Slopsquatting.

A 2024-coined supply-chain attack where adversaries register package names that LLM code assistants frequently hallucinate, so developers who copy-paste the suggested install command end up pulling malicious code. 它属于网络安全的 AI 与机器学习安全 分类。

A 2024-coined supply-chain attack where adversaries register package names that LLM code assistants frequently hallucinate, so developers who copy-paste the suggested install command end up pulling malicious code.

Slopsquatting is a software supply-chain attack discovered as LLM-driven coding assistants became mainstream. Researchers documented that models consistently invent plausible-but-nonexistent package names — for example a Python pandas helper, a Node logging library, or a Rust crate that sounds right but has never been published. Attackers register those hallucinated names on the relevant package registry (PyPI, npm, crates.io) with malicious payloads; when a developer follows the AI's suggested `pip install` or `npm install` command, the attacker's code runs in their build environment. The name 'slopsquatting' fuses 'AI slop' with typosquatting. Because the same hallucination tends to repeat across users and even across model versions, a single squatted name can harvest many victims over weeks. Defenses include human verification of every external dependency, deterministic lockfiles, allowlisted registries or proxy registries that block recently-registered packages, and IDE plugins that flag packages the assistant suggested but a curated registry hasn't seen.

针对 Slopsquatting 的防御通常结合技术控制与运营实践,详见上方完整定义。

常见的别称包括: AI package hallucination attack, LLM package squatting。