Hallucinated Imports — When the AI Invents a Library

AI models confidently call libraries that do not exist. Learn the patterns of hallucinated imports, the verification habits that catch them, and the supply-chain attack this opens up.

12 min · Reviewed 2026

The Library That Was Never Born

Ask Claude or GPT for a function that fetches and parses RSS feeds in Python and you might get an import for `feedfetcher` or `pyfeed-parser`. They sound plausible. They do not exist. The model interpolated between real package names it has seen and produced a hybrid that compiles in its head but fails at `pip install`.

Why this happens

Models predict the next token, not real-world existence
Training data contains millions of import lines from millions of repos — the model knows the shape, not the registry
Library versions drift: `langchain.vectorstores` was real in 2023, gone by 2024
Common verbs like `parse`, `fetcher`, `client` recombine into convincing fakes

The five patterns of hallucinated imports

Pattern	Example	Reality
Plausible compound	`import jwt_decoder`	Real package is `PyJWT`, you `import jwt`
Wrong submodule	`from pandas.io.json import read_json`	Moved to `pandas.read_json` years ago
Renamed package	`import sklearn.cross_validation`	Renamed to `sklearn.model_selection` in 2018
Invented method	`requests.get_json(url)`	Real call is `requests.get(url).json()`
Phantom version flag	`openai.ChatCompletion.create(...)`	Removed in OpenAI Python SDK v1.0

The 30-second verification habit

Before installing, search the package on pypi.org or npmjs.com
Check the publish date, weekly downloads, and maintainer
If a package has 50 downloads and was published last week, do not trust it
Cross-check the install name with the import name — they often differ
If the AI cited a method, search that exact method in the official docs

The fast smoke test

# Before trusting AI-generated imports, run them in isolation

mkdir /tmp/smoke && cd /tmp/smoke
python -m venv .venv && source .venv/bin/activate

# Try to install only the imports the AI suggested
pip install feedfetcher pyfeed-parser
#  ERROR: Could not find a version that satisfies the requirement feedfetcher

# Now you know — and you found out in 10 seconds, not in a PR review.A throwaway venv is the cheapest hallucination detector that exists.

What good agents do

Claude Code, Cursor Agent, and Codex CLI can all run `pip install` and report back. Use that. If the agent ran the install and tests, the import is real. If it just wrote code, the import is unverified. This is the fastest reliability lift you can get from an agent loop.

Bad prompt: "Write code to parse RSS feeds."
Better prompt: "Write code to parse RSS feeds. Use feedparser, version 6.x.
  Run pip install and a smoke test before showing me the code."

The better prompt forces ground truth checks the bad one skips.A 20-second prompt edit eliminates an entire class of bug.

When you do find a hallucinated import

Do not let the AI "fix" by guessing another package — same risk
Tell it the install failed and ask: "What real library does this functionality?"
Cross-check the answer against the official docs of that library
Pin the version in your lockfile so the same drift cannot recur

The model has seen a million imports and remembered ninety percent of them perfectly.
— A frustrated AI engineer

The big idea: imports are the surface where the model's confidence meets the registry's reality. Verify package names, pin versions, and let agents run installs. The thirty seconds you spend confirming an import is the cheapest debugging you will ever do.

End-of-lesson check

15 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-coding-debug-hallucinated-imports-creators

What is the core idea behind "Hallucinated Imports — When the AI Invents a Library"?
1. AI models confidently call libraries that do not exist. Learn the patterns of hallucinated imports, the verification habits that catch them, and the supply-chain attack this opens up.
2. AI writes code that works on small inputs and crawls on large ones.
3. kitchen sink
4. Bug is in client-side JS the agent can't run — instrument with Sentry first, the…
Which term best describes a foundational idea in "Hallucinated Imports — When the AI Invents a Library"?
1. slopsquatting
2. hallucination
3. lockfile
4. import verification
A learner studying Hallucinated Imports — When the AI Invents a Library would need to understand which concept?
1. hallucination
2. lockfile
3. slopsquatting
4. import verification
Which of these is directly relevant to Hallucinated Imports — When the AI Invents a Library?
1. hallucination
2. slopsquatting
3. import verification
4. lockfile
Which of the following is a key point about Hallucinated Imports — When the AI Invents a Library?
1. Models predict the next token, not real-world existence
2. Training data contains millions of import lines from millions of repos — the model knows the shape, …
3. Library versions drift: `langchain.vectorstores` was real in 2023, gone by 2024
4. Common verbs like `parse`, `fetcher`, `client` recombine into convincing fakes
Which of these does NOT belong in a discussion of Hallucinated Imports — When the AI Invents a Library?
1. Training data contains millions of import lines from millions of repos — the model knows the shape, …
2. Library versions drift: `langchain.vectorstores` was real in 2023, gone by 2024
3. Models predict the next token, not real-world existence
4. AI writes code that works on small inputs and crawls on large ones.
Which statement is accurate regarding Hallucinated Imports — When the AI Invents a Library?
1. Check the publish date, weekly downloads, and maintainer
2. If a package has 50 downloads and was published last week, do not trust it
3. Before installing, search the package on pypi.org or npmjs.com
4. Cross-check the install name with the import name — they often differ
Which of these does NOT belong in a discussion of Hallucinated Imports — When the AI Invents a Library?
1. If a package has 50 downloads and was published last week, do not trust it
2. Before installing, search the package on pypi.org or npmjs.com
3. AI writes code that works on small inputs and crawls on large ones.
4. Check the publish date, weekly downloads, and maintainer
What is the key insight about "Slopsquatting is real" in the context of Hallucinated Imports — When the AI Invents a Library?
1. Attackers monitor which fake package names AI suggests most often, then publish malicious packages under those names.
2. AI writes code that works on small inputs and crawls on large ones.
3. kitchen sink
4. Bug is in client-side JS the agent can't run — instrument with Sentry first, the…
What is the key insight about "Ask the AI to cite" in the context of Hallucinated Imports — When the AI Invents a Library?
1. AI writes code that works on small inputs and crawls on large ones.
2. A useful prompt addition: "Only use libraries you can name a current version number and a docs URL for.
3. kitchen sink
4. Bug is in client-side JS the agent can't run — instrument with Sentry first, the…
Which statement accurately describes an aspect of Hallucinated Imports — When the AI Invents a Library?
1. AI writes code that works on small inputs and crawls on large ones.
2. kitchen sink
3. Ask Claude or GPT for a function that fetches and parses RSS feeds in Python and you might get an import for `feedfetcher` or `pyfeed-parser…
4. Bug is in client-side JS the agent can't run — instrument with Sentry first, the…
What does working with Hallucinated Imports — When the AI Invents a Library typically involve?
1. AI writes code that works on small inputs and crawls on large ones.
2. kitchen sink
3. Bug is in client-side JS the agent can't run — instrument with Sentry first, the…
4. Claude Code, Cursor Agent, and Codex CLI can all run `pip install` and report back. Use that.
Which of the following is true about Hallucinated Imports — When the AI Invents a Library?
1. The big idea: imports are the surface where the model's confidence meets the registry's reality.
2. AI writes code that works on small inputs and crawls on large ones.
3. kitchen sink
4. Bug is in client-side JS the agent can't run — instrument with Sentry first, the…
Which best describes the scope of "Hallucinated Imports — When the AI Invents a Library"?
1. It is unrelated to ai-coding workflows
2. It focuses on AI models confidently call libraries that do not exist. Learn the patterns of hallucinated imports,
3. It applies only to the opposite beginner tier
4. It was deprecated in 2024 and no longer relevant
Which section heading best belongs in a lesson about Hallucinated Imports — When the AI Invents a Library?
1. AI writes code that works on small inputs and crawls on large ones.
2. kitchen sink
3. Why this happens
4. Bug is in client-side JS the agent can't run — instrument with Sentry first, the…

← Back to interactive lesson

Tendril · Creators · AI-Assisted Coding