Hallucinating AI Could Create Botnets, Warn Researchers

AI Agents Could Be Turned Into Botnets Through Hallucinations, Researchers Warn
Researchers are warning that AI agents may be vulnerable to being co-opted into botnet-like networks when they hallucinate—producing incorrect outputs that can be mistaken for valid instructions or trusted information.
In the scenario outlined by the researchers, hallucinations aren’t just a quality issue. They can become a security problem when an AI agent is empowered to take actions, interact with other systems, or coordinate with other agents. If an agent treats a hallucinated directive as authoritative, it may begin executing unintended tasks in a way that resembles automated, distributed abuse.
The concern is especially relevant as AI agents are increasingly designed to operate beyond chat interfaces—handling workflows, calling tools, and performing autonomous steps. In those setups, the difference between a “bad answer” and “bad behavior” can narrow, because outputs can trigger real actions.
Why it matters for crypto is straightforward: the industry relies heavily on automation, APIs, and machine-to-machine coordination. Wallet operations, trading infrastructure, onchain monitoring, customer support, and compliance tooling are areas where agent-like systems are already being explored or deployed. A failure mode that causes agents to mis-execute tasks at scale could introduce new operational and security risks.
The researchers’ warning adds to a broader conversation about securing agentic AI systems, including:
- Output reliability: hallucinations can create fabricated “facts” or instructions that downstream systems may accept.
- Autonomy risk: agents with permissions can turn errors into actions, not just text.
- Coordination effects: multiple agents interacting can amplify mistakes and spread them quickly.
The takeaway is that as AI agents become more capable and more connected, safeguards need to account for hallucinations as a potential vector for abuse—not only as a usability flaw, but as a pathway to unintended, automated behavior that can scale across systems.
