New Slopsquatting Attack Exploits Coding Agent Workflows to Deliver Malware

“Slopsquatting” is a new supply-chain danger that has surfaced in the quickly changing field of AI-driven software development, presenting serious hazards to developers who depend on sophisticated coding agents.

Unlike traditional typosquatting, which capitalizes on human typing errors, slopsquatting exploits the hallucinations of AI-powered coding assistants tools like Claude Code CLI, OpenAI Codex CLI, and Cursor AI with MCP-backed validation.

These agents, designed to streamline workflows by auto-completing code and suggesting dependencies, can inadvertently generate non-existent but plausible package names.

Malicious actors seize this opportunity by pre-registering these hallucinated names on public registries like PyPI, waiting to deliver malware to unsuspecting developers who execute the AI-suggested installation commands.

AI Hallucinations

The mechanics of slopsquatting are both insidious and sophisticated. When developers, often under tight deadlines, lean on AI coding agents for rapid prototyping or “vibe coding,” they enter ...