AI Coding Agents Enable 'Slopsquatting' Supply-Chain Attacks via Hallucinated Packages
A newly identified supply-chain attack technique called 'slopsquatting' exploits the tendency of large language models to hallucinate plausible-sounding package names when generating code. Attackers can pre-register these fabricated package names on public registries, causing malicious code to execute silently when an AI agent's suggested dependency is installed. Unlike typosquatting, this threat is harder to catch because the package name appears nowhere in human-written code and standard code reviews offer no reliable signal. An open-source tool called Trellis, developed by LineageLens, addresses this by running registry verification and offline edit-distance checks whenever an AI agent modifies a dependency manifest. Security experts recommend treating dependency introductions as trust decisions requiring human review, and logging which agent or prompt introduced each package for faster incident response.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in