AI Hallucinations

Syllabus: GS3/Cyber Security 

In News

  • Recently, researchers warned that AI hallucinations are opening a new front in cybersecurity.

AI hallucinations

  • AI hallucination is a phenomenon where, in a large language model (LLM) often a generative AI chatbot or computer vision tool, perceives patterns or objects that are nonexistent or imperceptible to human observers.
  • AI hallucinations have evolved from a reliability issue into a cybersecurity threat.
    • Attackers exploit these predictable errors through techniques such as Phantom Squatting and HalluSquatting, creating fake websites and malicious software packages that AI is likely to recommend, thereby enabling phishing attacks and malware distribution.

Major Terms

  • Squatting :  Squatting is a cybercrime technique in which attackers manufacture fake domain names or software packages that resemble the real thing.
    • The classic types are typosquatting (misspelt websites), brand squatting (copying a famous brand), and package squatting (malicious software packages with similar names).
      • All of these rely on human error. 
  • Phantom Squatting: It is a cyberattack where cybercriminals take advantage of AI hallucinations to register fake internet domains that are incorrectly suggested to users by large language models (LLMs).
    • These domains often resemble legitimate sites, like customer portals or support pages. 
    • Attackers register the unused domains and use them to host phishing, malware or credential stealing sites. 
    • Unlike traditional phishing, victims willingly visit these malicious websites because they trust the AI-generated recommendation.
  • HalluSquatting: It is a software supply chain attack where attackers exploit the tendency of AI coding assistants to hallucinate nonexistent names of software packages, libraries, or repositories.
    • Attackers register these bogus, but plausible, package names and upload malicious code.
      • Developers copy and paste installation commands generated by AI and end up installing malware instead of the software they intended, not realising the security risk they’ve created.

How AI squatting differs from prompt injection

  • AI squatting attacks like Phantom Squatting and HalluSquatting differ from prompt injection in that they do not depend on malicious prompts, jailbreaks or weaknesses in AI models.
  •  Instead, the attackers leverage the inherent propensity of large language models (LLMs) to hallucinate predictable domain names or software packages. 
  • This makes attacks highly scalable as users can be compromised just by following AI-generated recommendations, even before they engage with malicious content.

Ways to Handle 

  • AI hallucinations cannot be fully patched because they are inherent to how LLMs generate responses. As AI becomes more autonomous, attackers can exploit hallucinated domains and software packages, making AI behavior itself a new cyberattack surface. 
  • Enterprises should therefore verify all AI-generated links, software packages, and external resources before use.

Source :BS

 

Other News of the Day

Syllabus: GS2/Governance  In News The Joint Parliamentary Committee (JPC) examining the Constitution (One Hundred and Thirtieth Amendment) Bill has deferred the adoption of its draft report after completing voting on two of its five recommendations.  The Constitution (130th Amendment) Bill, 2025 proposes to remove the Prime Minister, Chief Ministers and Ministers from office if they...
Read More

Syllabus: GS2/International Relations Context The National Security Chiefs of BIMSTEC member states met in New Delhi, reaffirming their commitment to strengthen regional cooperation against terrorism, cyber threats, maritime security challenges, and emerging security risks. About They adopted guidelines for the maritime component of humanitarian assistance and disaster relief. These guidelines will help BIMSTEC member states...
Read More

Syllabus: GS3/Infrastructure Context Recently, the Union Cabinet approved the Modified UDAN Scheme with a ₹28,840 crore outlay (FY 2026–27 to FY 2035–36). About Ude Desh ka Aam Nagrik (UDAN) The Regional Connectivity Scheme (RCS) – UDAN (Ude Desh ka Aam Nagrik) was launched in 2016 by the Ministry of Civil Aviation to make air travel...
Read More

Syllabus: GS3/Economy In News Maharashtra has become the first state in India to have a dedicated law for the empowerment of women farmers with the Maharashtra Women Farmers Empowerment Act, 2026. Maharashtra Women Farmers Empowerment Act, 2026 It is aimed at correcting the historical neglect of women’s contribution to agriculture and to improve their access...
Read More

Falkland Islands Syllabus: GS1/Geography; GS2/IR Context Argentina’s post-match celebration after defeating England in the 2026 FIFA World Cup semi-final sparked controversy after players displayed a banner claiming the Falkland Islands as Argentine territory. About The banner revived a nearly 200-year-old sovereignty dispute between Argentina and the United Kingdom.  The Falkland Islands, known as Islas Malvinas...
Read More
scroll to top