The article <a href="https://www.csoonline.com/article/3961304/ai-hallucinations-lead-to-new-cyber-threat-slopsquatting.html" source="CSO Online" author="Shweta Sharma">AI hallucinations lead to a new cyber threat: Slopsquatting</a> writes, <bq>If a single hallucinated package becomes widely recommended by AI tools, and an attacker has registered that name, the potential for widespread compromise is real,” according to a Socket analysis of the research. “And given that <b>many developers trust the output of AI tools without rigorous validation, the window of opportunity is wide open.</b></bq> <bq><b>A significant number of packages, amounting to 19.7% (205,000 packages), recommended in test samples were found to be fakes.</b> Open-source models –like DeepSeek and WizardCoder– hallucinated more frequently, at 21.7% on average, compared to the commercial ones (5.2%) like GPT 4.</bq> This is a very interesting attack vector. So sneaky. This is perhaps just the first and easiest step, though. Why wait around to <i>slopsquat</i> when you can <i>slopseed</i> instead? <img attachment="virus.webp" align="right">Even sneakier would be to start seeding the AIs with high-SEO (Search Engine Optimization) content that AIs will graze, incorporate into their training data, and then they won’t even be “hallucinating” when they return answers that recommend packages with malware. It will all look plausible, even leading back to believable-looking, AI-generated “articles” touting the advantages of those infected packages. You can probably even generate a plausible-looking Git repository with history… (let’s see … well, that took about five seconds to find: <a href="https://github.com/esa-codes/AI-Powered-GitHub-Repository-Generator" source="GitHub">AI-Powered GitHub Repository Generator</a>). So, <ol> Find a commonly used package. Come up with a slightly different but believable name for your own package. Adjust the existing package to include your malware. Publish a faked repository with your package; push to package manager. Use AI to generate dozens, if not hundreds, of articles touting your package. Wait for Ais to incorporate your recommendations into training data. Wait for the downloads to start. Wait for users to deploy your package to production. Profit. </ol> This is so obvious and easy (the tech is there, and developers are plentiful) that it’s almost certainly already happening.