{"id":796,"date":"2025-04-16T19:09:46","date_gmt":"2025-04-16T19:09:46","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4302149"},"modified":"2025-04-16T19:09:46","modified_gmt":"2025-04-16T19:09:46","slug":"developers-beware-slopsquatting-vibe-coding-can-increase-risk-of-ai-powered-attacks","status":"publish","type":"post","link":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/04\/16\/developers-beware-slopsquatting-vibe-coding-can-increase-risk-of-ai-powered-attacks\/","title":{"rendered":"Developers Beware: Slopsquatting & Vibe Coding Can Increase Risk of AI-Powered Attacks"},"content":{"rendered":"

\"Zoomed<\/p>\n

Security researchers and developers are raising alarms over \u201cslopsquatting,\u201d a new form of supply chain attack that leverages AI-generated misinformation commonly known as hallucinations. As developers increasingly rely on coding tools like GitHub Copilot, ChatGPT, and DeepSeek, attackers are exploiting AI\u2019s tendency to invent software packages, tricking users into downloading malicious content.<\/p>\n

<\/span>What is slopsquatting?<\/span><\/h2>\n

The term slopsquatting was originally coined by Seth Larson, a developer with the Python Software Foundation, and later popularized by tech security researcher Andrew Nesbitt. It refers to cases where attackers register software packages that don\u2019t actually exist but are mistakenly suggested by AI tools; once live, these fake packages can contain harmful code.<\/p>\n

If a developer installs one of these without verifying it \u2014 simply trusting the AI \u2014 they may unknowingly introduce malicious code into their project, giving hackers backdoor access to sensitive environments.<\/p>\n

Unlike typosquatting, where malicious actors count on human spelling mistakes, slopsquatting relies entirely on AI\u2019s flaws and developers misplaced trust in automated suggestions.<\/p>\n

<\/span>AI-hallucinated software packages are on the rise<\/span><\/h2>\n

This issue is more than theoretical. A recent joint study by researchers at the University of Texas at San Antonio, Virginia Tech, and the University of Oklahoma analyzed more than 576,000 AI-generated code<\/a> samples from 16 large language models (LLMs). They found that nearly 1 in 5 packages suggested by AI didn\u2019t exist.<\/p>\n

\u201cThe average percentage of hallucinated packages is at least 5.2% for commercial models and 21.7% for open-source models, including a staggering 205,474 unique examples of hallucinated package names, further underscoring the severity and pervasiveness of this threat,\u201d the study revealed<\/a>.<\/p>\n

Even more concerning, these hallucinated names weren\u2019t random. In multiple runs using the same prompts, 43% of hallucinated packages consistently reappeared, showing how predictable these hallucinations can be. As explained by the security firm Socket, this consistency gives attackers a roadmap \u2014 they can monitor AI behavior, identify repeat suggestions, and register those package names before anyone else does.<\/p>\n

The study also noted differences across models: CodeLlama 7B and 34B had the highest hallucination rates of over 30%; GPT-4 Turbo had the lowest rate at 3.59%.<\/p>\n