Claude Code and OpenAI Codex CLI: Promising Tools with Limited Use Cases
Software development is seeing the emergence of new AI-powered coding assistants. Among them, two tools have recently attracted attention: Claude Code from Anthropic and Codex CLI from OpenAI, both launched in 2025 and offering a different approach to writing code.
"Developers are trying to make things work, not necessarily trying to prevent what shouldn't happen." -- Casey Ellis, Founder of Bugcrowd 1
Claude Code is an agentic coding tool that integrates into the terminal and aims to understand your codebase to facilitate certain routine tasks, explain complex code, or manage git workflows via natural language commands. Currently in beta as a research preview, Claude Code uses the claude-3-7-sonnet-20250219 model by default, with a relatively high cost of around 6 dollars per day per developer, which limits its large-scale adoption.
For its part, OpenAI Codex CLI allows developers to use the reasoning capabilities of OpenAI's models to manipulate code, files, and iterate on their projects. Launched in April 2025 alongside OpenAI's o3 and o4-mini models, Codex CLI has the advantage of being simpler to set up, but faces the same adoption limitations as Claude Code.
These tools, while promising, do not constitute a revolution in the world of development. Their usage remains limited by several factors:
- High usage costs
- Technical limitations when dealing with complex codebases
- Effectiveness that is mainly seen on small-scale projects
Their integration into professional development workflows therefore remains marginal.
The main difference between these two tools lies in their licensing model: Codex CLI is available under an Apache 2.0 license that allows distribution and commercial use, while Claude Code is tied to Anthropic's commercial license, which has sparked some debate within the developer community.
The "Vibe Coding" Phenomenon
These tools are part of an emerging programming approach sometimes called "vibe coding", a term coined by Andrej Karpathy in February 2025. This method describes a way of coding where you "surrender to the vibes" and "almost forget that the code exists."
In his article on the subject, Simon Willison 2 explores how vibe coding differs from other forms of AI-assisted programming, and examines its strengths and limitations in real-world development contexts.
It is essentially a more conversational approach to programming, where AI takes on part of the technical work.
Vibe coding involves expressing your intent in plain language so that AI transforms that intent into executable code. This approach is made possible by terminal-based tools like Claude Code and OpenAI Codex CLI, even if their effectiveness varies depending on the context of use.
Potential Benefits of Vibe Coding
Among the potential benefits of vibe coding:
- Streamlining certain routine tasks: These tools can speed up repetitive tasks such as setting up basic tests or generating documentation.
- Reduced cognitive load for some operations: The conversational approach can make certain programming phases less cognitively demanding.
- Smoother prototyping: Vibe coding allows for rapidly exploring ideas on simple projects, which can be useful during exploratory phases.
- Natural language interface: The conversational interaction offers an interesting alternative for some developers, particularly beginners.
However, these benefits are mainly seen on simple, well-defined projects. For complex codebases or critical systems, these tools quickly show their limitations.
More importantly, behind this apparent simplicity lies an emerging security threat: "slopsquatting".
Slopsquatting: A New Security Threat
The term "slopsquatting" was coined by Seth Michael Larson, Security Developer-in-Residence at the Python Software Foundation. He describes it as:
"A form of typosquatting where variations or misspellings of common terms from AI model outputs ('slop') are used to deceive developers." -- Seth Larson, Python Software Foundation 3
How Slopsquatting Works
Unlike traditional typosquatting, which relies on human typing errors, slopsquatting is entirely based on AI deficiencies and developers' excessive trust in automated suggestions. The attack follows this pattern:
- AI coding assistants like
Claude CodeorCodex CLIsometimes "hallucinate" package names that don't exist - Developers using vibe coding methods trust these suggestions and attempt to install these nonexistent packages
- Attackers register these hallucinated package names on public repositories and inject malicious code into them
- When developers install the packages, they unknowingly introduce malware into their systems
Scale of the Problem
A comprehensive research study revealed alarming statistics about this vulnerability:
A significant number of packages, amounting to 19.7% (205,000 packages), recommended in test samples turned out to be fake. Open-source models hallucinated more frequently (21.7% on average) compared to commercial models (5.2% for GPT-4).
The study also noted differences between models:
CodeLlama 7Band34Bhad the highest hallucination rates, exceeding 30%GPT-4 Turbohad the lowest rate at 3.59%
What makes this phenomenon particularly dangerous is the consistency of these hallucinations. Researchers found that 58% of hallucinated packages were repeated more than once across ten trials, indicating that the majority of hallucinations are not simply random noise, but repeatable artifacts of how models respond to certain queries.
Why Vibe Coding Increases the Risk
The risk of slopsquatting is amplified by the vibe coding approach, where developers describe what they want and AI generates the implementation. In this workflow, developers shift from being code authors to code curators, potentially skipping manual verification of package names.
"Vibe coding introduces a fundamental vulnerability: the more we trust auto-generated code, the less we verify it, creating an ideal opportunity for slopsquatting attacks." -- Joe Spracklen, Security Researcher, University of Texas 4
This approach relies heavily on trust. Developers often copy and paste AI output without verifying everything. In this environment, hallucinated packages become easy entry points for attackers, especially when developers skip the manual review steps.
Security Implications for Claude Code and OpenAI Codex CLI
Both tools, Claude Code and OpenAI Codex CLI, can be vulnerable to this problem, but with some differences:
- Model accuracy: According to research, commercial models like those powering Claude Code tend to have fewer hallucinations than open-source models, but the risk still exists.
- Temperature settings: Research has shown that lowering AI "temperature" settings (less randomness) reduces hallucinations, which is an important factor to consider when using AI-assisted coding.
- Autonomy levels: Both tools offer different levels of autonomy, with "fully automatic" modes that potentially increase the risk if they automatically install dependencies without verification.
- Sandbox protection: The sandbox features in both tools can help mitigate risks, but cannot completely eliminate the possibility of installing hallucinated packages.
Mitigation Strategies
For developers who want to experiment with these tools while minimizing slopsquatting risks, here are some mitigation strategies:
- Manually verify all package names: Users should verify that the packages they install are known existing packages, don't have typos in the name, and that the content has been reviewed before installation.
- Lower temperature settings: Adjust AI model temperature settings to reduce randomness and hallucination rates.
- Use dependency scanners: Implement tools that analyze dependencies to detect risks before installation. "Automated dependency verification is essential for detecting malicious packages before they are integrated into your project." -- Feross Aboukhadijeh, CEO of Socket 5
- Create internal package mirrors: Organizations should catalog open-source software in a private mirror, where packages are reviewed for malicious activity and vulnerabilities by security teams.
- Never blindly trust AI output: Always review and understand the code before executing it, especially when it involves package installations.
Conclusion
Vibe coding facilitated by tools like Claude Code and OpenAI Codex CLI offers an interesting approach for certain aspects of development, particularly for small-scale projects or well-defined tasks. While it provides benefits in terms of fluidity for some operations, it also carries significant limitations:
- High usage costs
- Variable accuracy
- Limited applicability to complex projects
Slopsquatting represents a significant emerging threat in this evolving ecosystem. With the right precautions and appropriate vigilance, developers can explore the possibilities offered by these tools while minimizing the associated security risks.
"The goal is not to replace the developer, but to offer new ways to interact with code, while maintaining appropriate vigilance against emerging risks." -- Raj Kesarapalli, Director of Product Management at Black Duck 6
The approach is not about replacing traditional programming skills, but rather offering a complementary mode of interaction with code for specific contexts. In practice, these tools find their place in a broader toolkit, but are not a silver bullet for all development challenges.
Looking ahead, the evolution of these technologies will depend on their ability to:
- Reduce usage costs
- Improve accuracy on complex codebases
- Strengthen their built-in security mechanisms against threats like slopsquatting
Key takeaway: The balance between productivity and security remains the main challenge in adopting these new AI-assisted development methods.
References
- Quote from Casey Ellis in the article "New 'Slopsquatting' Threat Emerges from AI-Generated Code Hallucinations", Hackread, April 2025.
- Simon Willison, "Not all AI-assisted programming is vibe coding (but vibe coding rocks)", March 2025.
- Seth Larson's comments reported in "AI code suggestions sabotage software supply chain", The Register, April 2025.
- Joe Spracklen et al., "We Have a Package for You! Package Hallucination Attack in LLM-based Code Generation", University of Texas, March 2025.
- Feross Aboukhadijeh, quoted in "AI code suggestions sabotage software supply chain", The Register, April 2025.
- Raj Kesarapalli, quoted in "AI-Generated Code Packages Can Lead to 'Slopsquatting'", DevOps.com, April 2025.
Tristan HĂ©naff
Consultant IT & IA
Diplômé d'Epitech et membre actif de l'AI Squad, Tristan est un profil polyvalent qui avance sur tous les fronts : articles techniques (MCP d'Anthropic, ISO 42001), webinars, podcasts, co-construction de la scale-up LAMALO. Chez Reboot, il fait partie de ceux qui font bouger les lignes sur l'IA.
LinkedInSimilar articles
Newsletter
Get our best articles every month.
Go further
Project
Crakotte : Produit Innovant
Le premier produit propre de Reboot Conseil. Une solution innovante née de la collaboration.
ProjectStack IA Hybride Python/Node.js + React + Capacitor
Créer une plateforme IA accessible sur web et mobile. Un projet combinant orchestration IA et mobilité.
ProjectPlateforme IA de génération 3D pour la joaillerie
Réduire le délai de conception bijoutière de 8 jours à 20 minutes grâce à l'IA générative et la modélisation 3D.
TrainingAPIs OpenAI
Maîtrisez les APIs, intégrez l'IA dans vos applications. Embeddings, fine-tuning, function calling.
ServiceFormation Tech & IA
Formateurs opérationnels. IA, data science, développement web. Certifié Qualiopi.
ArticleN8N, c'est quoi ce truc ?
Père Castor, raconte-moi N8N N8N (prononcez « n-huit-n » ou « nodemation » si vous voulez faire classe). C'est un outil qui permet de connecter vos...