The promise of Text-to-SQL is compelling: let anyone query a database using plain English. The reality is that most implementations silently return wrong data, expose sensitive information, and cost more than they should.

Researchers have identified a cyber threat known as slopsquatting, also referred to as package hallucination, in which malicious actors exploit large language models (LLMs) tendency to generate non-existent package names during code generation. These hallucinated package names, when registered by attackers with malware payloads, create a new vector for software supply chain attacks—particularly within AI-assisted development workflows.