Built SlopGuard – open-source defense against AI supply chain attacks (slopsquatting)

I was cleaning up my dependencies last month and realized ChatGPT had suggested “rails-auth-token” to me. Sounds legit, right? Doesn’t exist on RubyGems. The scary part: if I’d pushed that to GitHub, an attacker could register it with malware and I’d install it on my next build. Research shows AI assistants hallucinate non-existent packages 5-21% of the time. I built SlopGuard to catch this before installation. It: Verifies packages actually exist in registries (RubyGems, PyPI, Go modules) Uses 3-stage trust scoring to minimize false positives Detects typosquats and namespace attacks Scans 700+ packages in 7 seconds Tested on 1000 packages: 2.7% false positive rate, 96% detection on known supply chain attacks. Built in Ruby, about 2500 lines, MIT licensed. GitHub: https://github.com/aditya01933/SlopGuard Background research and technical writeup: https://aditya01933.github.io/aditya.github.io/ Homepage https://aditya01933.github.io/aditya.github.io/slopguard Main question: Would you actually deploy this or is the problem overstated? Most devs don’t verify AI suggestions before using them. submitted by /u/techoalien_com [link] [comments]Technical Information Security Content & DiscussionRead More