
AI Infrastructure2026-07-09
Ars Technica
Hackers Use AI Tools to Assemble Massive Botnets
Cybersecurity researchers have identified a dangerous new attack technique dubbed 'HalluSquatting' that exploits a fundamental weakness in large language models (LLMs): their inability to admit uncertainty. The method allows hackers to weaponize nine popular AI tools to assemble massive botnets, posing a significant threat to global internet infrastructure.
HalluSquatting takes advantage of the tendency of LLMs to generate plausible-sounding but incorrect information—a phenomenon known as 'hallucination.' Attackers craft prompts that deliberately trigger these hallucinations, causing AI systems to generate code, commands, or configurations that unwittingly contribute to botnet operations.
For example, when asked to suggest server IP addresses for a distributed network, an LLM might fabricate valid-looking addresses that attackers can then use to coordinate botnet traffic. Similarly, the AI might generate scripts that, while appearing legitimate, contain vulnerabilities or backdoors that hackers can exploit.
The technique is particularly insidious because it leverages the AI's own outputs as attack vectors, making detection difficult. Traditional security measures that scan for known malicious patterns may miss attacks that originate from AI-generated content that appears benign.
Researchers have demonstrated successful HalluSquatting attacks using nine different commercial and open-source AI tools, including popular chatbots and code assistants. The resulting botnets can be used for distributed denial-of-service (DDoS) attacks, credential stuffing, and cryptocurrency mining.
To mitigate the risk, security experts recommend implementing strict output validation for AI systems, especially when generating code or network configurations. Organizations should also train AI models to recognize and refuse requests that could facilitate malicious activities.
The discovery highlights an emerging cybersecurity challenge as AI tools become more integrated into development workflows. Without proper safeguards, the very systems designed to help humans may be turned against them.