What makes slopsquatting interesting is that it’s not just a security issue, it’s a byproduct of AI changing how developers discover and trust software. Traditionally, typosquatting exploited human spelling mistakes. Slopsquatting exploits something newer: developers increasingly copy dependencies, package names, or code suggestions generated by AI without verifying whether those packages actually exist. The vulnerability shifts from human error to machine-amplified trust.
And as AI-generated code becomes more common, attackers don’t need to trick millions of users, they just need to poison the suggestions that developers accept at scale. It feels like an early signal that AI security risks won’t always come from sophisticated model failures, but from the messy downstream behaviors they normalize.
Curious: what will it take for the malicious package to execute code? Is it already technically possible?
With the recurring incidents going on, it seems that there will either be standard native security built inside of Claude and other big AI coding tools or we’ll see the emergence of IDE who sell you trust and security so your dev and ICs can (vibe) code safely.
great points! it is. i think either way, the burden of security needs to continue to shift left. the product of vibe coding and its promise is great. but you can’t expect vibe coders to be security experts.
i think builtins in any form are valuable ideas we need to continue to explore.
as usual, feel free to ask any questions! Huge thanks to Karen for testing this out.
Thanks again for letting me get an early look at this tool!
it was my pleasure! 🔥
https://status.claude.com/incidents/9l93x2ht4s5w
Very nice read! Thanks team!
It'd be interesting to see if slopcheck would ever flag the "old" "established" packages.
I ran it with an old Python project with 50+ packages and only a couple of legit ones were flagged as SUS.
i should definitely give it a try. there is some tweaking and improvements to be done for sure, but really happy Karen helped test it out :)
What makes slopsquatting interesting is that it’s not just a security issue, it’s a byproduct of AI changing how developers discover and trust software. Traditionally, typosquatting exploited human spelling mistakes. Slopsquatting exploits something newer: developers increasingly copy dependencies, package names, or code suggestions generated by AI without verifying whether those packages actually exist. The vulnerability shifts from human error to machine-amplified trust.
And as AI-generated code becomes more common, attackers don’t need to trick millions of users, they just need to poison the suggestions that developers accept at scale. It feels like an early signal that AI security risks won’t always come from sophisticated model failures, but from the messy downstream behaviors they normalize.
fully agree. there is going to be a lot of messy downstream behaviors. definitely a new set of issues cyber professionals need to understand.
https://status.claude.com/incidents/9l93x2ht4s5w
This is brilliant, thanks Tox and Karen.
thanks a ton really appreciate it :)
You’re very welcome! 🤗
Here for this collab
Would like a package check to apply to my feed: OK, Sus, and Slop same categories apply 😏
hahahaha love it.
Wow, those categories do have broad applicability… 😂
Very interesting and eye-opener article!
Curious: what will it take for the malicious package to execute code? Is it already technically possible?
With the recurring incidents going on, it seems that there will either be standard native security built inside of Claude and other big AI coding tools or we’ll see the emergence of IDE who sell you trust and security so your dev and ICs can (vibe) code safely.
Thoughts?
great points! it is. i think either way, the burden of security needs to continue to shift left. the product of vibe coding and its promise is great. but you can’t expect vibe coders to be security experts.
i think builtins in any form are valuable ideas we need to continue to explore.