AI agents hallucinate package names approximately 20% of the time, and 43% of those names recur consistently—allowing attackers to pre-register the names agents reliably invent and poison them with malicious payloads. No dependency validation layer exists that cross-references agent-generated package references against ground-truth registries before installation. This creates a systemic, automated supply chain attack surface that scales with agent autonomy.

AI agents hallucinate package names ~20% of the time, and attackers pre-register these predictable phantom names with malicious payloads — no validation layer exists between agent output and `pip install` / `npm install`.

Engineering teams and platform operators deploying AI coding agents (Copilot, Cursor, Devin, custom agents) in CI/CD pipelines or autonomous dev environments.

Supply chain security is already a paid category (Snyk, Socket.dev, Phylum) but none address the agent-hallucination attack vector specifically; enterprises adopting coding agents face CISO-level anxiety about this exact gap, making budget allocation fast.

MVP is a CLI proxy / pre-install hook that intercepts package install commands, checks names against canonical registry APIs (PyPI, npm, crates.io), flags packages with <30 days age or zero downloads, and blocks known hallucination patterns from a crowd-sourced denylist — shippable in 2-3 weeks.

Subset of the $30B+ application security market; every org using AI coding agents (est. 500K+ teams by 2025) is a prospect, yielding a $2-5B addressable niche.