Slopsquatting
type of cybersquatting based on anticipated hallucinations in the output of a large language model
Slopsquatting is a type of cybersquatting. It is the practice of registering a non-existent software package name that a large language model (LLM) may hallucinate in its output, whereby someone unknowingly may … Wikipedia
🌐 🌐
🌐
Wikipedia
en.wikipedia.org › wiki › Slopsquatting
Slopsquatting - Wikipedia
4 days ago - Slopsquatting is a type of cybersquatting. It is the practice of registering a non-existent software package name that a large language model (LLM) may hallucinate in its output, whereby someone unknowingly may copy-paste and install the software package without realizing it is fake.
HistoryPreventionImpact
🌐
Trend Micro
trendmicro.com › vinfo › us › security › news › cybercrime-and-digital-threats › slopsquatting-when-ai-agents-hallucinate-malicious-packages
Slopsquatting: When AI Agents Hallucinate Malicious Packages | Trend Micro (US)
June 5, 2025 - Slopsquatting is an evolution of the classic typosquatting attack. Rather than relying on human typographical errors however, attackers exploit AI-generated hallucinations instead.
Discussions
I don't like squats
I hate them too. I replaced them with lunges and leg press and have never been happier More on reddit.com
🌐 r/Fitness
30
4
July 15, 2015
The Rise of Slopsquatting: How AI Hallucinations Are Fueling a New Class of Supply Chain Attacks
That's kind of genius in a 'why didn't I think of that' kind of way. It's kind of an obvious vector but fuck me would that be extremely effective. Most people would not check if the package is real, and it would be extremely hard iff not impossible to stop a given LLM from doing this under the current paradigm. More on reddit.com
🌐 r/linux
14
144
April 15, 2025
AI hallucinations lead to a new cyber threat: Slopsquatting
Just when I thought we couldn't do worse than "smishing" as a name More on reddit.com
🌐 r/cybersecurity
38
232
April 22, 2025
Why Squat is the king?
Squats are not mandatory and if your goal with the squat is just quad hypertrophy, I would say there are better exercises. And if you hate them on top of that, just don't do them. Quads are one of my better body parts and I don't barbell squat. I personally don't do them because: They are VERY taxing like you said, makes the rest of my workout worse. Takes way too long to warm up compared to other exercises. Hard and potentially unsafe to take your quads close to failure. Your quads might not even be the limiting muscle on the exercise, could be your lower back or your glutes. If you do stuff like hack squats, leg press, leg extensions, RDLs, I don't think you are missing out on anything the barbell squat would give you. More on reddit.com
🌐 r/naturalbodybuilding
162
78
February 25, 2024
Videos
18:07
🌐 YouTube
Slopsquatting: Latest Software Supply Chain Scourge - YouTube
April 26, 2025
🌐 youtube.com
What is hallucination squatting? Also known as Slop Squatting
49:10
🌐 YouTube
Vibe Coding, Slopsquatting, and the Future of AI in Software ...
June 12, 2025
🌐 youtube.com
What is Slopsquatting?
00:31
🌐 YouTube
Slopsquatting - YouTube
February 1, 2026
View all
View all
🌐
Kaspersky
kaspersky.com › blog › ai-slopsquatting-supply-chain-risk › 53327
What is slopsquatting, and how to protect your organization
April 23, 2025 - All of the can provoke a new generation of attacks on open-source repositories, which has already been dubbed “slopsquatting” by analogy with typosquatting. In this case, squatting is made possible not by names with typos, but by names from AI slop (low-quality output).
🌐
Socket
socket.dev › blog › slopsquatting-how-ai-hallucinations-are-fueling-a-new-class-of-supply-chain-attacks
The Rise of Slopsquatting: How AI Hallucinations Are Fueling...
April 10, 2025 - Slopsquatting is a new supply chain threat where AI-assisted code generators recommend hallucinated packages that attackers register and weaponize.
🌐
Slashdot
it.slashdot.org › story › 25 › 04 › 22 › 0118200 › ai-hallucinations-lead-to-a-new-cyber-threat-slopsquatting
AI Hallucinations Lead To a New Cyber Threat: Slopsquatting - Slashdot
April 21, 2025 - Researchers have uncovered a new supply chain attack called Slopsquatting, where threat actors exploit hallucinated, non-existent package names generated by AI coding tools like GPT-4 and CodeLlama.
🌐
Snyk
snyk.io › articles › slopsquatting-mitigation-strategies
Slopsquatting: New AI Hallucination Threats & Mitigation Strategies | Snyk
September 2, 2025 - Slopsquatting represents an emerging threat in 2024-2025 that leverages artificial intelligence's inherent weaknesses to compromise software supply chains.
Find elsewhere
🌐
Capitol Technology University
captechu.edu › blog › ai-driven-threats-in-software-supply-chains
AI-Driven Hallucinations in Cyber Supply Chain Lead to New Threat: Slopsquatting | Washington D.C. & Maryland Area | Capitol Technology University
August 25, 2025 - Slopsquatting, a new AI-driven threat, exploits hallucinated code to infiltrate software supply chains. Learn how it works and how organizations can defend against this risk.
🌐
Aikido
aikido.dev › home › articles › what is slopsquatting? the ai package hallucination attack already happening
Slopsquatting: The AI Package Hallucination Attack Already Happening
February 20, 2026 - Slopsquatting, also called hallucination squatting, is what happens when an attacker registers a package name that AI models tend to hallucinate, then waits for developers to install it on an AI's recommendation.
🌐
Cloudsmith
cloudsmith.com › blog › slopsquatting-and-typosquatting-how-to-detect-ai-hallucinated-malicious-packages
Typosquatting & Slopsquatting: Protecting Your Software Supply Chain | Cloudsmith
November 27, 2025 - The rise of software supply chain attacks isn’t slowing down. While many developers are familiar with typosquatting, a new, AI-driven threat has emerged: slopsquatting (also known as "phantom dependencies").
🌐
Medium
medium.com › @hammadtariq › slopsquatting-is-real-and-your-ai-coding-agent-is-the-attack-vector-363dd094af58
Slopsquatting is real — and your AI coding agent is the attack vector | by Hammad Tariq | Apr, 2026 | Medium
April 4, 2026 - LLMs hallucinate package names 18–21% of the time. Attackers have started registering those hallucinated names on npm and PyPI with malicious payloads. They call it “slopsquatting.”
🌐
FOSSA
fossa.com › home › blog › slopsquatting: ai hallucinations and the new software supply chain risk
Slopsquatting: AI Hallucinations and the New Software Supply Chain Risk | FOSSA Blog
April 21, 2025 - Generative AI coding assistants like ChatGPT and GitHub Copilot are reshaping how developers write software, but they also have the potential to introduce new software supply chain security risks. One emerging threat is what’s known as “slopsquatting,” which refers to AI’s tendency to hallucinate software package names.
🌐
Instagram
instagram.com › reel › DXZTTPXDiBy
Do you know what slopsquatting is?
We cannot provide a description for this page right now
🌐
TechRadar
techradar.com › pro
Mitigating the risks of package hallucination and 'slopsquatting' | TechRadar
July 16, 2025 - In 2024, cybersecurity experts ... 'slopsquatting', it is a type of cyber attack where bad actors create fake packages containing malicious code that is inadvertently added to legitimate code....
🌐
Ministry of Testing
ministryoftesting.com › software-testing-glossary › slopsquatting
Slopsquatting | Ministry of Testing
Slopsquatting – when an LLM hallucinates a non-existent package name, and a bad actor registers it maliciously.
🌐
DevOps
devops.com › ai-generated-code-packages-can-lead-to-slopsquatting-threat
AI-Generated Code Packages Can Lead to ‘Slopsquatting’ Threat - DevOps.com
April 19, 2025 - The term slopsquatting is a play on the more common “typosquatting,” an attack technique in which bad actors register domains or create malicious packages with names that are spelled slightly differently from legitimate websites or packages, ...
🌐
Instagram
instagram.com › reel › DQe2WARkWfT
A new AI based attack slopsquatting was used to trick ...
We cannot provide a description for this page right now
🌐
LinkedIn
linkedin.com › pulse › slopsquatting-ai-induced-supply-chain-threat-you-cant-tyler-forrester-alw1e
Slopsquatting: The AI-Induced Supply Chain Threat You ...
We cannot provide a description for this page right now
🌐
The New Stack
thenewstack.io › home › slopsquatting: the newest threat to your ai-generated code
Slopsquatting: The Newest Threat to Your AI-Generated Code - The New Stack
April 16, 2025 - In the case of slopsquatting, a threat actor may create a malicious package that uses the name of an LLM-created non-existent library and place it for download on a popular code repository like GitHub, Python Package Index (PyPI), or npm, in hopes that a programmer will grab it for their work.
🌐
Searchlight Cyber
slcyber.io › home › news › slopsquatting supply chain threat
Slopsquatting Supply Chain Threat › Searchlight Cyber
April 17, 2025 - Security researchers are raising concerns about a potential supply chain cybercrime tactic involving Generative AI, called “Slopsquatting.” This technique exploits a known flaw in GenAI tools – hallucinations, where the AI generates false ...
🌐
Versa Networks
versa-networks.com › home › industry insights › the rise of slopsquatting: a new software supply chain threat
Slopsquatting: The New AI Threat in Software Supply Chains
August 14, 2025 - As organizations increasingly embrace AI-powered coding tools to accelerate development and reduce engineering overhead, a new threat is emerging at the intersection of generative AI and open-source software (OSS): slopsquatting. This novel software supply chain vulnerability exploits hallucinated package names generated by AI models — a subtle but potent attack vector that thrives in AI-assisted development environments.
Related queries
slopsquatting app
slopsquatting review
typosquatting
ai slopsquatting
slopsquatting wikipedia
slopsquatting training
slopsquatting attack
slopsquatting socket