
AI HalluSquatting Lets Hackers Build Botnets from Popular Tools
Security researchers have demonstrated that nine widely used AI coding and chat tools can be manipulated into generating components for large botnets. The technique, dubbed HalluSquatting, capitalises on large language models inventing non-existent package names, URLs or libraries when they lack real knowledge, allowing attackers to register those invented resources and deliver malware.
For Melbourne digital agencies and Australian businesses accelerating AI adoption, the finding is immediately practical. Many local teams now rely on tools such as GitHub Copilot, Claude or ChatGPT to speed website builds, e-commerce features and internal automation. An unchecked hallucinated dependency can introduce remote-control code that later recruits machines into a botnet.
Local risk for Victoria’s tech and retail sectors
Victoria’s dense cluster of agencies, fintechs and online retailers means a single compromised development pipeline can affect customer data and payment systems. MultiViews Australia has already seen clients request tighter AI-code review processes after similar supply-chain incidents. Australian privacy obligations under the Privacy Act make the cost of a botnet-driven breach especially high.
Practical defences include mandatory human review of every AI-suggested package, pinning dependencies to verified hashes, routing installs through private mirrors, and training developers to treat any unfamiliar library name as hostile until proven otherwise. These steps add little friction yet close the HalluSquatting window for most day-to-day work.
Next steps for Australian digital teams
Agencies serving Melbourne clients should update secure-development checklists this quarter and brief stakeholders on the new attack surface. Treating AI output as untrusted input—exactly as we treat user-uploaded files—remains the simplest and most effective control while the industry works on better model grounding.



