Updated
Updated · Fox News · Jul 18
Researchers Detail HalluSquatting Attack With 85% AI Hallucination Rates, Enabling Malware Downloads
Updated
Updated · Fox News · Jul 18

Researchers Detail HalluSquatting Attack With 85% AI Hallucination Rates, Enabling Malware Downloads

1 articles · Updated · Fox News · Jul 18

Summary

  • Tel Aviv University, Technion and Intuit researchers described HalluSquatting, an attack that turns AI-made software repository names into malware traps for coding assistants and personal AI agents.
  • Up to 85% of repository-cloning tests and 100% of some skill-installation tests produced hallucinated names, which attackers could register so an AI later downloads and executes the wrong files.
  • The risk rises when agents can browse, install software and run terminal commands without approval; the team demonstrated remote tool execution and remote code execution in production AI apps using harmless payloads.
  • Live web searches, owner verification and mandatory human approval before running downloaded code could reduce exposure, though the study said no single control fully removes the threat.
  • The researchers said they found no widespread criminal campaign and withheld reusable attack details, but warned the technique could help build an 'agentic botnet' as AI agents gain more autonomy.

Insights

When your helpful AI assistant hallucinates, can it secretly turn your computer into a hacker's puppet?
AI's creativity is also its biggest security flaw. Can we ever truly make these autonomous tools safe?