Researchers from Tel Aviv University, Technion, and Intuit demonstrated a new attack technique called "Adversarial HalluSquatting" that exploits AI-generated hallucinations to compromise computers. The technique tricks AI agents into trusting fake software repositories and tools containing malicious instructions, potentially enabling attackers to build AI-enabled botnets.
Testing showed AI hallucination rates reached 85% in repository cloning scenarios and 100% in skill installation tests against coding assistants including Cursor, GitHub Copilot, Gemini CLI, and OpenClaw. The researchers warned the method could lead to remote code execution when agents act on unverified information without confirming whether sources are legitimate. HalluSquatting mirrors typosquatting tactics, but targets mistakes made by AI models rather than human typing errors.