
The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.
Researchers from Tel Aviv University, Technion, and Intuit revealed a new attack, HalluSquatting, which exploits AI coding assistants' tendency to hallucinate resource identifiers. Attackers register these hallucinated names with malware, causing AI systems to install malicious code, enabling large-scale botnet formation and remote code execution. The vulnerability affects popular AI development tools.[AI generated]
Why's our monitor labelling this an incident or hazard?
The article explicitly identifies AI systems (LLM-based coding assistants and agents) as central to the attack vector. The attack exploits the AI systems' hallucination behavior to inject malicious commands that lead to large-scale infections and botnet formation, which can cause harm such as DDoS attacks and ransomware. These harms fall under harm to property, communities, and potentially critical infrastructure disruption. The involvement of AI is direct and pivotal, as the attack depends on the AI systems' flawed behavior. Hence, this is an AI Incident rather than a hazard or complementary information, as the harm is realized and the AI system's malfunction and use have directly led to it.[AI generated]