Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector

· Source: Unit 42 · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Software Development & Engineering · Depth: Advanced, extended

Summary

Unit 42 researchers have identified "phantom squatting," a critical software supply chain vulnerability where large language models (LLMs) consistently hallucinate web domains for legitimate brands. Adversaries are actively exploiting this by registering these nonexistent domains to intercept traffic from AI systems. Their analysis involved 913 global brands and 685,339 URL queries across two distinct LLM models, generating 2.1 million URLs. This revealed 13,229 confirmed malicious URLs and approximately 250,000 unregistered hallucinated domains ripe for exploitation. Proactive monitoring allowed researchers to predict adversary registration 18 to 51 days in advance. A notable case involved an attacker using an AI coding assistant to create the "Montana Empire" phishing kit, targeting a domain identified as a high-risk hallucination 23 days earlier, demonstrating a full AI-assisted attack cycle.

Key takeaway

For AI Security Engineers and MLOps teams integrating LLMs into development workflows, you must proactively address "phantom squatting." Your current URL filtering and threat intelligence systems will likely miss these AI-hallucinated domains, as they exploit a zero-reputation bypass. Implement a discovery framework to map your LLM's hallucination surface and establish a watchlist for unregistered phantom domains, enabling you to detect and block malicious registrations before weaponization.

Key insights

LLMs consistently hallucinate plausible but nonexistent domains, creating a zero-reputation attack vector for software supply chains.

Principles

Method

A multi-agent discovery framework simulates adversarial probing, generates URLs across LLMs and temperatures, then verifies and watches non-existent domains (NXDs) for registration.

In practice

Topics

Code references

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, AI Scientist, MLOps Engineer

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Unit 42.