The gist: AI coding assistants can be manipulated through fabricated but registered package names to trick users into installing malware.
Researchers have demonstrated an attack technique called HalluSquatting that exploits the hallucination capability of AI coding assistants: attackers register fictitious package names that the AI regularly invents, luring users into installing compromised software.
AI coding assistants occasionally generate credible names for non-existent projects when asked about popular tools. The new attack technique HalluSquatting deliberately exploits these “hallucinations”: attackers identify the fictitious package names that the AI reliably invents, register these names in public package repositories, and wait for the coding assistant to recommend those exact compromised packages to users.
The security risk lies in the chain of trust: users often follow AI recommendations uncritically, especially when the package names appear authentic and the conversation context is coherent. A registered package containing botnet malware or other malicious software variants will then likely be executed with high probability.
For CISOs, this represents an additional vector in supply-chain security: while previous attention focused on dependency confusion and typosquatting, a new attack angle has become relevant — one that leverages AI integration into development processes directly as an attack surface. The problem intensifies the more AI coding assistants become embedded in developer teams.
Source: thehackernews.com · Published July 8, 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.