One in Five.

More than half a million times, researchers asked sixteen different AI models to write code, and then they checked the packages those models reached for. Nearly one in five did not exist. Not wrong. Not outdated. Never real. The model invented the name, the install command, the whole thing, and handed it over with the exact same confidence it uses when it is right.

That is not the scary part.

The scary part is that the machine invents the same fake names again and again. Which means you can predict them. So somebody did. They sat with the tools, wrote down the names the AI kept hallucinating, and then went and registered those names for real. Same spelling. Same package. Except now there is something living inside it. And then they do the one thing that makes it work. They wait. They do not have to find you or trick you or send you anything. They put the trap exactly where the machine keeps pointing, and they let the machine make the introduction. The next person asks the same reasonable question, gets the same confident answer, runs the same install, and a stranger is now inside their computer. There is a name for this now. Slopsquatting. It is barely a year old.

You are probably already reaching for the obvious fix. Just use the real ones. The famous packages, the ones with millions of downloads, the names you have typed a hundred times and never once thought about. I thought that too.

On the thirty-first of March this year, one of those names turned on everyone who trusted it. The package is called axios. If you do not write code, all you need to know is that it is one of the most widely used pieces of software on the internet, pulled down around a hundred million times a week, sitting quietly inside a staggering number of the apps and websites you personally use. Someone broke into the account of the person who maintains it and pushed out a new version. For a little under three hours, any computer that pulled the update was handed a remote-access trojan, a program whose entire job is to let a stranger in. It hit Macs, Windows, and Linux at the same time, because they had built a separate version for each and staged it ahead of time. Microsoft later traced the operation to a state crew working out of North Korea.

Three hours. A name people had trusted for years. That is the part I keep coming back to.

I build with these tools every single day, and I have caught myself, more than once, halfway to installing something a very confident paragraph told me to install. The model lays it out so cleanly. Here is the package, here is the command, here is exactly what it does, no hedging, no maybe. My hand is already moving before any part of me has asked the only question that actually matters, which is whether the thing is real. A couple of times it was not. It simply did not exist, and I had been one keystroke away from building my afternoon on top of nothing.

This is not really a story about code.

It is a story about a feeling. The one where something answers you so smoothly, so specifically, that you quietly stop checking. It happens to lawyers who file court documents full of cases the AI invented, cases with names and dates and quotes, every one of them fake, found out only when a judge goes looking. It happens to anyone who mistakes a confident, detailed answer for a correct one. The machine is not lying to you, because lying takes intent, and it has none. It is doing something stranger than lying. It is being completely certain and completely wrong at the same moment, with no tell, no flicker, nothing in its voice that changes when it crosses from true into invented.

So before you build your week on an answer, your filing, your code, your business, confirm that the thing it pointed you at is actually there. Confidence is not correctness, and the machine is never going to be the one that tells you the difference.

Somewhere right now, on a registry you will never look at, a name is sitting and waiting. Spelled exactly the way the model will spell it for you tomorrow. It is not in a hurry. It does not need to be.