Safeguard
Tag

slopsquatting

Safeguard articles tagged "slopsquatting" — guides, analysis, and best practices for software supply chain and application security.

25 articles

AI Security

Building trust in AI-assisted software development

AI writes 30-50% of new code at many shops now, and 45% of it ships with security flaws. Here's how to build real trust in that pipeline.

Jun 6, 20266 min read
AI Security

Claude Code and Claude Desktop security integrations

Claude Code's shell access and MCP's connector boom are reshaping software supply chain risk. Here's what security teams need to know and do.

Jun 6, 20267 min read
AI Security

AI Trust Report: developer sentiment on AI-generated code

Safeguard's 2026 AI Trust Report surveyed 1,412 developers and finds 91% use AI coding tools weekly, but only 34% trust the code it produces.

Apr 24, 20268 min read
AI Security

Slopsquatting (AI package hallucination attack)

Slopsquatting exploits AI coding assistants that hallucinate nonexistent package names, which attackers then register as real, malicious packages.

Mar 2, 20266 min read
Supply Chain Attacks

npm Slopsquat: The Hallucinated Package Risk in 2026

Slopsquatting is the practice of registering package names that LLMs hallucinate, turning AI coding assistants into an accidental distribution channel.

Feb 18, 20267 min read
Research

AI Code Assistant Package Hallucination Study

The Safeguard Research team measured how often AI coding assistants hallucinate non-existent packages, how sticky those hallucinations are, and what defenders should do.

Feb 12, 20267 min read
AI Security

How slopsquatting exploits AI-hallucinated package names

Slopsquatting attacks turn AI-hallucinated package names into real supply chain threats. Here's how it works, the numbers behind it, and how Safeguard stops it.

Dec 14, 20257 min read
AI Security

LLM Misinformation: Security Risks of Hallucinated Outputs

LLM hallucinations aren't just AI trivia — they invent packages attackers squat on, fake CVEs, and false advisories that have already cost real companies real money.

Nov 15, 20258 min read
Policy

ENISA Threat Landscape 2025: Supply Chain Section Decoded

ENISA's October 2025 report analysed 4,875 incidents from July 2024 to June 2025 and found phishing led at 60% of intrusions, with supply chain and slopsquatting as fast-growing vectors.

Nov 4, 20257 min read
Industry Analysis

Autocomplete Anxiety: Measuring How Often AI Coding Assis...

Studies show 40-45% of AI-suggested code contains exploitable flaws, and models hallucinate fake packages developers install. Here's what the data says.

Aug 9, 20257 min read
Industry Analysis

Why Scanning AI-Generated Code Requires Different Heurist...

AI coding assistants write fast but fail differently than humans do. Learn why scanning AI-generated code needs new heuristics for hallucinated dependencies.

Aug 9, 20258 min read
Open Source Security

Hallucinated Dependencies: How AI Models Invent Package N...

AI coding assistants regularly invent package names that don't exist — and attackers are registering them first. Here's how slopsquatting works and how to defend against it.

Aug 7, 20257 min read
slopsquatting (Page 2) — Safeguard Blog