Safeguard
Tag

slopsquatting

Safeguard articles tagged "slopsquatting" — guides, analysis, and best practices for software supply chain and application security.

25 articles

AI Security

Can AI-Generated Code Be Trusted? A Security Review

A 2025 USENIX study found LLMs hallucinate nonexistent packages in up to 21.7% of code samples — and attackers are already registering the names.

Jul 13, 20267 min read
AI Security

The Security Pitfalls Hiding in AI-Generated Code

A 2021 NYU study found roughly 40% of Copilot completions on security-relevant prompts contained exploitable flaws. Here's a field guide to catching them.

Jul 8, 20266 min read
AI Security

Code injection risks in GenAI-generated code

Nearly 40% of GitHub Copilot's suggested programs contain exploitable vulnerabilities, and 19.7% of AI-generated code samples reference packages that don't exist.

Jul 8, 20267 min read
AI Security

Detecting AI Hallucinations in Generated Code

A USENIX Security 2025 study found 19.7% of packages recommended by 16 LLMs across 576,000 code samples don't exist — and attackers are registering them first.

Jul 8, 20266 min read
AI Security

A Checklist for Reviewing AI-Generated Code Before It Merges

19.7% of packages LLMs recommend don't exist in real registries, per a 576,000-sample USENIX 2025 study — here's what to check before merging AI-written code.

Jul 8, 20267 min read
AI Security

Securing AI-Generated Code: The New Risk Surface

40.73% of Copilot's suggested code contains a vulnerability, and one 2024 study found nearly 1 in 5 AI-recommended packages simply don't exist.

Jul 8, 20266 min read
Open Source Security

The security risk of LLMs reviving abandoned open-source packages

USENIX Security 2025 found 19.7% of LLM code samples hallucinate a package name — and real, dormant packages carry the same blind trust.

Jul 8, 20267 min read
AI Security

Slopsquatting: When AI Hallucinates a Package Attackers Register

AI coding assistants confidently recommend packages that do not exist. Attackers noticed. Slopsquatting turns a model's hallucination into a supply-chain foothold — and the fix is not to make models stop hallucinating.

Jul 7, 20265 min read
AI Security

Slopsquatting: When AI Hallucinates Package Names

LLMs invent plausible package names; attackers register them and wait. How slopsquatting works, why hallucinations repeat predictably, and the gates that stop it.

Jun 14, 20266 min read
AI Security

AI-Generated Code Security: risks and controls

AI now writes up to 40%+ of new code, and models hallucinate nonexistent packages in 5-22% of outputs. Here's why Black Duck-style SCA misses that risk, and what controls actually work.

Jun 12, 20267 min read
AI Security

AI hallucinations and their security implications for developers

LLMs hallucinate nonexistent packages in up to 1 in 5 code samples — and slopsquatting attacks are already exploiting that predictability in the wild.

Jun 12, 20266 min read
AI Security

AI Is Forcing a New Open Source Security Model

AI coding agents now choose dependencies — and attackers are exploiting hallucinated packages and MCP backdoors that legacy SCA tools like Sonatype's were never built to catch.

Jun 7, 20267 min read
slopsquatting — Safeguard Blog