Society & Ethics

Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware

· July 1, 2026
Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware

What happened

A new phishing tactic called phantom squatting exploits AI-generated but non-existent domain names. Large language models often create fake web addresses when asked to suggest links. Malicious actors register these AI-hallucinated domains before others can, hosting phishing or malware sites on them. Palo Alto Networks’ Unit 42 research confirms this practice is already active in real-world attacks.

The risk

Phantom squatting exploits trust in AI tools by turning their fabricated URLs into attack vectors. Victims guided by AI to these false domains end up at phishing sites designed to steal credentials or deliver malware. This tactic accelerates phishing because attackers do not need to guess or mimic existing domains—they simply buy the AI’s invented ones. It raises phishing costs for defenders, who must now monitor and block domains never seen before.

Why it matters

This shifts the threat landscape by fueling attackers who use AI as a reconnaissance tool rather than just a generative assistant. Businesses and security teams face widened attack surfaces as AI outputs unintentionally reveal brand or service names in new domain registrations. It pressures defenders to invest in automated domain monitoring and refresh phishing detection strategies to include AI-hallucinated names. AI users must also treat suggested URLs with skepticism.

Who should pay attention

Cybersecurity teams, domain registrars, and organizations reliant on brand recognition in web addresses need to stay alert. Companies should track suspicious new domain registrations tied to their brand and consider preemptive domain acquisitions based on AI-generated options. Security tool developers will have to adapt phishing filters and threat intelligence feeds to cover these novel, AI-derived domains.

What to watch next

Watch for evolving attacker playbooks that use AI not only to generate fake domains but to personalize phishing campaigns using AI-generated content on these domains. Monitoring will reveal if phantom squatting becomes widespread across sectors beyond early cases. Domain registrars and law enforcement responses will shape how quickly this threat can be contained or forced into narrower niches.

AI Quick Briefs Editorial Desk

Stay ahead of AI Get the most important AI news delivered to your inbox — free.