A video-conferencing startup called MeetingTV is suing Palo Alto Networks and its Koi Security unit, alleging that an AI-assisted threat-intelligence report fabricated a connection between the company and a Chinese espionage campaign. The case is one of the first to test who is legally responsible when an AI-generated error names a real company as a criminal, though a crucial detail is that no court filing yet proves AI actually caused the mistake.
Key facts
- MeetingTV Inc. (CEO Michael Robertson) sued Koi Security, its researchers, and parent Palo Alto Networks over a December 2025 report tying its product to a threat actor.
- The disputed report allegedly relied on Koi's LLM-based "Wings" analysis platform, which MeetingTV says "generated erroneous correlations."
- Axios reports that no court filing so far provides direct evidence that AI generated the errors.
- Primary reporting: The Register and Axios.
A vital point up front: the Chinese-espionage link is the disputed, allegedly-false claim at the heart of the lawsuit, not an established fact. According to The Register, Koi's report accused MeetingTV of "operating core infrastructure for a well-funded Chinese criminal organization running a large-scale malware and corporate espionage campaign." MeetingTV rejects this entirely, and this article treats it as an allegation Koi published, not as something MeetingTV did.
Here is the background a reader needs. Koi Security is a threat-intelligence firm that Palo Alto Networks acquired in April 2026. In December 2025 it published a report naming a threat actor it called "DarkSpectre" and tying MeetingTV's "Zoomcorder" product to it. MeetingTV's complaint alleges the report leaned on an AI-based analytical tool and that a key piece of evidence, a browser extension Koi described as bridging MeetingTV's infrastructure to the threat actor, does not actually exist. If a product is publicly branded as Chinese-espionage infrastructure, the consequences are immediate and severe: security vendors block it, and, as Robertson put it, "all the LLMs now say we're working with Chinese cyber criminals. How will that ever get removed?"
The honest complication is that even MeetingTV cannot firmly say AI is the culprit. Robertson's own on-record framing is a question, not an accusation: "They admit to using AI for their analysis. Maybe a human made it all up? Maybe it was AI?" Axios adds a pointed reality check that primary sources, not aggregator spin, establish: "none of MeetingTV's court filings provide direct evidence showing that AI systems generated the allegedly erroneous findings." Koi has since quietly amended the report to remove one MeetingTV domain, saying it "determined that there is no evidence that this domain is connected or related in any way to the malicious infrastructure," while its motion to dismiss argues the report is protected speech and never named MeetingTV itself as the threat actor. Palo Alto Networks, for its part, said it "believes Koi's cybersecurity research reflects its commitment to identifying and exposing threats" and expects the dispute "resolved through the appropriate legal process."
Why it matters: whether or not AI hallucinated this specific report, the case previews a genuine problem. As security firms and everyone else lean on large language models that sometimes fabricate confident, specific falsehoods, those fabrications increasingly name real people and companies, and the reputational damage lands before anyone verifies it. This lawsuit asks a question courts will face repeatedly: when an AI-assisted process publishes a damaging error, who is liable, the tool, the firm that ran it, or no one? The caveat runs both ways here, MeetingTV has not proven AI caused the error, and Koi has not conceded it did. But the underlying dynamic, automated analysis producing plausible, harmful, hard-to-retract claims, is exactly the failure mode that turns a technical quirk into a legal and human one.
Originally published on Ground Truth, where every claim is checked against the primary source.
Top comments (0)