AI coding assistants can hallucinate fake package or repository names, and researchers showed how attackers can register those names first to deliver hidden instructions through HalluSquatting. When an agent then fetches and runs the trap with little human review, it can execute attacker-supplied code and potentially help build a botnet. #HalluSquatting #BenNassi #AyaSpira #GeminiCLI #Cursor #Windsurf #GitHubCopilot #Cline #OpenClaw
Keypoints
- HalluSquatting turns AI hallucinations into an attack path.
- Attackers register fake names that AI assistants commonly invent.
- Hidden instructions in the registered resource can hijack the agent.
- Exposed tools include Cursor, Windsurf, GitHub Copilot, Cline, Gemini CLI, and OpenClaw assistants.
- Defenses include searching before fetching, avoiding auto-run modes, and verifying the real source first.
Read More: https://thehackernews.com/2026/07/new-hallusquatting-attack-could-trick.html