LLMs can't stop making up software dependencies and sabotaging everything
Hallucinated package names fuel 'slopsquatting'
1. LLM-generated code tries to run code from online software packages. Which is normal but
2. The packages don’t exist. Which would normally cause an error but
3. Nefarious people have made malware under the package names that LLMs make up most often. So
4. Now the LLM code points to malware.
https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/
[name] (he/him)
npub1z6…wwalf
2025-12-27 01:43:32 UTC
Author Public Key
npub1z68vvyt0c889wxkpej2lv82alxxcvkw2ferlayaawxw6t2ad24es8wwalfSeen on
wss://relay.momostr.pinkPublished at
2025-12-27 01:43:32 UTCEvent JSON
{
"id": "edbfba08e22b5e707ee3b3319d48393d1db174f39f1cb1353c7f6ab324e5b2b7",
"pubkey": "168ec6116fc1ce571ac1cc95f61d5df98d8659ca4e47fe93bd719da5abad5573",
"created_at": 1766799812,
"kind": 1,
"tags": [
[
"proxy",
"https://m.ai6yr.org/@conejoclint/115788992528138083",
"web"
],
[
"proxy",
"https://m.ai6yr.org/users/conejoclint/statuses/115788992528138083",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://m.ai6yr.org/users/conejoclint/statuses/115788992528138083",
"pink.momostr"
],
[
"-"
]
],
"content": "LLMs can't stop making up software dependencies and sabotaging everything\n\nHallucinated package names fuel 'slopsquatting'\n\n1. LLM-generated code tries to run code from online software packages. Which is normal but \n2. The packages don’t exist. Which would normally cause an error but\n3. Nefarious people have made malware under the package names that LLMs make up most often. So\n4. Now the LLM code points to malware.\n\nhttps://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/",
"sig": "3b1d19166f34daa3c4255005e432f687827cfed4b492a17dbb1587529f8fe4e718ddab831994ef71158b6a44a613f77192894519284a9ae857eb1cd76f8d3440"
}