Facefam ArticlesFacefam Articles
  • webmaster
    • How to
    • Developers
    • Hosting
    • monetization
    • Reports
  • Technology
    • Software
  • Downloads
    • Windows
    • android
    • PHP Scripts
    • CMS
  • REVIEWS
  • Donate
  • Join Facefam
Search

Archives

  • May 2025
  • April 2025
  • March 2025
  • January 2025
  • December 2024
  • November 2024

Categories

  • Advertiser
  • AI
  • android
  • betting
  • Bongo
  • Business
  • CMS
  • cryptocurrency
  • Developers
  • Development
  • Downloads
  • Entertainment
  • Entrepreneur
  • Finacial
  • General
  • Hosting
  • How to
  • insuarance
  • Internet
  • Kenya
  • monetization
  • Music
  • News
  • Phones
  • PHP Scripts
  • Reports
  • REVIEWS
  • RUSSIA
  • Software
  • Technology
  • Tips
  • Tragic
  • Ukraine
  • Uncategorized
  • USA
  • webmaster
  • webmaster
  • Windows
  • Women Empowerment
  • Wordpress
  • Wp Plugins
  • Wp themes
Facefam 2025
Notification Show More
Font ResizerAa
Facefam ArticlesFacefam Articles
Font ResizerAa
  • Submit a Post
  • Donate
  • Join Facefam social
Search
  • webmaster
    • How to
    • Developers
    • Hosting
    • monetization
    • Reports
  • Technology
    • Software
  • Downloads
    • Windows
    • android
    • PHP Scripts
    • CMS
  • REVIEWS
  • Donate
  • Join Facefam
Have an existing account? Sign In
Follow US
Technologywebmaster

Slopsquatting & Vibe Coding Can Increase Risk of AI-Powered Attacks

Ronald Kenyatta
Last updated: April 16, 2025 10:34 pm
By
Ronald Kenyatta
ByRonald Kenyatta
Follow:
Share
4 Min Read
SHARE

Contents
What is slopsquatting?AI-hallucinated software packages are on the riseMust-read security coverageHow vibe coding might increase this security riskHow developers can protect themselves

Zoomed in monitor with programming.

Security researchers and developers are raising alarms over “slopsquatting,” a new form of supply chain attack that leverages AI-generated misinformation commonly known as hallucinations. As developers increasingly rely on coding tools like GitHub Copilot, ChatGPT, and DeepSeek, attackers are exploiting AI’s tendency to invent software packages, tricking users into downloading malicious content.

What is slopsquatting?

The term slopsquatting was originally coined by Seth Larson, a developer with the Python Software Foundation, and later popularized by tech security researcher Andrew Nesbitt. It refers to cases where attackers register software packages that don’t actually exist but are mistakenly suggested by AI tools; once live, these fake packages can contain harmful code.

If a developer installs one of these without verifying it — simply trusting the AI — they may unknowingly introduce malicious code into their project, giving hackers backdoor access to sensitive environments.

Unlike typosquatting, where malicious actors count on human spelling mistakes, slopsquatting relies entirely on AI’s flaws and developers misplaced trust in automated suggestions.

AI-hallucinated software packages are on the rise

This issue is more than theoretical. A recent joint study by researchers at the University of Texas at San Antonio, Virginia Tech, and the University of Oklahoma analyzed more than 576,000 AI-generated code samples from 16 large language models (LLMs). They found that nearly 1 in 5 packages suggested by AI didn’t exist.

“The average percentage of hallucinated packages is at least 5.2% for commercial models and 21.7% for open-source models, including a staggering 205,474 unique examples of hallucinated package names, further underscoring the severity and pervasiveness of this threat,” the study revealed.

Even more concerning, these hallucinated names weren’t random. In multiple runs using the same prompts, 43% of hallucinated packages consistently reappeared, showing how predictable these hallucinations can be. As explained by the security firm Socket, this consistency gives attackers a roadmap — they can monitor AI behavior, identify repeat suggestions, and register those package names before anyone else does.

The study also noted differences across models: CodeLlama 7B and 34B had the highest hallucination rates of over 30%; GPT-4 Turbo had the lowest rate at 3.59%.

Must-read security coverage

How vibe coding might increase this security risk

A growing trend called vibe coding, a term coined by AI researcher Andrej Karpathy, may worsen the issue. It refers to a workflow where developers describe what they want, and AI tools generate the code. This approach leans heavily on trust — developers often copy and paste AI output without double-checking everything.

In this environment, hallucinated packages become easy entry points for attackers, especially when developers skip manual review steps and rely solely on AI-generated suggestions.

How developers can protect themselves

To avoid falling victim to slopsquatting, experts recommend:

  • Manually verifying all package names before installation.
  • Using package security tools that scan dependencies for risks.
  • Checking for suspicious or brand-new libraries.
  • Avoiding copy-pasting install commands directly from AI suggestions.

Meanwhile, there is good news: some AI models are improving in self-policing. GPT-4 Turbo and DeepSeek, for instance, have shown they can detect and flag hallucinated packages in their own output with over 75% accuracy, according to early internal tests.

TAGGED:aiai cybersecurityAIPoweredartificial intelligenceAttacksCodingCybersecuritydevelopersIncreaseRiskSlopsquattingsupply chain attacksVibevibe coding
Share This Article
Facebook Whatsapp Whatsapp Email Copy Link Print
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Previous Article All You Need to Know About Telecommunications All You Need to Know About Telecommunications
Next Article Claude AI sample conversation. Get ‘Balance of Speed and Quality’ From Claude AI Model’s Research Responses
Leave a review

Leave a Review Cancel reply

Your email address will not be published. Required fields are marked *

Please select a rating!

Feature-by-Feature Comparison: ShaunSocial vs. ColibriPlus – Which Social Network Script Comes Out on Top?
How Enterprise IT Can Achieve Water Sustainability Despite the Demands of AI
AI Benchmark Discrepancy Reveals Gaps in Performance Claims
Huawei Readies Ascend 920 Chip to Replace Restricted NVIDIA H20
‘AI Is Fundamentally Incompatible With Environmental Sustainability’

Recent Posts

  • Feature-by-Feature Comparison: ShaunSocial vs. ColibriPlus – Which Social Network Script Comes Out on Top?
  • How Enterprise IT Can Achieve Water Sustainability Despite the Demands of AI
  • AI Benchmark Discrepancy Reveals Gaps in Performance Claims
  • Huawei Readies Ascend 920 Chip to Replace Restricted NVIDIA H20
  • ‘AI Is Fundamentally Incompatible With Environmental Sustainability’

Recent Comments

  1. https://tubemp4.ru on Best Features of PHPFox Social Network Script
  2. Вулкан Платинум on Best Features of PHPFox Social Network Script
  3. Вулкан Платинум официальный on Best Features of PHPFox Social Network Script
  4. Best Quality SEO Backlinks on DDoS Attacks Now Key Weapons in Geopolitical Conflicts, NETSCOUT Warns
  5. http://boyarka-inform.com on Comparing Wowonder and ShaunSocial

You Might Also Like

Photo of Google
Technologywebmaster

Google is Betting Big on Nuclear Energy – Here’s Why

April 19, 2025
Screenshot from Microsoft
Technologywebmaster

Microsoft’s New Copilot Studio Feature Offers More User-Friendly Automation

April 19, 2025
iot-spy.jpg
Technologywebmaster

US Officials Claim DeepSeek AI App Is ‘Designed To Spy on Americans’

April 19, 2025
Flat vector illustration of the automation concept.
Technologywebmaster

The End of Fragmented Automation

April 18, 2025
Microsoft Releases Largest 1-Bit LLM, Letting Powerful AI Run on Some Older Hardware
Technologywebmaster

Microsoft Releases Largest 1-Bit LLM, Letting Powerful AI Run on Some Older Hardware

April 18, 2025
Previous Next
Facefam ArticlesFacefam Articles
Facefam Articles 2025
  • Submit a Post
  • Donate
  • Join Facefam social
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?

Not a member? Sign Up