A place for developers to talk about building on Farcaster.

/dev

While security on software is becoming increasingly complex, bad actors are now using hallucinations from AI to create libraries that do not officially exist, but which LLMs love to invent and repeat. When you have that, imagine the bad actor building the package, and as humans copy and paste, why not? Then, you end up installing a dangerous library in your system. They call this attack: Slopsquatting.

How fun is this?

While security on software is becoming increasingly complex, bad actors are now using hallucinations from AI to create libraries that do not officially exist, but which LLMs love to invent and repeat. When you have that, imagine the bad actor building the package, and as humans copy and paste, why not? Then, you end up installing a dangerous library in your system. They call this attack: Slopsquatting.

How fun is this?

https://it.slashdot.org/story/25/04/22/0118200/ai-hallucinations-lead-to-a-new-cyber-threat-slopsquatting?utm_source=rss1.0moreanon&utm_medium=feed