Legal cases, academic papers, regulatory references that do not exist — presented with case names, docket numbers, and legal reasoning.
📦
Package Hallucination (Slopsquatting)
Made-up software package names. Attackers register them with malicious code before developers install what the LLM recommended.
🏥
Professional Domain Misinformation
Wrong medical, legal, or financial guidance delivered with domain-expert confidence in regulated contexts where errors cause documented harm.
💻
Hallucinated Code & Commands
Insecure code patterns, non-existent API calls, dangerous system commands suggested as correct solutions with no warning signal.
Package hallucination is particularly dangerous because it converts a model quality issue into a supply-chain attack vector — bridging LLM09 and LLM03 (Supply Chain).