HeadlinesBriefing favicon HeadlinesBriefing.com

9 AI Assistants Exposed to Botnet Threat

Ars Technica •
×

In the short history of AI security, prompt injection tops threats. LLMs can’t Munich trusted from malicious instructions in third‑party content, letting attackers splice commands into emails, code, and other files. Without a distinct boundary, engines rely on elaborate guardrails.

Researchers unveiled Hallu Squatting, a pull‑based attack that lets bots scale. Nine popular coding assistants—Cursor, Cursor CLI, Gemini CLI, Windsurf, GitHub Copilot, Cline, Open Claw, Zero Claw, Nano Claw—are vulnerable. The method exploits LLMs’ tendency to hallucinate repository identifiers. Attackers register likely identifiers and seed them with reverse‑shell commands. When assistants pull resources, the malicious code executes, enabling large‑scale botnets, DDoS, and device infections.

For consumers, the threat means everyday AI coding tools can silently download malware. For the industry, it underscores the need for source‑verification mechanisms and stricter repository authentication. Companies must audit their LLM pipelines and enforce whitelist checks before executing third‑party code.