VC
Value Add VC
โšกHomePulseโšกHelpful Apps๐Ÿ“Blog
โ† Value Add PulseAI

Slopsquatting Is the New Threat AI Coding Tools Created

VentureBeat reports a new software supply-chain attack, "slopsquatting," exploits AI coding tools that hallucinate plausible-sounding but nonexistent package names, which attackers then register with malicious code.

TC
Trace Cohen
Early-stage VC & angel ยท Founder, New York Venture Partners
July 11, 2026
2 min read
ShareXLinkedInEmail
THE RUNDOWN
1

VentureBeat's July 11 reporting describes "slopsquatting," a new software supply-chain attack that exploits a well-documented AI coding-tool failure mode: large language models occasionally hallucinate plausible-sounding but entirely nonexistent package names when generating code or dependency recommendations

2

Attackers monitor for these hallucinated package names and proactively register them on public package repositories like npm or PyPI, loading them with malicious code -- so a developer who copies an AI tool's suggested dependency without verifying it exists legitimately can unknowingly install malware directly into their codebase

3

The attack vector is distinct from traditional typosquatting, which relies on developers making manual typing errors, because slopsquatting instead exploits a systematic AI model failure mode that recurs predictably across many different developers using the same or similar AI coding assistants

4

The threat lands the same week CISA disclosed it lacked a prepared incident-response playbook for a GitHub credential exposure, reinforcing a broader pattern where AI-native and cloud-native attack vectors are consistently outpacing organizations' documented response readiness

TC
The VC Read ยท Trace's TakeTrace Cohen

Slopsquatting is scarier than typosquatting precisely because it doesn't need a human mistake -- it needs an AI model to be consistently, predictably wrong, which turns out to be a much more exploitable pattern than random typing errors ever were. Any dev-tools founder not already selling AI-suggestion dependency verification into CI/CD pipelines is leaving a genuinely underserved, urgent security category on the table.

VentureBeat's July 11 reporting details a newly named software supply-chain attack vector called "slopsquatting," which exploits a well-documented failure mode in AI coding tools: large language models occasionally hallucinate plausible-sounding but entirely nonexistent software package names when generating code, suggesting dependencies, or recommending libraries to developers.

The attack mechanic is straightforward once the underlying AI failure mode is understood: attackers actively monitor for these hallucinated package names -- often discovered by running the same popular AI coding assistants themselves and cataloguing which nonexistent packages they suggest -- then proactively register those exact package names on public repositories like npm or PyPI, loading them with malicious code. A developer who trusts an AI coding tool's suggestion without independently verifying the package actually exists and is legitimate can unknowingly pull malware directly into their codebase and, from there, into production systems and any downstream software that depends on it.

The distinction from traditional typosquatting -- where attackers register common misspellings of legitimate package names, hoping a developer fat-fingers an import statement -- is important: slopsquatting doesn't require any human error at all. It exploits a systematic, predictable AI model failure mode that recurs consistently across many different developers using the same or similar coding assistants, meaning a single successful hallucination pattern can be weaponized against a much larger population of potential victims than a typo-dependent attack ever could.

The disclosure lands the same week CISA revealed it lacked a prepared incident-response playbook for a GitHub credential exposure -- a separate but thematically related story showing that AI-native and cloud-native attack surfaces are consistently outpacing organizations' documented security response readiness, from the federal government's own cyber-defense agency down to individual development teams.

For security and engineering leaders, slopsquatting is a concrete, immediately actionable argument for mandatory dependency verification in CI/CD pipelines -- checking that any package name suggested by an AI coding tool actually resolves to a legitimate, previously-known package before it's allowed into a build -- rather than trusting AI-generated code suggestions at face value. For founders building developer tooling and security products, AI-specific supply-chain attack vectors like slopsquatting represent a genuinely new and underserved category of security tooling demand, distinct from traditional dependency-scanning products built before AI coding assistants became ubiquitous.

The bear case: slopsquatting requires attackers to correctly predict which specific hallucinated package names a popular AI tool will suggest, which limits the attack's precision compared to more direct exploitation methods, and major package registries could meaningfully blunt the threat with more aggressive verification of newly registered package names. What to watch next: whether npm, PyPI and other major package registries implement specific slopsquatting detection measures, and whether AI coding tool vendors add real-time package-existence verification directly into their suggestion pipelines.

ShareXLinkedInEmail

Originally reported by VentureBeat. Analysis and editorial commentary by Value Add Pulse.

โ† Back to Pulse

THE WIRE in your inboxโ€” Tech, startup & VC news with Trace's take. Free, no spam.

Read Next

AI

AI Demand Stays 'Almost Unlimited' as Buyers Get Pickier

Executives tell CNBC AI compute and chip demand remains "almost unlimited" even as enterprises shift to "valuemaxxing" -- squeezing more return from existing AI spend rather than simply buying more capacity.

AI

Memory Chipmakers Ride AI's Wildest Boom-Bust Cycle Yet

The Register argues memory chipmakers have always lived on a boom-bust cycle, but the AI-driven demand for HBM is producing the most extreme swing yet, with pricing and capacity decisions made years ahead of actual demand.

AI

It's an AI Web, We're Rats in the Walls

A Register column argues AI crawlers, agents and bot traffic have quietly become the majority presence on much of the web, reshaping how sites are built, defended and monetized around non-human visitors.

@Trace_Cohenยทt@nyvp.com