Phantom squatting, attackers buying the fake domains AI keeps hallucinating

Started by NeverQuitZach33, Today at 08:00 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Topic: Phantom squatting, attackers buying the fake domains AI keeps hallucinating   Views(Read 45 times)

NeverQuitZach33

Palo Alto Unit 42 has a name for a clever new trick, phantom squatting. Models keep inventing web addresses that do not exist, and attackers now register those made up domains first, then host phishing pages on them to catch traffic that AI tools point at. No phishing email needed, the model does the pointing for you

The scale of the study is what got me. They asked two AI models 685,339 questions about 913 well known brands and the models produced 2.1 million links. Threat intel had already flagged 13,229 of those as outright malicious. That is a lot of misplaced trust getting handed out automatically

The core problem is trust. Developers and AI assistants increasingly treat the links a model returns as real, so whoever grabs a hallucinated domain first inherits all that trust. It weaponizes a known failure mode of language models instead of fighting it. That is a genuinely creative bit of adversarial thinking

This one bugs me because there is no clean fix. You cannot easily stop models from hallucinating domains, and you cannot pre register every possible fake address. The best defense is probably tooling that verifies a domain actually predates the query. Until then, do not blindly trust a URL an assistant hands you