AI has opened up worlds of possibility for the vibe coder, but with that potential comes a danger with a repulsive name: slopquatting.
When programmers obtain software packages from open-source repositories, there’s always the chance that malicious code can work its way in there. And when AI is scraping the libraries of sites like GitHub, some packages are deceptively labeled and can instead contain commands that act as malware.
Hallucinations, where AI models create false libraries and packages, are the root of the problem, AppOmni Director of AI Melissa Ruzzi told IT Brew. In a way, it’s a new spin on an old problem.
“That was a cybersecurity problem that has been happening for a long time, URLs that look real but they’re not the real thing,” Ruzzi said. “It’s a similar thing with those packages.”
Deep C trawling. Attackers are spreading a wide net, but they’re also engaged in targeted attacks. Donald Fischer, VP at Sonar, noted that there’s a role for misspelling in targeting the attacks, often referred to as typosquatting, which acts to use human error for malicious packages.
“That’s a malicious attack vector that relies on a software engineer, a human software engineer, importing the wrong name or a misspelled name of an open-source package,” Fischer said. “Bad guys can anticipate that.”
Slopsquatting takes that idea and tweaks it for the AI-powered ransomware renaissance. The LLMs they’re hoping to ensnare are funneled to the malicious packages–the “slop”–using tactics like fake blogs to give AI a reason to aim for the libraries continuing the bad code. Once inside the system, packages can execute malicious code and even access internal systems.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“If you can trick an enterprise application into incorporating your publicly published bad package into its code base, that’s a recipe for arbitrary code execution, and you can do anything that that enterprise application is going to have permission and rights to do within its IT environment,” Fischer said.
If there’s a problem…Solving the problem isn’t going to be easy—with cybersecurity, nothing is—but there are some steps IT teams can take to manage the threat. AI’s use in coding has taken off so quickly that it’s hard for Fischer to wrap his head around the rate of change. By some estimates, 50% of code generated daily could be AI-made by 2026, and the acceleration is fueling a software revolution.
“It opens up some new areas of potential vulnerability that build on some existing patterns of exploits in software development and an open-source ecosystem,” Fischer said.
Awareness is step zero, Ruzzi told IT Brew. From there, it’s a matter of monitoring which libraries you’re using, how old and well-known the packages are, and painstakingly checking the code. While speed is welcome during the coding process, it opens the door for malicious actors. Covering the difference is key to security.
Nick Mistry, SVP and CISO at software supply-chain security provider Lineaje, told IT Brew that going forward, slopsquatting incidents will continue. AI-generated code isn’t going anywhere, and eventually changes will be made faster than human oversight can reasonably control.
“We’ve just got to be much deeper, [with] a combination of a probabilistic plus a deterministic model together to really figure out how trustworthy are all of these components that you’re using,” Mistry said, “and do this continuously.”