Slopsquatting is a new type of supply chain attack that uses large language model hallucinations to inject malicious code into development workflows. This novel attack vector exploits LLMs' tendency to generate fictitious software package names, which threat actors can then register and populate with malicious code.
The term combines 'AI slop' and 'typosquatting,' a deceptive practice where attackers register misspelled or lookalike versions of popular domains to prey on users who enter URLs incorrectly.
As developers increasingly rely on AI coding assistants, they unknowingly grant cybercriminals access to their software from day one, allowing malicious packages to remain undetected in production for months or even years.



