unit42 · Crawled Jul 5, 2026
Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector
4 IoCs
Read original article ↗
AI Summary
Unit 42 researchers identified a new threat called 'phantom squatting,' where adversaries register AI-hallucinated domains to exploit software supply chains. Large language models (LLMs) frequently generate fictitious domains for legitimate brands, and attackers preemptively register these domains to intercept traffic from AI systems and users. A real-world case involved the 'Montana Empire' phishing kit, which targeted a hallucinated domain 23 days before its registration, demonstrating AI-assisted attack development. The research uncovered 13,229 malicious URLs and approximately 250,000 unregistered hallucinated domains, highlighting a growing risk to AI-driven workflows and developer tooling.
AI-extracted · verify before operational use