Hallucinated Imports — When the AI Invents a Library

AI models confidently call libraries that do not exist. Learn the patterns of hallucinated imports, the verification habits that catch them, and the supply-chain attack this opens up.

12 min · Reviewed 2026

The Library That Was Never Born

Ask Claude or GPT for a function that fetches and parses RSS feeds in Python and you might get an import for `feedfetcher` or `pyfeed-parser`. They sound plausible. They do not exist. The model interpolated between real package names it has seen and produced a hybrid that compiles in its head but fails at `pip install`.

Why this happens

Models predict the next token, not real-world existence
Training data contains millions of import lines from millions of repos — the model knows the shape, not the registry
Library versions drift: `langchain.vectorstores` was real in 2023, gone by 2024
Common verbs like `parse`, `fetcher`, `client` recombine into convincing fakes

The five patterns of hallucinated imports

Pattern	Example	Reality
Plausible compound	`import jwt_decoder`	Real package is `PyJWT`, you `import jwt`
Wrong submodule	`from pandas.io.json import read_json`	Moved to `pandas.read_json` years ago
Renamed package	`import sklearn.cross_validation`	Renamed to `sklearn.model_selection` in 2018
Invented method	`requests.get_json(url)`	Real call is `requests.get(url).json()`
Phantom version flag	`openai.ChatCompletion.create()`	Removed in OpenAI Python SDK v1.0

The 30-second verification habit

Before installing, search the package on pypi.org or npmjs.com
Check the publish date, weekly downloads, and maintainer
If a package has 50 downloads and was published last week, do not trust it
Cross-check the install name with the import name — they often differ
If the AI cited a method, search that exact method in the official docs

The fast smoke test

# Before trusting AI-generated imports, run them in isolation mkdir /tmp/smoke && cd /tmp/smoke python -m venv .venv && source .venv/bin/activate # Try to install only the imports the AI suggested pip install feedfetcher pyfeed-parser # ERROR: Could not find a version that satisfies the requirement feedfetcher # Now you know — and you found out in 10 seconds, not in a PR review.A throwaway venv is the cheapest hallucination detector that exists.

What good agents do

Claude Code, Cursor Agent, and Codex CLI can all run `pip install` and report back. Use that. If the agent ran the install and tests, the import is real. If it just wrote code, the import is unverified. This is the fastest reliability lift you can get from an agent loop.

Bad prompt: "Write code to parse RSS feeds." Better prompt: "Write code to parse RSS feeds. Use feedparser, version 6.x. Run pip install and a smoke test before showing me the code." The better prompt forces ground truth checks the bad one skips.A 20-second prompt edit eliminates an entire class of bug.

When you do find a hallucinated import

Do not let the AI "fix" by guessing another package — same risk
Tell it the install failed and ask: "What real library does this functionality?"
Cross-check the answer against the official docs of that library
Pin the version in your lockfile so the same drift cannot recur

The model has seen a million imports and remembered ninety percent of them perfectly.
— A frustrated AI engineer

The big idea: imports are the surface where the model's confidence meets the registry's reality. Verify package names, pin versions, and let agents run installs. The thirty seconds you spend confirming an import is the cheapest debugging you will ever do.

End-of-lesson check

8 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-coding-debug-hallucinated-imports-creators

What is the main idea of "Hallucinated Imports — When the AI Invents a Library"?
1. AI models confidently call libraries that do not exist.
2. Use AI as the final authority for the whole decision
3. Avoid checking the answer once it sounds polished
4. Focus only on speed instead of judgment
Which concept is most central to "Hallucinated Imports — When the AI Invents a Library"?
1. package verification
2. hallucination
3. slopsquatting
4. supply chain
Which use of AI fits this topic best?
1. Let the AI decide what matters without your review
2. Use the answer before checking whether it fits the situation
3. Models predict the next token, not real-world existence
4. Treat the AI output as automatically correct
What should a careful learner remember about "Slopsquatting is real"?
1. Use AI to draft or organize ideas about hallucination, then verify before acting.
2. Skip the context so the tool can guess faster
3. Treat the output as private even after sharing it online
4. Use the answer without checking the source
You want to use AI after this lesson. What is the safest next step?
1. Act immediately because the AI answer is written clearly
2. Use AI for drafting and comparison, but verify before publishing or relying on it.
3. Hide uncertainty so the final answer looks cleaner
4. Use private or sensitive details before checking permission
How should AI output about hallucination be treated?
1. As proof that no other source is needed
2. As a replacement for context, consent, or expert review
3. As a draft or helper output that still needs human judgment and verification
4. As something that becomes correct when it sounds confident
Name one way to verify an AI answer about hallucination.
Which action would help you apply "Hallucinated Imports — When the AI Invents a Library" responsibly?
1. Use the tool to avoid thinking through the tradeoff
2. Keep going even if the output conflicts with a trusted source
3. Treat the AI output as automatically correct
4. Training data contains millions of import lines from millions of repos — the model knows the shape, not the registry

← Back to interactive lesson

Tendril · Creators · AI-Assisted Coding