Login
Sign Up
Woofun AI reports that researchers from Tel Aviv University, the Technion, and Intuit have identified a novel attack vector termed "adversarial illusion injection." This method leverages AI model hallucinations to deceive agents into downloading malicious code, potentially assembling a botnet. Attackers preemptively register false resource links predicted by AI models, embedding harmful instructions that agents execute as legitimate content.
Testing indicates an 85% illusion occurrence rate during code repository cloning and a 100% rate in skill installation scenarios. Major AI coding assistants, including Cursor, GitHub Copilot, Gemini CLI, and OpenClaw, are vulnerable. The technique mirrors traditional "typo-squatting" but targets AI errors rather than human input. Prior studies noted malicious prompt injections hijacking agents, with OpenClaw users reporting over 6,000 attempts to extract sensitive data.