Supply-chain securityHalluSquatting: the dependency your agent invented, and the attacker who registered it first
Researchers from Tel Aviv University, the Technion, and Intuit describe a supply-chain pattern, HalluSquatting, that turns an AI coding agent's tendency to hallucinate package and repository names into a delivery channel for remote code execution and botnet payloads. The novelty is in the delivery, not the malware.