https://www.theregister.com/AMP/2025/04/12/ai_code_suggestions_sabotage_supply_chain/
create a malicious software package under a hallucinated package name and then upload the bad package…when an #AIcodeassistant re-hallucinates the co-opted name, the process of installing dependencies and executing the code will run the #malware…
…a form of typosquatting, where variations or misspellings of common terms are used to dupe people. Seth Michael Larson, #Python Software Foundation, has dubbed it #slopsquatting – "slop" being a common pejorative for AI output
