supply chain security typosquatting dependency confusion AI threats DevSecOps

Typosquatting Has Outgrown the User Error Excuse

20 May 2026

Typosquatting was once seen as a relatively simple phishing threat: a user mistypes a domain, lands on a malicious site, and becomes compromised. That model is now outdated. Modern typosquatting has moved beyond browsers into software package registries, dependency managers, and CI/CD pipelines, making it a software supply chain security issue rather than a user-awareness problem.

Typosquatting used to be a fairly pedestrian threat. Someone miskeys a domain, lands on a malicious page, gets phished. Annoying, but containable. Blame the user, add some security awareness training, move on.

That framing is now dangerously out of date.

The attack surface has shifted. Typosquatting has migrated from browsers into package registries, dependency managers, and automated build pipelines. Nobody is manually typing 'colourama' into npm. A misconfigured script is doing it, or a developer copy-pasted a package name from a dodgy Stack Overflow answer, or a transitive dependency somewhere three layers deep is silently pulling in something it shouldn't.

This is a supply chain problem now. The human is no longer the weak link in the chain. The tooling is.

AI makes this considerably worse. Generative models are already being used to churn out convincing package documentation, realistic README files, and plausible version histories that make malicious packages look legitimate at a glance. The volume of plausible-looking squatted packages that can be created and published in an afternoon has gone from dozens to thousands. Defenders are not keeping pace.

The economics favour the attacker. Publishing to npm or PyPI is free and largely frictionless. Automated scanning exists, but it's reactive. A malicious package can sit in a registry for hours or days before anyone flags it, and in a world of aggressive caching and mirroring, the damage tends to be done well before the takedown.

What does defence actually look like here? Locking dependency versions helps, but only if your lockfiles are treated as security artefacts rather than an afterthought. Private registries with curated allow-lists are more robust but introduce their own maintenance overhead. Software composition analysis tooling should be standard at this point, not optional.

The broader point is that treating this as a user education problem is a category error. You cannot train a CI/CD pipeline to be more careful. You need controls at the infrastructure level, and you need security teams that actually understand how modern software supply chains work under the hood.

Which brings us to the uncomfortable reality: most security teams don't. The gap between how software is actually built and deployed today and what security practitioners are trained to defend is significant and growing. AI is accelerating that gap.

Closing it requires proper technical training, not vendor briefings dressed up as education.