Vulnerabilities

AI Coding Tools Create New 'Slopsquatting' Security Threat

AI coding assistants often suggest non-existent software packages, posing security risks. Learn how this affects development.

By Content Team

Apr 14, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Researchers from three US universities discovered that AI coding assistants frequently recommend fake software packages that don't exist - a problem they've dubbed "slopsquatting." Hackers can exploit this by creating malicious packages with these hallucinated names, tricking developers into downloading compromised code.

The study tested 16 popular AI models and found none were immune. Commercial models hallucinated packages 5.2% of the time, while open-source models hit 21.7%. Out of 2.23 million generated packages, nearly 20% were fake.

This creates a dangerous supply chain attack where malicious code could infect entire software projects. The researchers suggest better prompt engineering and model training to address the issue.

Source: Security Week

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Conduent Data Breach Exposes Nearly 17,000 Volvo Group Employees' Personal Information

Feb 15, 2026

Foster City Restores Phone and Email Services After Ransomware Attack

Mar 28, 2026

German Police Rush to Warn Companies About Critical PTC Software Vulnerability

Mar 29, 2026

Hims Telehealth Breach Exposes Highly Sensitive Patient Data

Apr 11, 2026