📣 Send us your press release
Site updates every 15 minutes
Technology

AI coding tools introduce new software supply chain threat: slopsquatting

As AI coding assistants become more prevalent, a new threat called 'slopsquatting' has emerged. This attack leverages AI 'hallucinations' to inject malicious code into software supply chains.

11 July 2026
AI coding tools introduce new software supply chain threat: slopsquatting

Slopsquatting represents an emerging threat to software supply chains, fueled by the increasing reliance on AI coding assistants. As developers integrate these tools into their workflows, they risk inadvertently granting cybercriminals access to their software by accepting AI-generated, but fictitious, software package suggestions.

The attack vector exploits the tendency of large language models (LLMs) to "hallucinate" or generate plausible-sounding but non-existent software package names. Threat actors can register these hallucinated names and populate them with malware. When an AI assistant suggests such a fictitious package, a developer might integrate it directly into their codebase, unknowingly incorporating malicious code.

Unlike traditional typosquatting, which relies on simple misspellings of legitimate package names, slopsquatting exploits AI's tendency to invent entirely new, yet believable, package names. Existing security measures designed to catch minor errors may not detect these fabricated names, making the attack more insidious.

Research indicates that the vulnerability to these AI-generated package errors varies between different AI models. Proprietary models have shown a lower rate of generating hallucinated packages compared to open-source alternatives. Developers are urged to meticulously verify all AI-generated code suggestions to mitigate the risk of introducing malware into their systems.

Original source: venturebeat.com