Published: · Region: Global · Category: cyber

AI ‘Phantom Squatting’ Puts Hallucinated Domains on the Cyber Front Line

Security researchers warn that attackers are registering website domains invented by AI models, then using them to catch users who click on machine-generated links — a tactic dubbed “phantom squatting.” With roughly 250,000 such unowned, AI-hallucinated domains identified, the gap between artificial intelligence and basic web trust is turning into a new attack surface.

Artificial intelligence was supposed to help users find what they need online faster. Instead, it has quietly created a new kind of booby trap. Cybersecurity researchers have identified a technique they call “phantom squatting,” in which attackers register website domains that AI models hallucinate into existence and then wait for users to click on those non-existent, now-compromised links.

The warning is grounded in a large-scale analysis of domains generated by AI systems as they fabricate plausible-sounding URLs in response to user queries. Researchers say they have identified roughly 250,000 such AI-invented domains that, at the time of study, were unregistered — effectively a vast, unguarded pool of potential attack infrastructure. Once criminals register those addresses, people can be led to them not by human-crafted phishing emails, but by the AI tools they increasingly trust to answer questions and recommend resources.

For ordinary users, the danger is deceptively simple. A person asks an AI assistant for documentation on a specific software library, academic paper, or government form. The model, drawing on patterns rather than live DNS records, invents a URL that looks right but doesn’t exist. A malicious actor who anticipated the pattern and already bought the domain can serve whatever content they choose: malware disguised as downloads, credential-harvesting login pages, or clones of trusted sites seeded with traps.

For organizations, from banks to hospitals to software vendors, the stakes are higher than a single bad click. As staff and customers increasingly rely on AI tools in chat interfaces, search boxes, and help desks, the source of link recommendations becomes more opaque. Traditional phishing defenses — user training to spot odd sender addresses or off-brand language — do less against a URL that appears to have been minted by a neutral machine. That shifts the burden onto AI providers and corporate security teams to monitor and validate what their systems are pointing people toward.

Technically, phantom squatting flips the usual logic of domain abuse. Instead of criminals guessing variations on well-known brands and seeing what sticks, they let AI models do the creative work of generating plausible names, then race to register them before anyone else. The models’ tendency to hallucinate — to confidently invent details that feel right but are false — becomes a feature, not a bug, for adversaries. In effect, AI is now seeding its own supply chain of future malicious infrastructure.

Strategically, this exposes a gap in how AI and cybersecurity have been integrated so far. Much of the policy debate has focused on deepfakes, disinformation, and code generation, while the basic plumbing of the web — domain names, certificates, routing — has been treated as stable. Phantom squatting shows that once AI systems are widely used as navigational tools, the naming layer of the internet itself becomes a contested space. Registries, browsers, and AI platforms may need new safeguards, from real-time DNS validation by models to flagged warning labels on unverified links.

For regulators and standards bodies, the phenomenon raises hard questions about responsibility. If an AI assistant routinely invents URLs and some of them are later weaponized, who has the duty to detect and block those suggestions — the model provider, the domain registrar, the company whose brand is mimicked, or end users? Right now, attackers are exploiting the fact that the answer is unclear and the coordination minimal.

The next signs to watch include whether major AI platforms roll out guardrails to stop or clearly label hallucinated URLs, how quickly domain registries and security firms begin to monitor AI-generated name patterns, and whether early incidents tied to phantom-squatted domains appear in breach reports. As AI moves from answering questions to steering where people click, the invisible choices it makes about web addresses are becoming a new front line in cyber risk.

Sources