Slopsquatting.

A 2024-coined supply-chain attack where adversaries register package names that LLM code assistants frequently hallucinate, so developers who copy-paste the suggested install command end up pulling malicious code. サイバーセキュリティの AI / ML セキュリティ カテゴリに属します。

A 2024-coined supply-chain attack where adversaries register package names that LLM code assistants frequently hallucinate, so developers who copy-paste the suggested install command end up pulling malicious code.

Slopsquatting is a software supply-chain attack discovered as LLM-driven coding assistants became mainstream. Researchers documented that models consistently invent plausible-but-nonexistent package names — for example a Python pandas helper, a Node logging library, or a Rust crate that sounds right but has never been published. Attackers register those hallucinated names on the relevant package registry (PyPI, npm, crates.io) with malicious payloads; when a developer follows the AI's suggested `pip install` or `npm install` command, the attacker's code runs in their build environment. The name 'slopsquatting' fuses 'AI slop' with typosquatting. Because the same hallucination tends to repeat across users and even across model versions, a single squatted name can harvest many victims over weeks. Defenses include human verification of every external dependency, deterministic lockfiles, allowlisted registries or proxy registries that block recently-registered packages, and IDE plugins that flag packages the assistant suggested but a curated registry hasn't seen.

Slopsquatting に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: AI package hallucination attack, LLM package squatting。