AI coding assistants are creating a new supply chain vulnerability that attackers are already exploiting. Security researchers have identified "slopsquatting," a novel attack vector that weaponizes AI hallucinations to inject malicious code directly into development workflows.
The threat works like this. Developers using AI tools like GitHub Copilot or similar assistants ask the models to generate code or suggest dependencies. The AI systems, prone to hallucinations, confidently recommend non-existent package names or legitimate-sounding libraries that don't actually exist. Developers trust these suggestions, incorporate them into their projects, and attackers register the fake package names beforehand, distributing malware instead.
Unlike traditional typosquatting, which exploits human typing errors, slopsquatting exploits the fundamental unreliability of language models. LLMs generate plausible-sounding but completely fabricated package names with authority. They don't know what they don't know, and they don't tell users when they're guessing.
The attack bypasses traditional security measures. Code review tools flag obvious typos. Developers notice when they mistype. But when the AI itself produces the malicious reference, it carries the authority of a trusted development tool. The malicious package gets integrated early in the development cycle, gaining access to the full software supply chain from the start.
The threat multiplies across open source ecosystems. A single slopsquatted dependency can compromise dozens of downstream projects before anyone notices. npm, PyPI, and other package registries become vectors for mass infection.
Defenders are scrambling to respond. Some propose AI guardrails that force tools to acknowledge uncertainty. Others suggest registry changes that would flag newly registered packages in well-established ecosystems. Package managers could require additional verification for unfamiliar dependencies. But none of these solutions fully solve the problem.
The vulnerability exposes a uncomfortable
