I was doing my TryHackMe training this morning, working through the OWASP LLM Top 10 for 2025 , when I hit LLM09:2025 — Misinformation . I thought I had this one covered with Sentinel , my AI security proxy. Misinformation detection, hallucination flagging — I'd mapped all of it. Then I went deeper and hit something I hadn't explicitly named: package hallucination . I'd seen it happen. I'd caught it myself because I know PyPI well enough to recognize when a package name smells wrong. But if I hadn't? I'd have installed someone else's malware. This is the attack the security community has started calling slopsquatting , and it's live in the wild right now. What OWASP LLM09:2025 Actually Says LLM09 covers the risk of AI-generated content that is factually incorrect, misleading, or fabricated — and the downstream consequences when people or systems act on it without verification. Most people read this as: "the AI made up a fact." The real threat surface is much wider. LLMs don't just hallucinate facts.…