slopsquatting
Safeguard articles tagged "slopsquatting" — guides, analysis, and best practices for software supply chain and application security.
25 articles
Building trust in AI-assisted software development
AI writes 30-50% of new code at many shops now, and 45% of it ships with security flaws. Here's how to build real trust in that pipeline.
Claude Code and Claude Desktop security integrations
Claude Code's shell access and MCP's connector boom are reshaping software supply chain risk. Here's what security teams need to know and do.
AI Trust Report: developer sentiment on AI-generated code
Safeguard's 2026 AI Trust Report surveyed 1,412 developers and finds 91% use AI coding tools weekly, but only 34% trust the code it produces.
Slopsquatting (AI package hallucination attack)
Slopsquatting exploits AI coding assistants that hallucinate nonexistent package names, which attackers then register as real, malicious packages.
npm Slopsquat: The Hallucinated Package Risk in 2026
Slopsquatting is the practice of registering package names that LLMs hallucinate, turning AI coding assistants into an accidental distribution channel.
AI Code Assistant Package Hallucination Study
The Safeguard Research team measured how often AI coding assistants hallucinate non-existent packages, how sticky those hallucinations are, and what defenders should do.
How slopsquatting exploits AI-hallucinated package names
Slopsquatting attacks turn AI-hallucinated package names into real supply chain threats. Here's how it works, the numbers behind it, and how Safeguard stops it.
LLM Misinformation: Security Risks of Hallucinated Outputs
LLM hallucinations aren't just AI trivia — they invent packages attackers squat on, fake CVEs, and false advisories that have already cost real companies real money.
ENISA Threat Landscape 2025: Supply Chain Section Decoded
ENISA's October 2025 report analysed 4,875 incidents from July 2024 to June 2025 and found phishing led at 60% of intrusions, with supply chain and slopsquatting as fast-growing vectors.
Autocomplete Anxiety: Measuring How Often AI Coding Assis...
Studies show 40-45% of AI-suggested code contains exploitable flaws, and models hallucinate fake packages developers install. Here's what the data says.
Why Scanning AI-Generated Code Requires Different Heurist...
AI coding assistants write fast but fail differently than humans do. Learn why scanning AI-generated code needs new heuristics for hallucinated dependencies.
Hallucinated Dependencies: How AI Models Invent Package N...
AI coding assistants regularly invent package names that don't exist — and attackers are registering them first. Here's how slopsquatting works and how to defend against it.