Phantom Squatting: New Threat in AI-Driven Software Supply Chains
TL;DR
Research by Unit 42 highlights a new attack vector termed “phantom squatting,” where adversaries register non-existent web domains generated by large language models, leading to significant risks for software supply chains. The study reveals thousands of hallucinated domains that remain unregistered, giving attackers opportunities to exploit these vulnerabilities.
Main Analysis
Unit 42’s research indicates that large language models frequently produce fictitious web domains for legitimate brands, which adversaries can weaponize by registering these domains to intercept AI-generated traffic. This form of attack extends beyond historical vulnerabilities associated with software supply chains and illustrates a new, significant risk. The methodology employed by Unit 42 involved monitoring the registration of high-priority hallucinated domains and revealed that real-world detections occurred across multiple sectors, with a predictive window of 18 to 51 days before adversary registration.
The research explored the “phantom squatting” attack lifecycle, which includes four phases: discovering hallucinations, acting by registering phantom domains, using LLMs for luring victims, and bypassing traditional defenses through zero-reputation status. This lifecycle demonstrates that existing supply chain defenses are unprepared for such threats, as they operate under the assumption that malicious domains have a detectable reputation. Phantom domains exploit this gap by having no prior malicious activity, making them undetectable by conventional threat intelligence methodologies.
Defensive Context
Organizations that utilize AI coding assistants in their development workflows should be particularly vigilant. This includes sectors heavily reliant on automated systems, like technology, finance, and e-commerce. Teams managing independent workflows may not need to prioritize this threat if they do not leverage LLM outputs for critical tasks, but those that do must understand the implications of AI-generated outputs that could lead to inadvertent exposure to these phantom domains.
Why This Matters
Phantom squatting represents a genuine risk due to the rapid evolution of AI in software development processes. Developers could unknowingly integrate AI-generated malicious links into production environments, therefore exposing organizations to credential theft, data loss, or system exploitation. The potential for automatic exfiltration of sensitive information by autonomous agents complicates the threat, as these processes may occur without human oversight, introducing significant risks.
Defender Considerations
Organizations can enhance their defenses by proactively monitoring for hallucinated domains through dedicated detection pipelines like the one developed by Unit 42. Although traditional URL filtering may fail against these newly registered phantom domains, continuous observation of registration patterns can provide actionable insights and lead to preemptive measures before domain weaponization occurs.
Indicators of Compromise (IOCs)
- Confirmed malicious URLs: 13,229 identified
- Estimated unregistered hallucinations: Approximately 250,000 potential phantom domains
In summary, phantom squatting highlights a critical vulnerability in AI-powered software supply chains, necessitating a shift in defensive strategies that account for AI security risks.





