Hackers can use 9 of the most popular AI tools to assemble massive botnets - Ars Technica Skip to content Ars Technica home Sections Forum Subscribe Search AI Biz & IT Cars Culture Gaming Health Policy Science Security Space Tech Feature Reviews AI Biz & IT Cars Culture Gaming Health Policy Science Security Space Tech Forum Subscribe Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only Β Β  Learn more Pin to story Theme HyperLight Day & Night Dark System Search Sign In Sign in dialog... Sign in ADVERSARIAL HALLUCINATION SQUATTING Hackers can use 9 of the most popular AI tools to assemble massive botnets β€œHalluSquatting” weaponizes LLMs’ inability to say β€œI don’t know.” Dan Goodin – Jul 8, 2026 3:00 am | 64 Text settings Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only Β Β  Learn more Minimize to nav In the brief history of AI security, the prompt injection has quickly become the top threat. Large language models are inherently unable to distinguish between legitimate instructions provided by users and malicious ones sneaked into emails, source code, and other third-party content the models are processing. This makes it trivial to surreptitiously inject malicious commands that the LLM readily follows. With no way to enforce this crucial boundary between trusted and untrusted sources, AI engine developers are left to erect elaborate guardrails designed to mitigate the damage rather than solve the root cause. To date, most prompt injections have fallen into a class known as push, in which each potential victim is targeted.

For example, the adversary injects malicious instructions into an individual email or calendar invitation. Because the injection must then be sent (or pushed) to each specific target, the scale of the attack is limited, hampering mass exploits that hit the Internet at large. Meanwhile, pull-based attacks, in which an LLM actively seeks out the adversarial prompts planted on websites, remain limited. With no way to lure large numbers of LLMs to a malicious site, these sorts of attacks don’t scale either.

Source: https://arstechnica.com/security/2026/07/hackers-can-use-9-of-the-most-popular-ai-tools-to-assemble-massive-botnets/