Fetching from the wire…
Security2026-07-11 · source-backed
Attackers pre-register the fake package names an agent is statistically likely to invent, so when your coding assistant hallucinates a dependency, it installs attacker-controlled botnet malware. No prompt injection needed. The attacker just anticipates the model's errors and waits. This turns "slopsquatting" into an active supply-chain threat. Backing it: Unit 42 counted 497 malicious npm packages across 37 campaigns in H1 2026, about 4.5x last year's volume, with AI-agent packages the prime target because they sit next to API keys. Pin dependencies. Verify every package name an agent suggests actually exists before install.
Each link below shares sources, entities, or timing with this story.
Shared entities / Same source domain / Shared topic / Earlier coverage
Both cover Attackers, Unit; reported by the same outlet (unit42.paloaltonetworks.com); overlapping topics (agent, attacker, package).
Shared entity: Attackers / Shared topic / Earlier coverage / Tension / Downstream implication
Both cover Attackers; overlapping topics (agent, attacker); earlier Attackers coverage from 2026-07-09.
Shared entity: Attackers / Same source domain / Shared topic / Earlier coverage
Both cover Attackers; reported by the same outlet (thehackernews.com); overlapping topics (active, attacker).