VentureBeat's July 11 reporting details a newly named software supply-chain attack vector called "slopsquatting," which exploits a well-documented failure mode in AI coding tools: large language models occasionally hallucinate plausible-sounding but entirely nonexistent software package names when generating code, suggesting dependencies, or recommending libraries to developers.
The attack mechanic is straightforward once the underlying AI failure mode is understood: attackers actively monitor for these hallucinated package names -- often discovered by running the same popular AI coding assistants themselves and cataloguing which nonexistent packages they suggest -- then proactively register those exact package names on public repositories like npm or PyPI, loading them with malicious code. A developer who trusts an AI coding tool's suggestion without independently verifying the package actually exists and is legitimate can unknowingly pull malware directly into their codebase and, from there, into production systems and any downstream software that depends on it.
The distinction from traditional typosquatting -- where attackers register common misspellings of legitimate package names, hoping a developer fat-fingers an import statement -- is important: slopsquatting doesn't require any human error at all. It exploits a systematic, predictable AI model failure mode that recurs consistently across many different developers using the same or similar coding assistants, meaning a single successful hallucination pattern can be weaponized against a much larger population of potential victims than a typo-dependent attack ever could.
The disclosure lands the same week CISA revealed it lacked a prepared incident-response playbook for a GitHub credential exposure -- a separate but thematically related story showing that AI-native and cloud-native attack surfaces are consistently outpacing organizations' documented security response readiness, from the federal government's own cyber-defense agency down to individual development teams.
For security and engineering leaders, slopsquatting is a concrete, immediately actionable argument for mandatory dependency verification in CI/CD pipelines -- checking that any package name suggested by an AI coding tool actually resolves to a legitimate, previously-known package before it's allowed into a build -- rather than trusting AI-generated code suggestions at face value. For founders building developer tooling and security products, AI-specific supply-chain attack vectors like slopsquatting represent a genuinely new and underserved category of security tooling demand, distinct from traditional dependency-scanning products built before AI coding assistants became ubiquitous.
The bear case: slopsquatting requires attackers to correctly predict which specific hallucinated package names a popular AI tool will suggest, which limits the attack's precision compared to more direct exploitation methods, and major package registries could meaningfully blunt the threat with more aggressive verification of newly registered package names. What to watch next: whether npm, PyPI and other major package registries implement specific slopsquatting detection measures, and whether AI coding tool vendors add real-time package-existence verification directly into their suggestion pipelines.