"Slopsquatting" attacks are using AI-hallucinated names resembling popular libraries to spread malware
techradar.com
- GenAI can hallucinate open source package names, experts warn
- It doesn't always hallucinate a different name
- Cybercriminals can use the names to register malware
Security researchers have warned of a new method by which Generative AI (GenAI) can be abused in cybercrime, known as 'slopsquatting'.
It starts with the fact that different GenAI tools, such as Chat-GPT, Copilot, and others, hallucinate. In the context of AI, “hallucination” is when the AI simply makes things up. It can make up a quote that a person never said, an event that never happened, or - in software development - an open-source software package that was never created.
Now, according to Sarah Gooding from Socket, many software developers rely heavily on GenAI when writing code. The tool could write the lines itself, or it could suggest the developer different packages to download and include in the product.
Copyright of this story solely belongs to techradar.com . To see the full text click HERE