⚠️ Region Alert: UAE/Middle East
Unit 42 researchers have identified a new supply chain threat termed "phantom squatting," where adversaries register nonexistent web domains that are consistently hallucinated by large language models (LLMs). By analyzing over 900 global brands and 2.1 million AI-generated URLs, the study found that attackers are proactively weaponizing these "born clean" domains to bypass traditional reputation-based security filters. A notable case involved an attacker using an AI coding assistant to develop a phishing kit named Montana Empire, targeting a domain predicted by researchers 23 days prior.
The research highlights that approximately 250,000 unique phantom domains remain unregistered, presenting a significant opportunity for preemptive exploitation. This vulnerability is particularly dangerous for autonomous AI agents and developers who trust LLM-generated URLs for documentation or API endpoints. Because these hallucinations are often predictable based on a model's internal language patterns, defenders have a unique window—the adversarial exploitation window—to identify and block these domains before they are officially registered and weaponized.
Top comments (0)