Researchers show how popular AI assistants can be subverted to launch large‑scale botnets, a new vulnerability dubbed HalluSquatting.
Researchers have uncovered a novel threat vector that allows popular AI development tools, including OpenClaw and GitHub Copilot, to be commandeered for building massive botnets.
What is HalluSquatting?
The technique, dubbed HalluSquatting, exploits the hallucination tendencies of large language models to generate malicious code snippets that can be executed without user awareness.
How AI assistants become attack platforms
When developers query AI assistants for code assistance, the model may embed hidden payloads within seemingly innocuous suggestions. These payloads can then be compiled and deployed across multiple machines, forming a distributed network controlled by the attacker.
The researchers demonstrated that by subtly altering prompt contexts, they could trigger the AI to produce code that initiates network connections, downloads additional malware, and evades typical security heuristics.
Implications for the AI ecosystem
If left unchecked, HalluSquatting could transform widely used development tools into large‑scale botnet generators, undermining trust in AI‑assisted programming and exposing enterprises to unprecedented risk.
- Compromise of AI model outputs
- Automated propagation of malicious code
- Difficulty in detecting AI‑generated payloads