Techly NewsGet the app

Get the latest tech news

AI Hallucinations Are Fueling a New Class of Supply Chain Attacks


Slopsquatting is a new supply chain threat where AI-assisted code generators recommend hallucinated packages that attackers register and weaponize.

One such risk is slopsquatting, a new term for a surprisingly effective type of software supply chain attack that emerges when LLMs “hallucinate” package names that don’t actually exist. The researchers tested 16 leading code-generation models, both commercial (like GPT-4 and GPT-3.5) and open source (like CodeLlama, DeepSeek, WizardCoder, and Mistral), generating a total of 576,000 Python and JavaScript code samples. One of the more encouraging findings was that some models, particularly GPT-4 Turbo and DeepSeek, were able to correctly identify hallucinated package names they had just generated, achieving over 75% accuracy in internal detection tests.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of hallucinations

hallucinations

Photo of new class

new class

Photo of supply chain attacks

supply chain attacks

Related news:

News photo

McMaster researchers discover new class of antibiotics

News photo

Supply Chain Attacks on Linux Distributions – Fedora Pagure

News photo

Supply Chain Attacks on Linux Distributions

« Benefits of Apache Iceberg for geospatial data analysis
The AI magic behind Sphere's upcoming 'The Wizard of Oz' experience »