Slopsquatting.

A 2024-coined supply-chain attack where adversaries register package names that LLM code assistants frequently hallucinate, so developers who copy-paste the suggested install command end up pulling malicious code. Относится к категории Безопасность ИИ и ML в кибербезопасности.

A 2024-coined supply-chain attack where adversaries register package names that LLM code assistants frequently hallucinate, so developers who copy-paste the suggested install command end up pulling malicious code.

Slopsquatting is a software supply-chain attack discovered as LLM-driven coding assistants became mainstream. Researchers documented that models consistently invent plausible-but-nonexistent package names — for example a Python pandas helper, a Node logging library, or a Rust crate that sounds right but has never been published. Attackers register those hallucinated names on the relevant package registry (PyPI, npm, crates.io) with malicious payloads; when a developer follows the AI's suggested `pip install` or `npm install` command, the attacker's code runs in their build environment. The name 'slopsquatting' fuses 'AI slop' with typosquatting. Because the same hallucination tends to repeat across users and even across model versions, a single squatted name can harvest many victims over weeks. Defenses include human verification of every external dependency, deterministic lockfiles, allowlisted registries or proxy registries that block recently-registered packages, and IDE plugins that flag packages the assistant suggested but a curated registry hasn't seen.

Защита от Slopsquatting обычно сочетает технические меры и операционные практики, как описано в определении выше.

Распространённые альтернативные названия: AI package hallucination attack, LLM package squatting.