Forensic Summary
Unit 42 researchers have documented 'phantom squatting', a novel attack vector where adversaries register domains that LLMs consistently hallucinate when responding to developer queries, intercepting traffic from AI-assisted workflows. Analysis of 913 brands across 685,339 URL queries uncovered 13,229 confirmed malicious URLs and approximately 250,000 unregistered hallucinated domains still available for adversarial pre-registration. A concrete case study reveals a fully operational phishing kit, Montana Empire, built with an AI coding assistant and deployed against a domain Unit 42 had flagged as high-risk 23 days prior.
Read the full technical deep-dive on Grid the Grey: https://gridthegrey.com/posts/ai-hallucinated-domains-weaponised-in-active-software-supply-chain-attacks/
Top comments (0)