Updated
Updated · Fox News · Jul 18
Researchers Expose HalluSquatting Attack With 100% Fake Install Rates in AI Tools
Updated
Updated · Fox News · Jul 18

Researchers Expose HalluSquatting Attack With 100% Fake Install Rates in AI Tools

1 articles · Updated · Fox News · Jul 18

Summary

  • Tel Aviv University, Technion and Intuit researchers showed attackers can register repository names invented by AI assistants, turning hallucinated software lookups into malware delivery paths.
  • Tests on tools including Cursor, GitHub Copilot, Cline and Gemini CLI found hallucination rates up to 85% in repository cloning and 100% in some skill-installation scenarios.
  • The risk rises with autonomous agents that can browse, download files and run terminal commands, enabling remote tool execution or code execution if they trust a squatted resource.
  • Researchers said mandatory live lookups, owner verification and human approval before running downloaded code would cut exposure, though no single control fully removes the threat.
  • The study did not report a live criminal campaign, but warned the technique could help build 'agentic botnets' if AI agents keep acting on fabricated resource names.

Insights

When your helpful AI assistant hallucinates, can it secretly turn your computer into a hacker's puppet?
AI's creativity is also its biggest security flaw. Can we ever truly make these autonomous tools safe?