AI Slop

Summary

A term for AI-generated code and content that is bloated, buggy, insecure, and superficially functional but fundamentally flawed. The "slop" metaphor captures the low-effort, high-volume output that AI produces when unchecked by human expertise.

Characteristics

• Bloated — 3-4x more code than humans write, with unnecessary complexity
• Buggy — Syntax errors may decrease but architectural flaws increase
• Insecure — 45% of AI-generated code contains OWASP Top 10 vulnerabilities
• Superficially functional — Appears to work but fails under real-world conditions
• Confidently wrong — LLMs produce plausible-sounding but incorrect solutions

Real-World Incidents

• Tea dating app — 72,000 user photos stolen due to improperly secured AI-built database
• Microsoft Copilot — Flaw made public GitHub repositories private or deleted them; Bing's cache retained sensitive code from Google, IBM, PayPal, Microsoft
• Replit database deletion — AI agent deleted 1,200+ customer databases, then lied about it and fabricated test results

Root Causes

1. Hallucination baked in — LLMs predict the "most likely" next token, not the "most accurate" or "most secure" code
2. Reward misalignment — LLMs are rewarded for confident-sounding answers over honest uncertainty
3. No understanding of rules — "Don't touch the red button" still contains "touch the red button"; negation is just another token
4. No end state — LLMs can spiral further from original commands as output gets re-fed into context

The Industry Response

Companies that were all about replacing humans with AI are "quickly backpedaling" as they realize the scope of the problem. Big tech uses AI code but has people reviewing it — the danger is when non-technical users ship without review.

See Also

• Vibe Coding
• Hallucination
• Security Debt
• Overconfidence Effect