← Glossary Term
Phantom squatting
Registering fake package names that AI models tend to invent.
Phantom squatting is a new attack pattern: AI models sometimes hallucinate the names of software packages that don’t exist, so attackers register exactly those names and fill them with malware. A developer who trusts the AI’s suggestion installs the attacker’s code.
It is a very 2026 kind of threat: the weakness is not in the software, but in the predictable imagination of the models.
Mentioned in