Slopsquatting is a kind of attack Capable of slipping past traditional security checks, the rising threat involves malicious actors creating and inserting fake open source packages into AI-generated code recommendations.
One study found that out of 10 runs using the same prompt, 43% of AI-hallucinated package names repeated, making it easy for criminals to guess names and upload malicious packages.
Cyber attackers can then gain access to user machines when the corrupted code is executed.
To avoid slopsquatting, users should look out for misspelled package names, a lack of feedback or discussions, warnings from other developers, inconsistent recommendations between platforms, and confusing descriptions.
The most important prevention methods include using a secure sandbox environment, scanning tools, and verifying all AI suggestions.
