5 min read
News Brief Researchers at Tel Aviv University have chained two well-known AI weaknesses, hallucination and prompt injection, into a technique that can trick AI coding assistants into installing botnet malware on a user's machine.
Researchers at Tel Aviv University have chained two well-known AI weaknesses, hallucination and prompt injection, into a technique that can trick AI coding assistants into installing botnet malware on a user's machine.
LLMs suggest non-existent package names in 20-30% of coding responses. Attackers register these hallucinated names with malicious payloads — slopsquatting as a supply chain attack.