Catch the dependencies AI invented before attackers register them

One of the strangest AI failure modes is the hallucinated package: an import for a library that does not exist. Left in the code, the name is an open invitation for an attacker to register it and ship malicious code to anyone who installs it.

1 repo · setup in about 5 minutes · no card, no commitment

01

What a hallucinated package is

When an assistant is unsure of the exact library, it can confidently invent a plausible-looking package name and import it. The code may even run if the import is lazy or untested. The danger is that the name now sits in your manifest, unclaimed, until someone claims it.

02

Why it is a supply-chain attack waiting to happen

Attackers watch for commonly hallucinated names and register them with malicious code. The next install pulls the attacker's package. Because the name looks reasonable and the build succeeds, nobody notices until it is too late. This pattern overlaps with typosquatting and is sometimes called slopsquatting.

03

How Guard scans for them

Guard does not only match your dependencies against a vulnerability database, a hallucinated package has no CVE because it should not exist. Guard checks whether each dependency actually resolves upstream, flags suspicious or just-registered names, and surfaces typosquatted look-alikes of real packages.

04

Findings you can act on

Each risky dependency comes back as a reviewable GitHub issue explaining the exposure. When a fix is bounded and useful, Guard can open a pull request that removes or replaces it.

Quick questions

How common are hallucinated packages?

Research in 2025–2026 found that a meaningful share of AI-suggested dependencies can be fabricated, often cited around one in five in some settings. The exact rate varies by model and language, but it is common enough to scan for.

Can a normal vulnerability scanner catch these?

Usually not. A hallucinated package has no known vulnerability because it does not exist yet. You need a check that verifies a dependency actually resolves upstream, which is what Guard does.

Find the packages AI invented.

Connect a repo and scan your dependencies for hallucinated names. No card.