackers learn which hallucinated packages models tend to invent, they can register malware-filled packages under those names.

    Since the hallucinated packages are not simply typoed versions of popular libraries, there are no protections against this practice at scale. For example, the registry protects against an attacker publishing “crossenv,” a squat of the popular “cross-env” package. However, it would not identify “mpn install cross-env file” or “cross-env-extended” as threats.

    Hallucinations are persistent and severe

    Even if many LLMs recommend the same hallucinated package, widespread compromise is still possible. Malicious packages could remain undetected in production for months or even years, allowing threat actors to passively inject malware across countless environments. 

    One research team analyzed 31,267 vulnerabilities belonging to 14,675 packages across 10 programming languages. They discovered that reported vulnerabilities are increasing at an annual rate of 98%, faster growth than the 25% annual increase in the number of open- the average lifespan of vulnerabilities, indicating a decline in security

    Real-world dangers of AI hallucinations

    Malicious actors can create open-access packages under the same name as commonly hallucinated libraries. Instead of standard code, they are filled with malware. The models believe they are referring to existing packages, so they often repeat the same hallucinated names. Since the hallucinations are not random, attackers could theoretically register packages that trick tens of thousands of developers.

    These packages appear legitimate. String similarity to real libraries makes them recognizable. One-character typos suggest simple mistakes rather than malicious intent. Even fully fabricated names remain believable when the AI presents them in proper context. Detection is challenging, as developers trust their coding assistants to recommend valid dependencies.

    Why are LLMs hallucinating packages?

    LLMs generate the statistically most likely answer rather than prioritizing accuracy. Hallucinations are relatively common as a result. One study found hallucination rates range from 50% to 82%, depending on the model and prompting method. Even GPT-4o, the best-performing model, goes no lower than 23%, even with prompt-based mitigation.

    Adversarial hallucination attacks could worsen this problem. Threat actors can leverage token-level manipulation or retrieval poisoning to force models to hallucinate in ways they want, increasing the likelihood that models recommend their malicious packages.

    Which LLMs are prone to slopsquatting?

    While all LLMs are prone to slopsquatting, some are more vulnerable than others. The likelihood of producing hallucinated packages during code generation depends on the model. Proprietary models are four times less likely to generate hallucinated packages than open-

    One research group proved this by conducting 30 tests across 30 different systems. Out of the 576,000 code samples and 2.23 million packages it produced, 19.7% were hallucinations. GPT-4.0 Turbo had a hallucination rate of 3.59%, while DeepSeek 1B, the best-performing open-

    This research suggests that organizations relying on open-osed to slopsquatting attacks. That doesn’t necessarily mean proprietary tools will always remain safer, though. Once attackers realize this disparity, they may manipulate proprietary LLMs to take advantage of perceived safety

    Vibe coding contributes to the problem

    Software developers who use AI tools estimate that over 40 percent of the code they commit includes AI assistance. They expect that percentage will increase considerably within the next few years. Already, 72% of those who have tried AI use it daily.

    The uptick in vibe coding and AI-assisted coding amplifies the threat surface. As more developers integrate AI tools into their workflows without implementing proper verification processes, the attack surface for slopsquatting continues to expand.

    For those using AI to assist with coding, double-checking output is essential. Verifying that recommended packages actually exist in official repositories before incorporating them into projects reduces risk.

    Navigating AI-assisted development

    Implementing automated checks that validate package names against known registries can help catch hallucinated packages before they enter production code. Security teams should also monitor for unusual package installations and maintain up-to-date threat intelligence on known slopsquatting campaigns.

    Zac Amos is the Features Editor atReHack.

    Welcome to the VentureBeat community!

    Our guest posting program is where technical experts share insights and provide neutral, non-vested deep dives on AI, data infrastructure, cybersecurity and other cutting-edge technologies shaping the future of enterprise.

    Read morefrom our guest post program — and check out ourguidelinesif you’re interested in contributing an article of your own!

    Forget slopsquatting Software Supply typosquatting
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleArtificial Intelligence is Reshaping the US Financial Market; EX DeFi Launches AI
    Next Article The 6 biggest cybersecurity breaches of 2026 so far
    stamilhstgr0518@gmail.com
    • Website

    Related Posts

    AI Guides

    What Is Context Engineering (and Why It Is Replacing Prompt Engineering)

    July 11, 2026
    AI Guides

    AI prompts that work: Mastering prompt engineering (with examples)

    July 11, 2026
    AI Guides

    Google Photos adds a new AI ‘Video Remix’ tool

    July 11, 2026
    Add A Comment
    Leave A Reply Cancel Reply

    Top Posts

    Anthropic found a hidden space where Claude puzzles over concepts

    July 12, 20260 Views

    OpenAI says GPT 5.6 is the ‘preferred model’ for Microsoft Copilot 365 amid breakup chatter

    July 12, 20260 Views

    AI companies want to water down Australia’s copyright laws. Artists are outraged, Labor is split

    July 12, 20260 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    Chatbots

    OpenAI bets on families as ChatGPT goes deeper into households

    stamilhstgr0518@gmail.comJuly 11, 2026
    Generative AI

    MUSIC COMMUNITY INTRODUCES NEW LABELING PROGRAM TO DISTINGUISH GENERATIVE AI IN SOUND RECORDINGS

    stamilhstgr0518@gmail.comJuly 11, 2026
    AI News

    Safe from AI: which jobs will help you thrive in the future?

    stamilhstgr0518@gmail.comJuly 11, 2026

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Most Popular

    Anthropic found a hidden space where Claude puzzles over concepts

    July 12, 20260 Views

    OpenAI says GPT 5.6 is the ‘preferred model’ for Microsoft Copilot 365 amid breakup chatter

    July 12, 20260 Views

    AI companies want to water down Australia’s copyright laws. Artists are outraged, Labor is split

    July 12, 20260 Views
    Our Picks

    OpenAI bets on families as ChatGPT goes deeper into households

    July 11, 2026

    MUSIC COMMUNITY INTRODUCES NEW LABELING PROGRAM TO DISTINGUISH GENERATIVE AI IN SOUND RECORDINGS

    July 11, 2026

    Safe from AI: which jobs will help you thrive in the future?

    July 11, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • About Us
    • Get In Touch
    • Disclaimer
    • Privacy Policy
    • Terms and Conditions
    © 2026 AIToday7. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.