Slide 15 · Scenario 2
Hallucinated Package Name Delivers Malware.
OWASP Scenario 2, grounded in Slopsquatting research.
SCENARIO 2
Hallucinated Package Name Delivers Malware
A developer asks an LLM coding assistant to help set up a Node.js data-processing pipeline. The assistant recommends installing a utility package by name. The developer searches for it, finds a matching package on npm, and installs it. The package contains a post-install script that exfiltrates environment variables — including API keys and database credentials — to an attacker-controlled server. The package was uploaded by an attacker who pre-registered the name the LLM consistently hallucinated.
Why it matters: The developer followed normal workflow. The failure was trusting that the LLM’s package name referred to a vetted package. Hallucination was the entry point for supply-chain compromise.
The OWASP Language
OWASP explicitly calls out “LLMs recommending insecure or non-existent code libraries” as a misinformation vector. The slopsquatting research shows this is not theoretical — attackers actively register commonly hallucinated package names.
What Would Have Prevented It
One verification step: npm info <package-name> before installation. A package registered last week with zero downloads and no README is a red flag. Build this into team workflow for any LLM-recommended dependency.