“Educate users about the limitations of LLMs, including hallucinations.” OWASP frames this as a required control — not optional guidance — particularly for applications where users may overrely on model output.

The slopsquatting attack works entirely because developers assume package names from LLMs correspond to real, vetted packages. One line in developer onboarding — “always run npm info <name> before installing any package an AI recommends” — would break the attack path entirely. The technical vulnerability (hallucination) cannot be fully eliminated; the human behavior gap can be closed with education.

→ Add prominent UI warnings in LLM-powered applications: “Always verify AI-generated information before acting on it”
→ Include LLM limitation training in onboarding for any role that uses AI-assisted tools
→ For developer tools: mandate the package verification step as part of coding standards
→ For high-stakes domains: make verification a workflow requirement, not just a suggestion

Ask a sample of users what they do with LLM outputs in their workflow. “I use it directly” with no verification step means the education gap exists. For developer teams: ask how they handle package recommendations from AI tools. If “install it” is the answer without a check, it needs to change.