New Supply Chain Attack Class Emerges Due to AI Hallucinations

A new class of supply chain attacks called 'slopsquatting' has emerged due to the increased use of generative AI tools for coding and the tendency of models to "hallucinate" non-existent package names. This trend poses a risk to the supply chain as developers may be prompted to install malicious packages that mimic the hallucinated names. Attackers can exploit this vulnerability by registering package names similar to those generated by AI, thereby increasing the risk of malware infection.