Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector
Summary
Unit 42 researchers have identified "phantom squatting," a critical software supply chain vulnerability where large language models (LLMs) consistently hallucinate web domains for legitimate brands. Adversaries are actively exploiting this by registering these nonexistent domains to intercept traffic from AI systems. Their analysis involved 913 global brands and 685,339 URL queries across two distinct LLM models, generating 2.1 million URLs. This revealed 13,229 confirmed malicious URLs and approximately 250,000 unregistered hallucinated domains ripe for exploitation. Proactive monitoring allowed researchers to predict adversary registration 18 to 51 days in advance. A notable case involved an attacker using an AI coding assistant to create the "Montana Empire" phishing kit, targeting a domain identified as a high-risk hallucination 23 days earlier, demonstrating a full AI-assisted attack cycle.
Key takeaway
For AI Security Engineers and MLOps teams integrating LLMs into development workflows, you must proactively address "phantom squatting." Your current URL filtering and threat intelligence systems will likely miss these AI-hallucinated domains, as they exploit a zero-reputation bypass. Implement a discovery framework to map your LLM's hallucination surface and establish a watchlist for unregistered phantom domains, enabling you to detect and block malicious registrations before weaponization.
Key insights
LLMs consistently hallucinate plausible but nonexistent domains, creating a zero-reputation attack vector for software supply chains.
Principles
- LLMs function as trusted, exploitable supply chain dependencies.
- Phantom domains bypass reputation-based defenses due to zero-reputation status.
- LLM hallucination patterns are predictable, enabling proactive defense.
Method
A multi-agent discovery framework simulates adversarial probing, generates URLs across LLMs and temperatures, then verifies and watches non-existent domains (NXDs) for registration.
In practice
- Map your LLM's hallucination surface for critical brands.
- Establish proactive watchlists for high-THP phantom domains.
- Integrate NXD monitoring into CI/CD pipelines.
Topics
- Phantom Squatting
- LLM Security
- Software Supply Chain
- URL Hallucination
- Proactive Threat Detection
- AI Agents
Code references
Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, AI Scientist, MLOps Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by Unit 42.