Slopsquatting
9 months ago
- #AI-hallucinations
- #software-development
- #cybersecurity
- Slopsquatting is a type of cybersquatting involving fake software package names hallucinated by LLMs.
- The term combines 'AI slop' and 'typosquatting'.
- In 2023, a researcher found LLMs hallucinated 'huggingface-cli', leading to 30,000+ downloads of an empty package.
- The term 'slopsquatting' was coined in April 2025 by Seth Larson and popularized by Andrew Nesbitt.
- A 2025 study found 19.7% of LLM-recommended packages didn't exist, with open-source models hallucinating more (21.7%) than commercial ones (5.2%).
- Prevention includes manual verification of package names and using dependency scanners, lock files, and hash ID verifications.
- No reported cyberattacks using slopsquatting yet, but it poses risks, especially for engineers relying on AI-generated code.