BGDoncaster

New supply chain attacks called "slopsquatting" in AI coding attempts to leverage AI models tendency to hallucinate non-existent package names.

Research indicates roughly 20% of the sampled Python and JavaScript code samples recommended packages didn't exist.

https://www.bleepingcomputer.com/news/security/ai-hallucinated-code-dependencies-become-new-supply-chain-risk/ #slopsquatting #hallucinations #AI #coding #supplychain #python #javascript #cybersecurity

AI-hallucinated code dependencies become new supply chain risk

A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for coding and the model's tendency to "hallucinate" non-existent package names.

BleepingComputer
Apr 14 at 6:33pmWeb
Show threadXavier Ashe Apr 14
@BrentD It's not new. I was giving talks on this attack this time last year. *Newly Publicized* attack because someone gave it a name.