Slopsquatting: when attackers register the packages AI invents
Slopsquatting is a supply-chain attack built on AI's habit of inventing dependencies. Attackers register the package names assistants repeatedly hallucinate, so the next AI-written project installs malicious code by name.
1 repo · setup in about 5 minutes · no card, no commitment
01
What slopsquatting is
Typosquatting registers names a human might mistype. Slopsquatting registers names an AI tends to make up, the 'slop' it produces when it is unsure. Because models hallucinate the same plausible names repeatedly, attackers can predict and pre-register them, then wait for AI-written code to import them.
02
Why AI-generated code is the target
A human rarely imports a package that does not exist. An AI can, confidently, because it is optimizing for a plausible next token, not for whether the library is real. That makes AI-assisted repos uniquely exposed to this attack, and the exposure grows with every unreviewed agent commit.
03
How to defend against it
You cannot rely on a vulnerability database, because a freshly registered malicious package has no track record. The defense is to verify that every dependency resolves to a legitimate, established upstream, flag just-registered or suspicious names, and catch look-alikes of real packages before they ship.
04
How Guard helps
Guard audits the dependency tree for hallucinated and slopsquatted names as part of every audit, explains the exposure in plain language, and can open a pull request to remove or replace the risky import.
Quick questions
How is slopsquatting different from typosquatting?
Typosquatting targets human typos of real package names. Slopsquatting targets the fabricated names AI models invent, which are predictable enough for attackers to register in advance.
How do I check my repo for it?
Connect the repo to Guard and run an audit. It verifies that dependencies resolve to legitimate upstreams and flags hallucinated or slopsquatted names. The first audit is free.
Don't let an invented package become an attack.
Connect a repo and scan for slopsquatted dependencies. No card.
Enji Guard