Security · 2h ago
HalluSquatting Exploit Turns AI Coding Agents Into Unwitting Botnets
Researchers found that nine AI coding tools, including Cursor and GitHub Copilot, hallucinate package names that attackers can pre-register with malicious payloads. The attack, called HalluSquatting, requires no phishing—agents pull fake packages automatically. One registered package can compromise many developers who trigger the same hallucination.
Meridian48 take
This isn't a new vulnerability but a systemic failure in agentic trust: tools that act on hallucinated output without verification turn a known LLM quirk into a scalable attack surface.
Read the full reporting
HalluSquatting: How Attackers Turn AI Coding Agents Into a Botnet Without Touching a Single Victim →
DEV Community
ai-coding-toolshallusquatting