AI Hallucinations Create a New Software Supply Chain Threat - SecurityWeek

Researchers from three US universities warn that package hallucinations, a common issue in code-generating LLMs, can be exploited by threat actors to publish malicious packages. This new type of supply chain attack, called ‘slopsquatting’, could compromise entire codebases or software dependency chains. The researchers propose prompt engineering and model development techniques to mitigate this risk.