AI tools offer great potential to clear up time for developers and software engineers – but can also be manipulated to introduce malware and other threats through a new attack vector known as ‘slopsquatting’
Slopsquatting is an attack method in which hackers exploit common AI hallucinations to trick engineers into mistakenly installing malicious packages.
In short, hackers track non-existent packages hallucinated by AI coding tools and then publish malicious packages under these names on public repositories such as PyPI. The seemingly legitimate packages are then installed by victims who trust their AI code suggestions.
ITPro spoke to Dustin Kirkland, SVP of Engineering at Chainguard, to learn more about slopsquatting and where it sits in the wider issue of risky AI code.
“It’s kind of a modern twist on typosquatting, we’ve seen that for many years all the way down to simple URLs, you accidentally leave one letter out of ‘Google’ and end up on a malicious site, or something like that,” Kirkland adds.
The term ‘slopsquatting’ combines ‘typosquatting’ and ‘AI slop’, a pejorative term for low-effort content generated with AI, Kirkland said
“For at least ten years, typosquatting has been a problem in the Python and Java universes, where it's quite easy for almost anyone to register a Python package with PIP Python and PIP install.
Kirkland told ITPro that porting this attack methodology into AI comes with risky implications, as developers are increasingly engaged in vibe coding to produce business-critical code at scale.
“I would say an old school human coder, especially in the open source world where I've spent my entire career, every line of code was typically reviewed and approved by a human maintainer.
“And now the ability of an AI to generate literally gigabytes of code, millions, if not billions of lines of code, starts to put this out of the reach of even some of the most prolific maintainers.
“And so the scary risk is that these sorts of problems leak into systems that don't get as much human verification.”
But Kirkland sees potential for AI assistants to police one another, with designated agents taught to identify signs of slopsquatting, typosquatting, and other common attacks using predefined algorithms.
“[W]hen using something like AI here, one of the real advantages over the human way of doing it is when there is identified a new way of a malicious actor slopsquatting, we can create one algorithm and roll it out comprehensively by updating a single model,” he explained.
AI risks aren’t top of mind for leaders
Chainguard’s 2026 Engineering Reality Report took in responses from 1,200 software engineers and senior technology leaders from across the US, UK, France, and Germany.
The report also found widespread enthusiasm for using AI tools to mostly or entirely automate tasks in the engineering workflow.
For example, over two thirds (68%) of respondents said testing, monitoring, and quality assurance had been automated in this way, with a similar figure registered for security patching and vulnerability remediation (67%) as well as code review (65%).
However, the report also shed light on the core concerns holding software engineers back from full AI adoption.
The top concern among respondents was the lack of security and privacy associated with AI, with 17% saying as much, while other core concerns included accountability and trust in code and the use of shadow AI.
Kirkland said these concerns can be eased as firms set out AI usage policies, with Chainguard having rolled its own out at the start of 2025.
This “living document” clearly sets out trusted AI tools employees can use, which reduces operational risk and helps provide oversight for the packages and libraries developers install.
To prevent slopsquatting in the short term, Kirkland suggested firms could look to methods such as more closely verifying package registries and signatures to prevent those from unknown sources being installed.
In the long term, Kirkland told ITPro he sees slopsquatting and cybersquatting as a solvable problem. He added that with AI security tools in place, it’s increasingly likely that only the most sophisticated attacks will get through.
“Just being somewhat contemporary and topical here, when was the last time you heard of an art museum having jewels stolen, right? That's typically, that's typically the story of movies and blockbuster hits and yet, here we are in 2025 and the world's most famous art museum had some of its most famous jewels stolen.”
In the same way, Kirkland is confident that automated security algorithms that check the popularity, age, and author of packages will ensure that slopsquatting and similar attacks become the exception rather than the rule.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Google CEO Sundar Pichai says vibe coding has made software development ‘exciting again’News Google CEO Sundar Pichai claims software development has become “exciting again” since the rise of vibe coding, but some devs are still on the fence about using AI to code.
-
15-year-old revealed as key player in Scattered LAPSUS$ HuntersNews 'Rey' says he's trying to leave Scattered LAPSUS$ Hunters and is prepared to cooperate with law enforcement
-
Google CEO Sundar Pichai thinks software development is 'exciting again' thanks to vibe coding — but developers might disagree
News Google CEO Sundar Pichai claims software development has become “exciting again” since the rise of vibe coding, but some devs are still on the fence about using AI to code.
-
Open source AI models are cheaper than closed source competitors and perform on par, so why aren’t enterprises flocking to them?Analysis Open source AI models often perform on-par with closed source options and could save enterprises billions in cost savings, new research suggests, yet uptake remains limited.
-
Microsoft’s Windows chief wants to turn the operating system into an ‘agentic OS' – users just want reliability and better performanceNews While Microsoft touts an AI-powered future for Windows, users want the tech giant to get back to basics
-
Google Brain founder Andrew Ng thinks everyone should learn programming with ‘vibe coding’ tools – industry experts say that’s probably a bad ideaNews Vibe coding might help lower the barrier to entry for non-technical individuals, but users risk skipping vital learning curves, experts warn.
-
European software spending is set to surge in 2026 – here's whyNews Enterprises are approaching the “trough of disillusionment” with AI, but it’s not stopping them from spending
-
AI is transforming Agile development practices as teams battle mounting delivery cycle pressure and ROI concernsNews The influx of AI tools is helping reshape Agile development at a critical juncture for the methodology
-
Software developer salaries are surging in the UK as AI skills gaps drives demandNews Stack Overflow says positive growth in developer salaries shows the community is thriving
-
UK software developers are still cautious about AI, and for good reasonNews Experts say developers are “right to take their time” with AI coding solutions given they still remain a nascent tool
