A new cyberattack technique known as phantom squatting is emerging as a serious concern for organizations, software developers, and internet users by exploiting an unexpected weakness—not in software code or stolen credentials, but in the way large language models (LLMs) generate information.
Security researchers have found that AI systems frequently invent web addresses that appear legitimate but do not actually exist. Cybercriminals are now registering these non-existent domains before anyone else, allowing them to intercept users who unknowingly trust AI-generated recommendations.
According to research by Unit 42, this growing attack vector has the potential to facilitate phishing, malware distribution, credential theft, and software supply chain compromises.
How Phantom Squatting Works
Unlike traditional cyberattacks that rely on exploiting software vulnerabilities or leaked credentials, phantom squatting takes advantage of AI hallucinations.
When users ask an AI assistant about a company's website, online service, or customer portal, the model may generate a convincing—but entirely fictitious—URL. If that domain has never been registered, attackers can purchase it and populate it with phishing pages, malware, or other malicious content.
Once registered, these domains appear legitimate to users who trust AI-generated responses.
Researchers say this attack mirrors an earlier supply chain technique known as slopsquatting, where AI coding assistants invent software package names that attackers later register to distribute malicious code. Phantom squatting extends the same concept from software repositories to internet domains.
Research Reveals the Scale of the Threat
Unit 42 conducted one of the largest studies on AI-generated domain hallucinations by testing multiple LLM families using 685,339 prompts involving 913 globally recognized brands across sectors including finance, healthcare, government, technology, and online gambling.
The research generated approximately 2.1 million URLs, revealing significant security concerns:
- 13,229 URLs were confirmed to be malicious.
- 41,313 URLs were classified as high-risk.
- More than 809,000 generated URLs pointed to domains that did not exist.
- These collapsed into nearly 250,000 unique unregistered domains, many of which remain available for registration.
Threat analysis showed that:
- 67.2% of confirmed malicious domains delivered malware.
- 16.2% were used primarily for phishing campaigns.
Perhaps most concerning, researchers found that AI models consistently reproduced many of the same fictitious domains. This allowed attackers to predict which hallucinated domains were likely to emerge repeatedly.
According to Unit 42, their monitoring platform successfully predicted malicious domain registrations 18 to 51 days before attackers actually registered them.
Real-World Cases Show the Threat Is Active
Researchers documented several incidents demonstrating that phantom squatting has already moved beyond theory.
Postal Service Phishing Operation
In one case, referred to as Montana Empire, researchers identified a hallucinated e-commerce domain associated with a postal service nearly 23 days before attackers registered it.
Once activated, the domain hosted a complete phishing operation featuring:
- AI-assisted source code,
- cloned storefront content,
- a PHP backend,
- and Telegram-based credential exfiltration infrastructure.
Fake Marketplace for Malware Distribution
In another incident, researchers detected a hallucinated domain resembling a national postal service marketplace 51 days before its registration.
Attackers later transformed the site into a convincing replica featuring:
- fabricated customer ratings,
- fake user statistics,
- and a malicious Android application disguised as legitimate software.
Additional phantom domains were found impersonating:
- a major UAE banking institution,
- a European financial organization,
- and online betting platforms targeting users in Bangladesh.
These findings indicate that financial institutions and users across South Asia remain within the threat landscape.
Why Phantom Squatting Is Difficult to Stop
Traditional typosquatting relies on users accidentally misspelling genuine domain names.
Phantom squatting differs fundamentally because the incorrect domain originates from an AI system rather than human error.
Since the vulnerability stems from how language models probabilistically generate text, researchers caution that it cannot simply be patched like a software bug.
As AI assistants become increasingly integrated into software development, enterprise workflows, customer support, and online search, misplaced confidence in AI-generated information creates new opportunities for attackers.
Recommended Mitigation Measures
Cybersecurity experts recommend that organizations adopt preventive strategies similar to those used against conventional domain squatting.
These include:
- Maintaining a comprehensive inventory of legitimate corporate domains.
- Registering likely domain variations before attackers can claim them.
- Continuously monitoring newly registered domains resembling corporate brands.
- Verifying software packages only through trusted repositories.
- Independently validating AI-generated URLs before accessing sensitive services.
- Educating employees not to rely solely on AI-generated web addresses for financial, healthcare, or government services.
Organizations operating in highly regulated sectors—including banking, healthcare, public administration, and critical infrastructure—should incorporate phantom squatting into their broader cyber risk assessments.
Shunyatax Global Insight
Phantom squatting represents a new generation of cyber risk where artificial intelligence itself becomes an indirect attack surface. Rather than exploiting flaws in software, attackers exploit misplaced trust in AI-generated information. As generative AI becomes deeply embedded in enterprise workflows, organizations will need to treat AI outputs with the same verification standards applied to emails, software downloads, and online identities. Proactive domain management, continuous monitoring, and robust digital verification practices will be essential to limiting the risks posed by this evolving threat.
Stay connected with Shunyatax Global for authoritative coverage of cybersecurity, artificial intelligence, financial crime, digital governance, and emerging technology risks.