HalluSquatting Attack Turns AI Coding Agents Into Botnet Nodes Through Predictable Package Hallucinations
Researchers demonstrated that AI coding agents hallucinate repository and package names at rates up to 92.4%, and attackers can register those hallucinated names in advance to inject reverse shells. The technique, called HalluSquatting, works against Cursor, GitHub Copilot, Gemini CLI, OpenClaw, and five other widely deployed agents.