Last updated: July 9, 2026 at 7:32 AM UTC
All 580 Vulnerability 209 Breach 109 Threat 255 Defense 7
Tag: hallusquatting (1 article)Clear

HalluSquatting registers the fake package names AI coding tools invent

Researchers have shown an attack, called HalluSquatting, that weaponizes the tendency of AI coding assistants to invent plausible-sounding names for software packages that do not exist. The attackers work out which fake names an AI reliably hallucinates, register those names first on a package registry or GitHub, and upload a trap that instructs the coding agent to install a reverse shell or runs code directly. When the assistant fetches the made-up dependency on a developer's machine, it runs the attacker's payload. Tested against nine AI coding assistants, the technique could let attackers pool compromised developer machines into a botnet for crypto mining, denial-of-service attacks, or ransomware.

Check
Review whether developers or AI coding assistants automatically install and run packages the AI suggests, and check that dependencies are verified against known-good sources before installation.
Affected
Developers using AI coding assistants that fetch and run packages; if the assistant hallucinates a package name an attacker has pre-registered, the developer's machine runs attacker code and can join a botnet.
Fix
Do not let AI coding agents install or run fetched packages without human verification, confirm each suggested dependency actually exists and is legitimate, pin known-good dependencies, and isolate agent execution from credentials.