logo

Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector

ID: 285dfe65-ae9c-5d9e-a8c1-880069f818f6

STIX ID: report--285dfe65-ae9c-5d9e-a8c1-880069f818f6

Feed Name: Palo Alto Networks Unit 42

Threat Score
80/100

Date Published: 2026-07-01

Date Updated: 2026-07-02

Author: Keerthiraj Nagaraj, Diva-Oriane Marty, Beliz Kaleli and Oleksii Starov

...
...

Unit 42 describes "phantom squatting," an active supply-chain risk where LLMs hallucinate plausible-but-unregistered domains that attackers preemptively register and use for phishing and malware delivery; the report presents a large-scale discovery pipeline, empirical results (2.1M LLM-generated URLs, 13,229 malicious URLs, ~250k registerable phantom domains), and multiple real-world exploitation cases (including an AI-assisted phishing kit and malicious Android APK).

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.