I found this post by securityboulevard interesting found HERE. They define Slopsquatting as “Cybersecurity researchers are warning of a new type of supply chain attack, slopsquatting, induced by a hallucinating generative AI model recommending non-existent dependencies.
Basically, it sounds like threat actors are having AI generate vulnerable code or other weaknesses, which they abuse vs attacking the LLMs directly. For example, the threat actor may know about a specific vulnerable code and ask AI to generate something using that specific version of code.
I would hope most responsible AI providers will include evaluation for this as part of their prompt evaluation however, I bet many versions of AI are vulnerable to this. Its yet another good thing to know regarding potential ways to exploit AI.