Cybercriminals are using a new and insidious attack vector called “phantom squatting” to threaten the software supply chain. By exploiting the tendency of large language models (LLMs) to “hallucinate” or generate fictional web domains for legitimate brands, attackers can register nonexistent domains linked to these brands, creating a perfect trap for unsuspecting users.
The technique has been dubbed “phantom squatting” because it involves registering phantom domains that are plausible but non-existent. This allows cybercriminals to intercept traffic generated by AI systems and even use AI-powered tools to build sophisticated phishing kits. The attack vector is particularly concerning given the increasing reliance on LLMs as a trusted supply chain dependency across many enterprises.
The researchers at Palo Alto Networks’ Unit 42 analyzed 913 global brands via 685,339 URL queries across multiple configurations of two distinct LLM models. They found that these models generated over 250,000 hallucinated domains, which exist alongside more than 13,220 confirmed malicious URLs related to the same brands.
The process is straightforward: a coding assistant generates a plausible but unregistered benefits portal URL, or an AI research agent produces a believable banking portal domain that an adversary can register to capture traffic. In some cases, developers even integrate AI-generated API endpoints into their code, unknowingly directing application data to an attacker-controlled server. The attack chain is simple: probe models for invented domains that appear repeatedly, register the most useful names, and place phishing or malicious content behind them.
One notable example of this technique in action involved a would-be attacker who used an AI coding assistant to build a full phishing kit targeting a high-risk phantom domain identified by Unit 42’s proactive monitoring. The researchers detected registrations of phantom domains by attackers just 18 to 51 days after initial identification, with one case involving a “high-risk” postal service e-commerce domain that was later used as the victim-facing site for a phishing kit called “Montana Empire.”
The rise of phantom squatting highlights the need for organizations to be vigilant in monitoring their supply chain and detecting potential threats. As Johan Edholm, security engineer and co-founder at Detectify, notes, “It’s cheap, repeatable, and scalable, which is what actually makes an attack dangerous.” To stay ahead of this threat, it’s essential for enterprises to implement robust detection mechanisms and educate users about the risks associated with AI-generated domains.
Ultimately, the emergence of phantom squatting underscores the importance of addressing the security implications of AI-driven attacks. As LLMs become increasingly ubiquitous in our digital landscape, we must be prepared to adapt and innovate to stay one step ahead of cybercriminals who are exploiting these technologies for malicious purposes.
Source: Dark Reading — 2026-07-01