Phantom Squatting: LLM Hallucinations in Supply Chain
Unit 42 researchers have documented 'phantom squatting', a novel attack vector where adversaries register domains that LLMs consistently hallucinate when responding to developer queries, intercepting traffic from AI-assisted workflows. Analysis of 913 brands across 685,339 URL queries uncovered 13,229 confirmed malicious URLs and approximately 250,000 unregistered hallucinated domains still available for adversarial pre-registration. A concrete case study reveals a fully operational phishing kit, Montana Empire, built with an AI coding assistant and deployed against a domain Unit 42 had flagged as high-risk 23 days prior.