Back to section
Bezpečnosť 🔥 Top

'HalluSquatting' Turns AI Hallucinations Into Botnet Delivery Mechanism

Sobota 11. júla 2026 Source: SecurityWeek

What happened

Researchers published details on July 10, 2026 of 'HalluSquatting', which exploits LLMs' tendency to hallucinate non-existent package names. Attackers pre-register these fake names and embed malicious code — when an AI assistant recommends installation, the malware installs automatically.

Context and impact

AI coding assistants (Cursor, GitHub Copilot, Gemini CLI, Cline) can become malware delivery vehicles without traditional phishing. The technique bypasses firewalls and antivirus tools since the attack arrives through a trusted AI channel. Agentic botnets can spread via prompt injection.

Details

  • Hallucination rates: up to 85% for repo-cloning prompts; up to 100% for skill installations
  • Affected tools: Cursor, Windsurf, GitHub Copilot, Cline, Gemini CLI, OpenClaw
  • Mechanism: name squatting → prompt injection → autonomous spread
  • Defense: allowlist of approved packages, manual verification before any installation
Open original source SecurityWeek