Supply ChainMedium

Slopsquatting: AI-hallucinated package names as a supply-chain vector

2024 to 2025  ·  Code-generating LLMs (ecosystem-wide)

What happened

Research found that roughly 20% of LLM-generated code samples referenced at least one nonexistent package, and 43% of hallucinated names recurred on every re-run, making them predictable squatting targets. An earlier proof-of-concept package drew over 30,000 downloads in three months.

Root cause

LLMs confidently invent plausible but nonexistent dependency names, and the determinism of the hallucinations makes them registerable in advance.

Fix / outcome

No single fix. Mitigations are dependency pinning, lockfiles, allowlists, and human review.

Sources

Help Net Security

Learn this attack class

This incident is an example of Supply Chain. Read the guide, then try it hands-on in the Academy.

Read the guide →

← Back to the Incident Database