Slopsquatting: new AI-hallucination-driven software supply chain attack vector emerges
What happened
VentureBeat on July 17, 2026 published an analysis of the 'slopsquatting' threat — a software supply chain attack that exploits LLMs' tendency to generate non-existent package names (hallucination). Attackers register these names on npm/PyPI and populate them with malicious code.
Context and impact
The name combines 'AI slop' (low-quality AI output) and 'typosquatting'. The key difference: attackers don't need to guess — they just observe model behavior and register repeatedly hallucinated names before a real developer does. In January 2026, researcher Charlie Eriksen found that AI coding agents had spread recommendations for the non-existent npm package react-codeshift across 237 repositories — Eriksen registered it defensively before an attacker could.
Details
- Overall hallucination rate: 19.7% (research)
- GPT-4.0 Turbo: 3.59% hallucination rate (best proprietary)
- DeepSeek 1B: 13.63% (best open-source in study)
- Proprietary models are 4x less likely to hallucinate packages than open-source
- react-codeshift case: 237 repositories affected before defensive registration
- Mitigation: automated package name validation against official registries
Open original source
VentureBeat