Halo, saya Hello, I am

Adi Rizky Pratama

Saya seorang I am a

Dosen Teknik Informatika di UBP Karawang sekaligus Programmer Freelance. Menggabungkan riset akademis di bidang AI & Machine Learning dengan pengembangan solusi teknologi nyata untuk industri. Lecturer of Informatics Engineering at UBP Karawang and a Freelance Programmer. Combining academic research in AI & Machine Learning with the development of real-world technology solutions for industry.

6+
Publikasi Publications
50+
Sitasi Citations
10+
Proyek Projects
Dosen & Peneliti Lecturer & Researcher
Full-Stack Dev Full-Stack Dev
AI / ML AI / ML
Geser untuk efek 3D Drag for 3D effect
Adi Rizky Pratama

Akademisi yang Melek Industri Industry-Savvy Academician

Sebagai dosen di Program Studi Teknik Informatika Universitas Buana Perjuangan Karawang, saya mengajar dan meneliti di bidang kecerdasan buatan, pengolahan citra, dan pengembangan aplikasi. Di sisi lain, pengalaman sebagai programmer freelance memungkinkan saya menjembatani teori dan praktik — menghadirkan solusi teknologi yang didasari riset ilmiah yang kuat. As a lecturer in the Informatics Engineering Study Program at Universitas Buana Perjuangan Karawang, I teach and conduct research in artificial intelligence, image processing, and application development. On the other hand, my experience as a freelance programmer allows me to bridge theory and practice — delivering technology solutions built on robust scientific research.

Menjabat sebagai Kepala Pusat Data dan Informasi (PUSDATIN) UBP Karawang, saya terbiasa memimpin proyek digitalisasi skala besar dan berkolaborasi lintas tim. Serving as the Head of the Center for Data and Information (PUSDATIN) at UBP Karawang, I am accustomed to leading large-scale digitalization projects and collaborating across teams.

Dosen Tetap Full-time Lecturer

Teknik Informatika, UBP Karawang Informatics Engineering, UBP Karawang

Riset AI & ML AI & ML Research

CNN, LSTM, k-NN, OCR

Kepala PUSDATIN Head of PUSDATIN

Digitalisasi & Data Center Digitalization & Data Center

Freelance Dev Freelance Dev

Web & Mobile Applications Web & Mobile Applications

Apa yang Bisa Saya Bantu? How Can I Help You?

Menggabungkan keahlian akademis dan pengalaman industri untuk memberikan solusi terbaik. Combining academic expertise and industry experience to deliver the best solutions.

Software Development

Pengembangan aplikasi web & mobile custom sesuai kebutuhan bisnis Anda. Dari landing page hingga sistem enterprise. Custom web & mobile application development tailored to your business needs. From landing pages to enterprise systems.

IT Consulting

Konsultasi arsitektur sistem, pemilihan teknologi, transformasi digital, dan optimasi infrastruktur IT. Consulting on system architecture, technology stack selection, digital transformation, and IT infrastructure optimization.

Corporate Training

Pelatihan pemrograman, data science, dan AI untuk tim korporat maupun institusi pendidikan. Programming, data science, and AI training for corporate teams and educational institutions.

Research Collaboration

Kolaborasi riset di bidang machine learning, computer vision, dan data mining untuk publikasi ilmiah. Research collaboration in machine learning, computer vision, and data mining for scientific publications.

Tech Stack yang Dikuasai Mastered Tech Stack

HTML5
CSS3
JavaScript
Bootstrap
PHP
Laravel
Node.js
Python
TensorFlow
Keras
MySQL
PostgreSQL
Git & GitHub

Tri Dharma Perguruan Tinggi Three Pillars of Higher Education

Pengajaran, penelitian, dan pengabdian masyarakat sebagai fondasi kontribusi ilmiah. Teaching, research, and community service as the foundation of scientific contribution.

Mata Kuliah yang Diampu Courses Taught

Pemrograman Web Web Programming
Kecerdasan Buatan Artificial Intelligence
Machine Learning Machine Learning
Pengolahan Citra Digital Digital Image Processing
Basis Data Database Systems
Pemrograman Mobile Mobile Programming

Pengabdian Masyarakat Community Service

Digitalisasi UMKM melalui implementasi e-learning, QRIS, dan sistem informasi untuk pelaku usaha mikro di Karawang. Digitalization of MSMEs through the implementation of e-learning, QRIS, and information systems for micro-businesses in Karawang.

Highlight Publikasi Riset Research Publication Highlights

1

Penggunaan media pembelajaran Wordwall untuk meningkatkan minat dan motivasi belajar siswa The use of Wordwall learning media to improve students' interest and learning motivation

Zahro, N. A. Q., & Pratama, A. R.

50+ Sitasi 50+ Citations Jurnal Journal
2

Perbandingan Algoritma Apriori Dan FP-Growth Terhadap Market Basket Analysis Comparison of Apriori and FP-Growth Algorithms for Market Basket Analysis

Fathurrahman, M., Pratama, A. R., & Al-Mudzakir, T.

Data Mining Jurnal Journal
3

Implementasi CNN Untuk Klasifikasi Citra Kemasan Kardus Defect dan No Defect CNN Implementation for Defect and No Defect Cardboard Box Image Classification

Antoni, A., Rohana, T., & Pratama, A. R.

Computer Vision CNN

Proyek & Hasil Karya Projects & Creative Works

Koleksi proyek dari dunia akademik, freelance, dan open source. A collection of projects from academic, freelance, and open-source fields.

Memuat proyek... Loading projects...

Pengalaman & Pendidikan Experience & Education

Perjalanan karir di dunia akademik dan industri teknologi. Career journey in the academic world and technology industry.

Akademik Academic 2018 — Sekarang 2018 — Present

Dosen Tetap Full-time Lecturer

Universitas Buana Perjuangan Karawang

Mengajar mata kuliah Pemrograman Web, AI, Machine Learning, dan membimbing riset mahasiswa di Program Studi Teknik Informatika. Teaching Web Programming, AI, Machine Learning, and supervising student research in the Informatics Engineering Study Program.

Freelance Freelance 2019 — Sekarang 2019 — Present

Freelance Web Programmer Freelance Web Programmer

Berbagai Klien & Proyek Various Clients & Projects

Mengembangkan aplikasi web dan mobile untuk klien dari berbagai industri. Spesialisasi di PHP/Laravel, JavaScript, dan Python. Developing web and mobile applications for clients across various industries. Specializing in PHP/Laravel, JavaScript, and Python.

Akademik Academic 2018 — Sekarang 2018 — Present

Kepala PUSDATIN Head of PUSDATIN

UBP Karawang

Memimpin Pusat Data dan Informasi universitas. Mengelola infrastruktur IT, sistem informasi akademik, dan digitalisasi kampus. Leading the university's Center for Data and Information. Managing IT infrastructure, academic information systems, and campus digitalization.

Pengabdian Service 2021 — Sekarang 2021 — Present

Digitalisasi UMKM MSME Digitalization

Karawang & Sekitarnya Karawang & Surrounding Areas

Program pengabdian masyarakat: pelatihan IT, implementasi e-learning dan QRIS untuk pelaku usaha mikro. Community service program: IT training, e-learning implementation, and QRIS integration for micro-businesses.

Pendidikan Education 2015 — 2017

S2 — Magister Teknik Informatika Master of Informatics Engineering

Universitas / Institusi University / Institution

Fokus studi pada kecerdasan buatan, pengolahan citra, dan machine learning. Study focus on artificial intelligence, image processing, and machine learning.

Pendidikan Education 2011 — 2015

S1 — Sarjana Teknik Informatika Bachelor of Informatics Engineering

Universitas / Institusi University / Institution

Fondasi keilmuan di bidang pemrograman, basis data, jaringan komputer, dan rekayasa perangkat lunak. Foundational knowledge in programming, databases, computer networks, and software engineering.

Hubungi Saya Contact Me

Ada proyek, kolaborasi riset, atau pertanyaan? Jangan ragu untuk menghubungi. Have a project, research collaboration, or question? Feel free to reach out.

Mari Berkolaborasi! Let's Collaborate!

Saya selalu terbuka untuk peluang kolaborasi, baik di bidang akademik maupun pengembangan software. Silakan hubungi saya melalui platform berikut. I am always open to collaboration opportunities, both in the academic sphere and software development. Please contact me through the platforms below.

Advertisement
Responsive Ad Unit (Top Banner)

Kamis, 09 Juli 2026

The HalluSquatting Threat: 92% of AI Agents at Risk of Hijacking in 2026 – Here’s How to Protect Your Data

The HalluSquatting Threat: 92% of AI Agents at Risk of Hijacking in 2026 – Here’s How to Protect Your Data

AI agents are increasingly being used to assist with coding, dependency installation, workflow automation, and even running commands on servers. The problem is that the more autonomy these bots are given, the larger their attack surface becomes. One threat that is now starting to receive serious attention is HalluSquatting—an attack technique that exploits AI model “hallucinations” to steer systems toward fake yet malicious packages or repositories.

The risk is not theoretical. In certain scenarios, the success rate of this type of attack can be extremely high, especially when an AI agent is asked to find tools, libraries, or repositories that are trending but not yet well represented in the model’s training data. If left unchecked, this vulnerability can lead to credential theft, malware installation, and even silent system takeover.

What Is HalluSquatting and How Does It Work?

HalluSquatting is an attack method that exploits the tendency of LLMs to “invent” package names, libraries, repositories, or dependencies that do not actually exist. Attackers then register those fake names on public platforms such as GitHub or package registries, so when an AI agent tries to install them, the bot ends up pulling malicious components created by the attacker.

The scheme is simple but effective. An AI agent receives an instruction—for example, to find a specific tool or add a library for a new function. When the model is unsure or lacks sufficient references, it may mention the wrong repository name. Attackers then capitalize on that incorrect name by creating a fake repository that looks convincing.

The Difference Between HalluSquatting and Traditional Typo-Squatting

Traditional typo-squatting relies on human typing errors, such as getting one letter wrong in a domain or package name. Attackers create names that are very similar to the real target in order to deceive victims.

HalluSquatting is different because the source of the mistake is not human fingers, but AI hallucination. In other words, the victim may never mistype anything at all. They simply follow the AI agent’s recommendation, even though that recommendation points to an invalid package or repository name that the attacker has already “prepared” in advance.

Why Limitations in LLM Training Data Trigger Dangerous Hallucinations

LLMs work based on patterns from training data, not real-time factual understanding by default. When asked to name new repositories, niche tools, or fast-rising projects that have not appeared much in their training data, models may guess with seemingly high confidence.

That is where the problem begins. Those guesses often look plausible: the names are neat, the descriptions are logical, and even the dependency structure feels “right.” For AI agents that are allowed to directly execute installations or run scripts, hallucinations like these turn from mere misinformation into an active attack vector.

Attack Success Rate: Up to 100% on Trending AI Skills

The HalluSquatting threat is becoming more serious because its success rate is far from low. In the context of AI agents that rely on model recommendations to find or install components, attackers can exploit the very gaps that appear when bots try to be more helpful.

Trending skills or tasks tend to be riskier because their ecosystems change quickly. New repositories appear constantly, project names resemble one another, and the model may not have up-to-date references. As a result, AI is more likely to “invent” names that sound credible—and that opens the door for attackers.

Latest Research: 92.4% Hallucination Rate for 2025 Repositories vs 0.9% for Older Repositories

Research findings show a sharp contrast between older and newer references. For long-established repositories, the model hallucination rate is relatively low, around 0.9%. But for newer repositories in 2025, the figure jumps dramatically to 92.4%.

The meaning is clear: the newer and more dynamic a software ecosystem is, the greater the chance that an AI agent will incorrectly reference a package or repository. In practical security terms, this means attackers only need to wait for the model to produce a sufficiently convincing fake name, then fill that “empty space” with a malicious repository.

The Exposure of Popular AI Agents – Claude Opus 4.5, Cursor, Windsurf, and OpenClaw

This vulnerability is not limited to a single product or model. Popular AI agents used for coding and automation—including Claude Opus 4.5, Cursor, Windsurf, and OpenClaw—can be affected if their workflows allow the model to recommend dependencies without strong verification.

The core issue is not merely the model name, but how the agent is operated. If a bot can search for, download, install, and execute components from the internet semi-automatically, then a single hallucination is enough to trigger an attack chain.

Real-World Impact: From Reverse Shells to Mass Infection of Thousands of Bots

HalluSquatting is dangerous because its impact can directly affect production systems. Once an AI agent installs a fake package or clones a fake repository, malicious code can be executed through installation scripts, post-install dependencies, or additional shell commands requested by the model.

In more aggressive scenarios, the attack does not stop at one machine. If the bot has access to multiple environments, CI/CD credentials, or cloud tokens, then a single infection can spread widely and affect many instances at once.

Attack Scheme: Planting Malicious Repositories and Tricking Bots into Executing Them

The attack pattern generally works like this:

  1. The AI model hallucinates and mentions a repository or package name that does not actually exist.
  2. The attacker creates a repository with that name and fills it with malicious code.
  3. The AI agent finds the name, assumes it is valid, and then downloads or installs it.
  4. The malicious script is executed during installation, build, or subsequent execution.
  5. The victim system begins sending data, opening remote access, or installing additional malware.

Examples of commands that can be dangerous if executed without verification:

git clone https://github.com/nama-palsu/tool-helper.git
cd tool-helper
chmod +x install.sh
./install.sh

Or:

pip install package-helper-pro

Commands like these may look routine. But if their source comes from a model hallucination and is not verified, the risk is extremely high.

Potential Damage: Credential Theft, Malware Installation, and Crypto Mining

The damage caused by HalluSquatting can be extensive. Attackers can steal API keys, GitHub tokens, cloud credentials, configuration files, and even environment secrets stored on work machines or in automated pipelines.

In addition, malicious code can be used to:

  • install backdoors,
  • open reverse shells,
  • download second-stage malware,
  • run crypto miners,
  • use the victim machine as part of a botnet,
  • or move laterally to other connected systems.

If AI agents are used across many endpoints or teams, the impact could even escalate into a mass infection of thousands of bots in a short time.

Mitigation Steps to Prevent AI Agents from Being Easily Hijacked

The good news is that the risk of HalluSquatting can be reduced if organizations do not treat AI output as a single source of truth. The main keys are verification, permission restrictions, and access separation.

The greater the autonomy of an AI agent, the stricter the safeguards that must be applied. Do not allow bots to install, run, or modify critical systems based solely on a single model recommendation.

Implement a Secure Workflow: Instruct Bots to Always Verify the Web Before Installation

AI agents should be required to verify the existence and reputation of a package before installation. For example, the bot should check whether the repository actually exists, whether the owner is credible, whether the number of stars/contributors is reasonable, and whether the documentation is consistent.

A secure workflow can include the following steps:

  • verify the official repository URL,
  • match the package name against the vendor’s documentation,
  • check the creation date and commit history,
  • avoid automatic installation from newly created sources,
  • require human approval for unfamiliar dependencies.

Example of an instruction policy for an AI agent:

Before installing a package or cloning a repository:
1. Look for the official website or documentation.
2. Make sure the package name matches the official source.
3. Do not execute installation scripts if the repo is new, has minimal activity, or is unverified.
4. Ask for user confirmation if there is any doubt.

Zero Trust Principle: Limit AI Agent Permissions and Access to Machines and Critical Accounts

Do not give AI agents full access to production systems, secret managers, or admin accounts unless it is absolutely necessary. Apply the principles of least privilege and zero trust: assume that every automated action has the potential to be wrong or abused.

Practical steps you can take:

  • run agents in sandboxes or isolated containers,
  • separate experimental environments from production systems,
  • restrict access to sensitive files and secret variables,
  • use temporary tokens with minimal scope,
  • enable logging and audit trails for all agent actions,
  • block high-risk shell execution without manual approval.

With these restrictions in place, even if HalluSquatting occurs, the impact can be contained and prevented from immediately spreading to the most critical assets.

FAQ

What is HalluSquatting?

HalluSquatting is an attack that exploits AI hallucinations when naming packages, libraries, or repositories that do not actually exist. Attackers then create those names so that AI agents download and execute malicious code.

Are all AI agents vulnerable to HalluSquatting attacks?

Not all to the same degree, but many AI agents are at risk if they are given the ability to search for, install, and execute components from the internet without verification. The risk increases for agents that operate automatically and have broad system access.

What is the most effective way to prevent HalluSquatting?

The most effective approach is to combine source verification before installation with permission restrictions for AI agents. Do not allow bots to execute new packages or repositories without proper reputation checks and sufficient approval.

Can the latest LLM models such as Claude Opus 4.5 also be hijacked?

Yes, even the latest models can still be affected if agent workflows rely on model output without external validation. The main issue is not just the model itself, but also permissions, automation, and the lack of security controls when the bot takes action.

Source: https://telset.id/news/ai/riset-ai-agent-bisa-dibajak-lewat-hallusquatting-bahaya-besar

This article was written by artificial intelligence (AI) using the deepseek-v4-pro model via SumoPod AI.

This article was translated by Artificial Intelligence (AI) using gpt-5.4 via SumoPod AI.

Tidak ada komentar:

Posting Komentar

Dosen Teknik Informatika di UBP Karawang sekaligus Programmer Freelance. Menggabungkan riset akademis di bidang AI & Machine Learning dengan pengembangan solusi teknologi nyata untuk industri.

Cari Blog Ini

Diberdayakan oleh Blogger.

Arsip Blog