Artificial intelligence hallucinations—where AI systems generate incorrect facts, fake website links or non-existent software packages—are emerging as a new cybersecurity threat.
Researchers say cybercriminals are increasingly exploiting these AI mistakes through techniques known as AI Squatting, Phantom Squatting, and HalluSquatting, enabling phishing attacks, credential theft and software supply chain compromise.
The attacks target trust in AI-generated responses rather than exploiting traditional software vulnerabilities.
What Is AI Squatting?
AI Squatting is a cyberattack in which criminals monitor incorrect website links or domain names generated by AI models.
Instead of waiting for users to make typing mistakes, attackers register domains that AI systems mistakenly recommend.
When future users receive the same AI-generated response, they may unknowingly visit the fraudulent website.
Unlike traditional typosquatting, the victim never makes a mistake—the AI does.
Phantom Squatting Targets AI-Generated Links
Researchers explained that Phantom Squatting focuses on fake websites suggested by AI chatbots.
Attackers identify non-existent:
- Customer support portals
- Login pages
- Help centre websites
- Tracking portals
- Payment pages
They then register these domains and build convincing phishing websites designed to steal:
- Usernames
- Passwords
- Banking details
- Credit card information
- Personal identity documents
Because users trust AI-generated answers, these fraudulent websites may appear legitimate.
Real-World Example Highlighted
Researchers cited a case involving a national postal service where multiple AI systems repeatedly generated the same non-existent web address.
The domain remained unregistered for several weeks before attackers allegedly acquired it.
The criminals reportedly created a fake website closely resembling the genuine organisation, allowing them to collect sensitive customer information from unsuspecting users searching for parcel tracking services.
HalluSquatting Targets Software Developers
Another emerging threat is HalluSquatting, which affects software development environments.
AI coding assistants sometimes generate:
- Fake software libraries
- Non-existent repositories
- Incorrect package names
- Imaginary installation commands
Cybercriminals monitor these hallucinated package names and register malicious versions before developers realise they do not exist.
Developers who copy AI-generated commands without verification may unknowingly install malware into corporate systems.
Supply Chain Risks Continue to Grow
Security researchers believe HalluSquatting creates serious software supply chain risks.
If malicious packages become integrated into enterprise applications, attackers may gain access to:
- Source code
- Development environments
- Cloud infrastructure
- API credentials
- Customer data
- Internal corporate systems
Because the malicious code enters through trusted development workflows, detection can become significantly more difficult.
Why AI Hallucinations Create New Cyber Risks
Unlike traditional phishing attacks that rely on fake emails or deceptive messages, AI hallucination attacks exploit incorrect information produced by AI systems themselves.
The attack process typically involves:
- AI generates an incorrect link or package name.
- Criminals identify the hallucinated resource.
- They register the fake domain or software package.
- Future AI users receive the same recommendation.
- Victims unknowingly visit or install the malicious resource.
Researchers say this creates an entirely new attack surface for organisations adopting generative AI tools.
Human Verification Remains Essential
Security experts stress that AI-generated responses should never be accepted without independent verification.
Before opening AI-recommended resources, users should verify:
- Official website domains
- Software publishers
- Package repositories
- Source authenticity
- Digital signatures
- Corporate documentation
Blind trust in AI-generated recommendations could significantly increase cybersecurity risks.
Enterprise Security Measures
To reduce exposure, organisations should consider:
- AI usage policies
- Domain reputation verification
- Approved software repositories
- Code review procedures
- Dependency scanning
- Supply chain security tools
- Human approval for AI-generated code
- Continuous monitoring of external dependencies
Security teams should also educate employees about AI-generated misinformation and phishing risks.
Researchers Call for Stronger AI Governance
Cybersecurity experts believe AI-generated information must be treated as unverified until independently confirmed.
As AI becomes increasingly integrated into software development, customer support and enterprise operations, organisations will need stronger governance frameworks to ensure automated recommendations do not become entry points for cyberattacks.
The threat landscape continues to evolve as criminals shift from exploiting human mistakes to exploiting predictable AI behaviour.
Shunyatax Global Insight
Shunyatax Global says that AI should improve productivity—not replace verification. Organisations using AI for coding, customer support or research should adopt a "trust but verify" approach by validating every AI-generated website, software package and critical recommendation before implementation. As AI adoption grows, governance, human oversight and supply chain security will become just as important as traditional cybersecurity controls.