# Researchers Expose HalluSquatting Risk in AI Agents

> Source: <https://letsdatascience.com/news/researchers-expose-hallusquatting-risk-in-ai-agents-b024307f>
> Published: 2026-07-10 13:37:33+00:00

Agentic developer tools increasingly combine LLM planning with terminals, package managers, and repository fetches, so hallucinated resource names are no longer a harmless accuracy bug. A new arXiv paper from researchers at Tel Aviv University, Technion, and Intuit describes HalluSquatting, a supply-chain attack path where assistants can be steered toward plausible but nonexistent repositories or skills that attackers pre-register. The practical lesson for LDS readers is direct: any model-generated repository, package, skill, or URL should be treated as untrusted until verified against a real source. The paper and project page report high hallucination rates for recent resources and say the team responsibly disclosed findings while redacting copyable implementation details. Security teams should add lookup-before-fetch workflows, command approval, sandboxing, and least-privilege credentials around coding agents.
