AI-Induced Supply-Chain Compromise: A Systematic Review of Package Hallucinations and Slopsquatting Attacks

AI-Induced Supply-Chain Compromise: A Systematic Review of Package Hallucinations and Slopsquatting Attacks | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article AI-Induced Supply-Chain Compromise: A Systematic Review of Package Hallucinations and Slopsquatting Attacks Wadhah Al-Zofi This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-8007192/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract The adoption of large language models (LLMs) and AI‑assisted programming has accelerated software production, but it has also created a novel supply‑chain vulnerability: package hallucination. When an LLM generates code, it may recommend nonexistent third‑party packages that “sound” plausible. Adversaries can register these phantom names in public registries, thereby poisoning the open‑source software supply chain. This attack pattern, termed \textit{slopsquatting}, combines aspects of typosquatting and dependency confusion but is triggered by AI hallucinations rather than human error. We systematically review this emerging threat. Following PRISMA‑2020 guidelines, we searched IEEE Xplore, ACM Digital Library, SpringerLink, Scopus and arXiv for publications (2018–Oct 2025) on package hallucination, typosquatting, dependency confusion, supply‑chain compromise and registry policies. Twenty‑one peer‑reviewed papers and seven credible industry reports met the inclusion criteria. We synthesize definitions, threat models and observed incidents; report empirical evidence of hallucination prevalence across LLMs (e.g., GPT‑series models hallucinate 5.2 % of packages versus 21.7 % for open‑source models); and map defenses at IDE, registry, CI/CD and runtime layers. We compare slopsquatting with typosquatting and dependency confusion using a new taxonomy and highlight gaps in current safeguards. Official policies from npm, PyPI, Maven Central, RubyGems, NuGet and CRAN show varying levels of name reservation, deletion and immutability. Our review exposes an urgent need for package‑existence validation within AI coding tools, stricter registry name policies and standardized provenance attestations. LLM package hallucination slopsquatting software supply-chain security typosquatting dependency confusion open-source registry policies PRISMA systematic review Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-8007192","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":541671187,"identity":"892ba602-2139-48ff-a9c3-25ff7c6c1dca","order_by":0,"name":"Wadhah Al-Zofi","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAABM0lEQVRIie2QMUvDQBTHLxy8LEe7nlSSr/BKIAoqfpWEQrqk0EkcRAqFuHW2i58hU+bA4bmk+0EcKoUO4hAodCrWS3VMRDeR+8F73MH73d3/CDEY/iK2rmvUTREgFZ47QESut/y4VaG6ii/Fuh9HXseSQa2w7xXyqVBWifCBHk4grUp3ar8s87FwO+V0vWRIPYBi86puThmxxWPaoHBBBpij6M+f5QlyBAfYIjuLpX4YiyLVdI0gsldhaaUq8Dki84AvMi8GrXDmNymusBKeY3mZquGWB8jDxH1be/F7u4KCQq2EqYp9vcAwIQVdjZJ2pS+A6iz7wVzFV0cTDDwg0qejGWfQksV5utM/tosuZmqY9Xa7veNOxGoTb2+dri1kY/wmgB/6T8draPWbaYPBYPj3fAAEWmqDt/Hx2gAAAABJRU5ErkJggg==","orcid":"","institution":"Changchun University of Science and Technology","correspondingAuthor":true,"prefix":"","firstName":"Wadhah","middleName":"","lastName":"Al-Zofi","suffix":""}],"badges":[],"createdAt":"2025-11-01 17:23:20","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-8007192/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-8007192/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":95499071,"identity":"388b49e4-f0d8-41f7-98ff-3e98869f0d75","added_by":"auto","created_at":"2025-11-10 05:08:58","extension":"json","order_by":0,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":3724,"visible":true,"origin":"","legend":"","description":"","filename":"5a04352f114044b594906009772a52e4.json","url":"https://assets-eu.researchsquare.com/files/rs-8007192/v1/f2a3892d67bef11544e5e1a4.json"},{"id":95499074,"identity":"e916b21b-94fd-48cf-83a8-cc1e80517dea","added_by":"auto","created_at":"2025-11-10 05:08:59","extension":"png","order_by":1,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":755699,"visible":true,"origin":"","legend":"","description":"","filename":"1.png","url":"https://assets-eu.researchsquare.com/files/rs-8007192/v1/330fd613d2f9029bb802ed7d.png"},{"id":95499066,"identity":"58c7aa96-6164-417f-938c-ed6824a5cbb6","added_by":"auto","created_at":"2025-11-10 05:08:57","extension":"png","order_by":2,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":1384805,"visible":true,"origin":"","legend":"","description":"","filename":"2.png","url":"https://assets-eu.researchsquare.com/files/rs-8007192/v1/5927107d0c9925949c797a36.png"},{"id":95499075,"identity":"c33e638d-1201-4ac3-b9cb-adfdfbc305c6","added_by":"auto","created_at":"2025-11-10 05:08:59","extension":"jpg","order_by":3,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":116665,"visible":true,"origin":"","legend":"","description":"","filename":"3.jpg","url":"https://assets-eu.researchsquare.com/files/rs-8007192/v1/441752afbe9e6f438ba02e2c.jpg"},{"id":95499070,"identity":"0d158b12-323d-4543-b7bd-d3c111f564c0","added_by":"auto","created_at":"2025-11-10 05:08:58","extension":"pdf","order_by":4,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":153006,"visible":true,"origin":"","legend":"","description":"","filename":"CoverLetter.pdf","url":"https://assets-eu.researchsquare.com/files/rs-8007192/v1/10ade63731ae04ee231594d7.pdf"},{"id":95499067,"identity":"2ae604e7-11d7-4d61-bd82-b3ed5facce2f","added_by":"auto","created_at":"2025-11-10 05:08:57","extension":"pdf","order_by":5,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":1833082,"visible":true,"origin":"","legend":"","description":"","filename":"SystematicReview.pdf","url":"https://assets-eu.researchsquare.com/files/rs-8007192/v1/fcef2509d289b2383148b0a6.pdf"},{"id":95499064,"identity":"5ebc09b3-89fd-4504-95d8-22b0116a81bd","added_by":"auto","created_at":"2025-11-10 05:08:57","extension":"bst","order_by":6,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":28600,"visible":true,"origin":"","legend":"","description":"","filename":"spphys.bst","url":"https://assets-eu.researchsquare.com/files/rs-8007192/v1/b997e08a362334e336c3a886.bst"},{"id":95499063,"identity":"3428bf20-0e56-4100-88a6-3103e9126939","added_by":"auto","created_at":"2025-11-10 05:08:57","extension":"clo","order_by":7,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":12643,"visible":true,"origin":"","legend":"","description":"","filename":"svepjc3.clo","url":"https://assets-eu.researchsquare.com/files/rs-8007192/v1/781cdd629e4c00bfbaa7b42f.clo"},{"id":95499065,"identity":"b7a69115-a2ad-43ad-a18f-39352518d979","added_by":"auto","created_at":"2025-11-10 05:08:57","extension":"clo","order_by":8,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":3696,"visible":true,"origin":"","legend":"","description":"","filename":"svglov3.clo","url":"https://assets-eu.researchsquare.com/files/rs-8007192/v1/3fb6df0f7d527f158beb0a22.clo"},{"id":95499069,"identity":"b7eeaba1-c04a-4080-b719-7c229f308952","added_by":"auto","created_at":"2025-11-10 05:08:58","extension":"cls","order_by":9,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":47679,"visible":true,"origin":"","legend":"","description":"","filename":"svjour3.cls","url":"https://assets-eu.researchsquare.com/files/rs-8007192/v1/f5bf8ffff1f0d46ca6759285.cls"},{"id":95499068,"identity":"cb9f2ee2-f3ea-4ae9-b4e0-e003bdd3c227","added_by":"auto","created_at":"2025-11-10 05:08:57","extension":"xml","order_by":10,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":72774,"visible":true,"origin":"","legend":"","description":"","filename":"5a04352f114044b594906009772a52e41structuring.xml","url":"https://assets-eu.researchsquare.com/files/rs-8007192/v1/46e140d922997e259d49bf34.xml"},{"id":95819134,"identity":"e7b03446-713a-4a99-8f16-8225e19d60ce","added_by":"auto","created_at":"2025-11-13 10:38:00","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":1911211,"visible":true,"origin":"","legend":"","description":"","filename":"SystematicReview.pdf","url":"https://assets-eu.researchsquare.com/files/rs-8007192/v1_covered_e4429e94-3802-468d-b905-cadcb5023690.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"AI-Induced Supply-Chain Compromise: A Systematic Review of Package Hallucinations and Slopsquatting Attacks\n","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":true,"hideJournal":true,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"LLM package hallucination, slopsquatting,software supply-chain security, typosquatting, dependency confusion, open-source registry policies, PRISMA systematic review","lastPublishedDoi":"10.21203/rs.3.rs-8007192/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-8007192/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"The adoption of large language models (LLMs) and AI‑assisted programming has accelerated software production, but it has also created a novel supply‑chain vulnerability: package hallucination. When an LLM generates code, it may recommend nonexistent third‑party packages that “sound” plausible. Adversaries can register these phantom names in public registries, thereby poisoning the open‑source software supply chain. This attack pattern, termed \\textit{slopsquatting}, combines aspects of typosquatting and dependency confusion but is triggered by AI hallucinations rather than human error. We systematically review this emerging threat. Following PRISMA‑2020 guidelines, we searched IEEE Xplore, ACM Digital Library, SpringerLink, Scopus and arXiv for publications (2018–Oct 2025) on package hallucination, typosquatting, dependency confusion, supply‑chain compromise and registry policies. Twenty‑one peer‑reviewed papers and seven credible industry reports met the inclusion criteria. We synthesize definitions, threat models and observed incidents; report empirical evidence of hallucination prevalence across LLMs (e.g., GPT‑series models hallucinate 5.2 \\% of packages versus 21.7 \\% for open‑source models); and map defenses at IDE, registry, CI/CD and runtime layers. We compare slopsquatting with typosquatting and dependency confusion using a new taxonomy and highlight gaps in current safeguards. Official policies from npm, PyPI, Maven Central, RubyGems, NuGet and CRAN show varying levels of name reservation, deletion and immutability. Our review exposes an urgent need for package‑existence validation within AI coding tools, stricter registry name policies and standardized provenance attestations.","manuscriptTitle":"AI-Induced Supply-Chain Compromise: A Systematic Review of Package Hallucinations and Slopsquatting Attacks","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2025-11-10 05:08:53","doi":"10.21203/rs.3.rs-8007192/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"8d9bbfab-e673-4fdd-aa7d-82ea3d427b96","owner":[],"postedDate":"November 10th, 2025","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[],"tags":[],"updatedAt":"2025-11-13T10:08:11+00:00","versionOfRecord":[],"versionCreatedAt":"2025-11-10 05:08:53","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-8007192","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-8007192","identity":"rs-8007192","version":["v1"]},"buildId":"8U1c8b4HqxoKbykW_rLl7","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}