LogoAgentHunter
  • Submit
  • Industries
  • Categories
  • Agency
Logo
LogoAgentHunter

Discover, Compare, and Leverage the Best AI Agents

Featured On

Featured on yo.directory
yo.directory
Featured on yo.directory
Featured on Startup Fame
Startup Fame
Featured on Startup Fame
AIStage
Listed on AIStage
Sprunkid
Featured on Sprunkid
Featured on Twelve Tools
Twelve Tools
Featured on Twelve Tools
Listed on Turbo0
Turbo0
Listed on Turbo0
Featured on Product Hunt
Product Hunt
Featured on Product Hunt
Game Sprunki
Featured on Game Sprunki
AI Toolz Dir
Featured on AI Toolz Dir
Featured on Microlaunch
Microlaunch
Featured on Microlaunch
Featured on Fazier
Fazier
Featured on Fazier
Featured on Techbase Directory
Techbase Directory
Featured on Techbase Directory
backlinkdirs
Featured on Backlink Dirs
Featured on SideProjectors
SideProjectors
Featured on SideProjectors
Submit AI Tools
Featured on Submit AI Tools
AI Hunt
Featured on AI Hunt
Featured on Dang.ai
Dang.ai
Featured on Dang.ai
Featured on AI Finder
AI Finder
Featured on AI Finder
Featured on LaunchIgniter
LaunchIgniter
Featured on LaunchIgniter
Imglab
Featured on Imglab
AI138
Featured on AI138
600.tools
Featured on 600.tools
Featured Tool
Featured on Featured Tool
Dirs.cc
Featured on Dirs.cc
Ant Directory
Featured on Ant Directory
Featured on MagicBox.tools
MagicBox.tools
Featured on MagicBox.tools
Featured on Code.market
Code.market
Featured on Code.market
Featured on LaunchBoard
LaunchBoard
Featured on LaunchBoard
Genify
Featured on Genify
Copyright © 2025 All Rights Reserved.
Product
  • AI Agents Directory
  • AI Agent Glossary
  • Industries
  • Categories
Resources
  • AI Agentic Workflows
  • Blog
  • News
  • Submit
  • Coummunity
  • Ebooks
Company
  • About Us
  • Privacy Policy
  • Terms of Service
  • Sitemap
Friend Links
  • AI Music API
  • ImaginePro AI
  • Dog Names
  • Readdit Analytics
Back to News List

AI hallucinates fake software dependencies enabling new supply chain attacks

April 12, 2025•Thomas Claburn•Original Link•2 minutes
AI
Cybersecurity
SoftwareDevelopment

Hallucinated package names fuel slopsquatting as AI coding tools invent non-existent dependencies

The rise of AI-powered code generation tools is introducing dangerous new risks to software development through hallucinated dependencies.

The Slopsquatting Threat

Security researchers have discovered that AI coding assistants frequently invent non-existent software packages in their suggestions:

  • 5.2% of commercial model suggestions are fake
  • 21.7% from open source models

Malicious actors have begun exploiting this by:

  1. Creating malware under hallucinated package names
  2. Uploading them to registries like PyPI or npm
  3. Waiting for AI tools to recommend their fake packages

Attack Patterns Emerging

Research shows hallucinated names follow a bimodal pattern:

  • 43% reappear consistently with the same prompt
  • 39% vanish completely

This phenomenon has been dubbed "slopsquatting" - a play on typosquatting and the "slop" pejorative for AI output.

Real-World Consequences

Recent incidents include:

  • Google's AI Overview recommending a malicious @async-mutex/mutex npm package
  • Threat actor "_Iain" automating typo-squatted package creation at scale

Industry Response

The Python Software Foundation is:

  • Implementing malware reporting APIs
  • Improving typo-squatting detection
  • Partnering with security teams

Security experts warn developers must:

  • Verify all AI-suggested packages
  • Check for typos in names
  • Review package contents before installation

As Socket CEO Feross Aboukhadijeh notes: "What a world we live in: AI hallucinated packages are validated and rubber-stamped by another AI that is too eager to be helpful."

Related reading:

  • GitHub supply chain attack spills secrets
  • North Korean cloning attacks

Related News

September 14, 2025•Dae-jung Park

Korean AI Startups Lead Global AI Infrastructure Innovation

CB Insights highlights Korean startups Dnotitia, VESSL AI, and Upstage as key players in shaping the future of AI infrastructure, signaling Korea's growing influence in the global AI landscape.

AI
KoreanStartups
TechInnovation
September 13, 2025•Hannah Warfel

Genesys Adobe NiCE Lead AI Push in CX Automation

Genesys launches agentic AI tools, Adobe rolls out AI agents, NiCE completes Cognigy acquisition, and SoundHound AI buys Interactions to enhance customer experience automation.

AI
CustomerExperience
Acquisitions

About the Author

Dr. Lisa Kim

Dr. Lisa Kim

AI Ethics Researcher

Leading expert in AI ethics and responsible AI development with 13 years of research experience. Former member of Microsoft AI Ethics Committee, now provides consulting for multiple international AI governance organizations. Regularly contributes AI ethics articles to top-tier journals like Nature and Science.

Expertise

AI Ethics
Algorithmic Fairness
AI Governance
Responsible AI
Experience
13 years
Publications
95+
Credentials
2
LinkedInResearchGate

Agent Newsletter

Get Agentic Newsletter Today

Subscribe to our newsletter for the latest news and updates