Researchers have identified a concerning trend where hallucinated URLs generated by AI models have evolved from simply being a flaw to becoming an active attack surface, as attackers register these fabricated domains for malicious use. This phenomenon, described as “phantom squatting,” means that users can be misled by these AI-generated links, which can propagate through various platforms. Currently, approximately 250,000 unowned domains created by AI have been discovered, highlighting the urgent need for independent verification of all AI-generated domains to ensure they can be trusted in workflows.

TheHackersNews: TheHackersNews is a prominent cybersecurity news outlet focused on hacking incidents, vulnerabilities, and emerging digital threats. It reported on the phantom squatting attack vector in which AI models generate plausible domains that attackers then register for malicious use. The coverage emphasizes how these AI-invented domains can propagate through search, chat, and agent systems, turning model errors into real infrastructure risks.

`json
{
“Threat Evolution”: “Hallucinated domains have transformed from an AI limitation to an active threat where attackers register and misuse these fabricated links.”,
“Mitigation Approach”: “Every domain generated by AI models should be independently verified before use or trust in any workflow.”
}
`