Researchers have identified a growing security threat tied to a quirk of AI chatbots: hallucinations. When you ask an AI assistant for help installing software, finding a tool, or solving a coding problem, it sometimes invents a package name or website URL that doesn’t exist — but sounds perfectly plausible. Attackers have started monitoring these AI outputs and registering the made-up names as real websites or software packages before you can. If you then follow the AI’s suggestion, you end up at a malicious site instead.
The technique has been dubbed “slopsquatting” — a play on typosquatting, where attackers register misspelled domain names to catch typing mistakes. The key difference is that with slopsquatting you may have done everything right: copied the name exactly as the AI gave it. Security researchers found that AI models produce these hallucinated package names consistently enough that attackers can predict and pre-register them. The risk is highest for people who use AI to install software tools, browser extensions, or code libraries without independently verifying them first.
How to check if you’re affected
Affected products include any AI chatbot or code assistant — such as ChatGPT, Google Gemini, Microsoft Copilot, or Claude — particularly when used to recommend software, packages, or download links.
- Search independently before installing: If an AI recommends a tool, search for it yourself on a trusted source (like the official developer website or the operating system’s app store) rather than clicking the link the AI provides.
- Verify software packages: For developers, before running
pip install,npm install, or similar commands with an AI-suggested package name, check that the package exists on the official registry (pypi.org, npmjs.com, etc.) and has real reviews and maintainers. - Check download counts and publish dates: A newly published package with zero downloads is a red flag, especially if you found it through an AI suggestion.