If you run a small business and use AI tools to help with anything technical — writing code for your website, building automations, or even generating spreadsheet formulas — there is a new security risk you need to understand. It is called slopsquatting, and it exploits a weakness in how AI models work.
The term combines “AI slop” with ᘼyposquatting,” the old trick where cybercriminals register misspelled versions of popular website domains. But slopsquatting is different, and potentially more dangerous.
How slopsquatting works
When you ask an AI coding assistant to build something, it sometimes invents software packages that do not exist. These are called hallucinations — the AI produces something that sounds plausible but is not real. This is a well-known problem. What security researchers have now discovered is that attackers are registering these fake package names and filling them with malicious code.
Here is how it plays out: an AI assistant suggests installing a package called “cross-env-extended” to solve a problem. The developer — or a business owner following the AI’s instructions — installs it. But that package was never legitimate. An attacker heard the AI hallucinating that name, registered it first, and filled it with malware. Your system is now compromised, and the AI that led you there feels no responsibility.
Why traditional defences do not work
Traditional typosquatting protections rely on spotting misspellings of known packages. If someone registers “crossenv” instead of “cross-env,” the registry can catch it. But slopsquatting targets packages the AI invented out of thin air. There is no legitimate package to compare against, so the defences simply do not trigger.
Research published earlier this year found that AI models hallucinate package names at alarming rates. In one study of 576,000 code samples, nearly 20 percent of the generated package names were hallucinations. Proprietary models performed better — GPT-4 Turbo had a hallucination rate of around 3.6 percent — but open-source models fared much worse, with rates above 13 percent even for the best performers.
For an Irish business relying on AI tools, the implication is clear: every time the AI recommends a tool, library, or package, it could be pointing you toward a trap.
What this means for Irish businesses
You might think this only affects software companies. It does not. Any business using AI to build or maintain its website, automate workflows, or manage its IT systems is potentially exposed. If your bookkeeper uses AI to generate spreadsheet macros, if your marketing person uses AI to add features to your website, if your office manager uses AI to automate data entry — all of these scenarios create opportunities for slopsquatting attacks.
The risk is compounded by the fact that over 40 percent of code written by developers now involves AI assistance, according to recent surveys. That number is growing fast. As more Irish businesses adopt AI tools without putting verification processes in place, the attack surface expands.
What you can do about it
The defence is straightforward, even if you are not a technical person. Whenever AI recommends that you install or use a specific software package, take thirty seconds to check whether it actually exists in the official repository before following the instruction. This simple verification step catches the vast majority of slopsquatting attempts.
For businesses with more technical resources, automated checks that validate package names against known registries can catch hallucinated packages before they enter your systems. Security teams should also monitor for unusual package installations and keep up with known slopsquatting campaigns.
The broader lesson is one that applies to all AI use in business: treat every AI output as a draft that needs verification, not as a final answer. The technology is powerful, but it has blind spots. Understanding where those blind spots are — and building simple checks around them — is the difference between using AI safely and becoming a cautionary tale.