AI hallucinated packages fuel "Slop Squatting" vulnerabilities

Mar 2024

Attackers register software packages that AI tools hallucinate (e.g. a fake 'huggingface-cli'), turning model guesswork into a new supply-chain risk dubbed "Slop Squatting".

Incident Details

Perpetrator:Malicious actors

Severity:Catastrophic

Blast Radius:Potential supply-chain compromise when vibe-coders install hallucinated, malicious dependencies.

Tech Stack

npmPyPIPackage ManagersAI Code AssistantsGitHub Copilot

References

Stripe OLT: What is Slop Squatting? ↗The Register: AI bots hallucinate software packages, crooks squat them ↗