‘Phantom Squatting’: An Emerging AI-Driven Supply Chain Threat

A New AI-Driven Threat Emerges in Software Supply Chain: ‘Phantom Squatting’

Cybercriminals have discovered a novel way to compromise software supply chains using large language models (LLMs) that “hallucinate” fictional web domains for legitimate brands. This emerging threat, dubbed “phantom squatting,” allows attackers to register nonexistent domains linked to well-known companies and use them to intercept traffic generated by AI systems.

The issue arises from the way LLMs generate responses to user queries. When asked to provide information or resources related to a specific brand, these models often create fictional web domains that seem plausible but do not actually exist. Cybercriminals can then exploit this vulnerability by registering these phantom domains and using them to launch phishing attacks, intercept sensitive data, or even distribute malware.

Researchers at Palo Alto Networks’ Unit 42 analyzed over 685,000 URL queries across multiple LLM models and discovered an astonishing 250,000 hallucinated domains for just 913 global brands. This is not a one-off incident; the team found that these fictional domains exist alongside over 13,220 confirmed malicious URLs related to the same brands.

Phantom squatting works by allowing attackers to register phantom portals, API endpoints, or corporate services for a target brand. When users interact with AI assistants directed to these phantom portals, they become vulnerable to malicious activity hiding behind them. In one notable case, an attacker used an AI coding assistant to build a full phishing kit targeting a high-risk phantom domain that researchers had identified earlier.

The threat is particularly concerning given the widespread adoption of LLMs as trusted supply chain dependencies across many enterprises. As Edholm, security engineer and co-founder at Detectify, puts it: “Phantom squatting is cheap, repeatable, and scalable – exactly what makes an attack dangerous.” This new vector exploits the trust users have in AI-generated content, making detection more challenging.

One of the most striking examples of phantom squatting came when Unit 42’s proactive monitoring detected registrations of phantom domains by would-be attackers just days after initial identification. In one instance, a high-risk postal service e-commerce domain was flagged 23 days before registration and later used as the victim-facing site for a phishing kit called “Montana Empire.”

The takeaway from this emerging threat is clear: enterprises must be aware of the potential risks associated with LLMs and take proactive measures to protect against phantom squatting. This includes monitoring AI-generated content, verifying domain registrations, and educating users on the dangers of interacting with suspicious web portals.

As the use of AI continues to grow in the software supply chain, it’s essential for companies to prioritize security and address this new threat before it becomes a major headache. By staying vigilant and proactive, we can mitigate the risks associated with phantom squatting and prevent cybercriminals from exploiting this novel attack vector.


Source: Dark Reading — 2026-07-01