Slopsquatting is a new supply chain attack using AI-generated nonexistent package names, making it easier for attackers to exploit developer trust in AI tools. Research shows significant hallucination rates in code generation models, with 19.7% of suggested packages being fake. This poses serious risks as developers may unknowingly install these malicious packages, especially with the growing trend of “vibe coding” where developers rely heavily on AI for code creation. Security measures must adapt to identify and mitigate these threats effectively to protect software ecosystems.
The Rise of Slopsquatting: How AI Hallucinations Are Fueling…

