Skip to content

Phantom Squatting: When AI Models Hallucinate Fake Domains

In a nutshell: LLMs hallucinate fabricated domains belonging to established brands, which attackers then register for supply-chain attacks—a hard-to-detect security risk in AI-powered development and research workflows.

Large Language Models regularly hallucinate non-existent web domains for legitimate brands, which attackers subsequently register for malware distribution and other attacks. This new supply-chain attack variant is difficult to detect.

Large Language Models (LLMs) consistently produce fabricated web domains for established brands and companies in their outputs. When these unregistered domains do not actually exist, attackers can register them for malware distribution, phishing, or other attacks—without security tools immediately flagging this activity as suspicious.

The phenomenon is called “Phantom Squatting”: LLMs become unwitting generators of realistic-sounding but fabricated domain names. Users who copy these hallucinated domains—for example, to verify third-party software—unknowingly land on domains under attacker control.

For CISOs, this is relevant because the attack variant circumvents traditional indicators of compromise: the domain is not blocked, traffic appears trustworthy, and LLM-based tools are increasingly embedded in development and security teams. The risk is particularly critical in supply-chain scenarios, such as when developers use LLM-based assistants to research configurations or dependencies.

The difficulty lies in the fact that Phantom Squatting is not a technical flaw in a system but stems from the probabilistic nature of LLMs: they generate plausible text without verifying factuality. This makes this attack class a structural security risk for organizations that integrate AI models into their workflows.


Source: www.darkreading.com · Published 1 July 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.7.2.

Share on: