Slopsquatting: The AI Package Hallucination Attack Already Happening

Slopsquatting is an emerging attack where malicious actors register npm/PyPI package names that AI models tend to hallucinate, then wait for developers or AI agents to install them. Unlike typosquatting (which exploits human typos), slopsquatting exploits predictable LLM hallucination patterns — 38% conflations of real package names, 51% pure fabrications — giving attackers a much larger pool of squattable names. Real-world evidence includes a malicious `unused-imports` npm package still receiving 233 weekly downloads, and a hallucinated `react-codeshift` package that spread organically to 237 GitHub repositories via AI-generated agent skills before any attacker claimed it. Protections include verifying package publishers (not just names), restricting autonomous package installation permissions in AI agents, scanning full dependency trees with SCA tools, and using tools like Aikido SafeChain that intercept installs and check against a threat intelligence database.