Unit 42 researchers identified 'phantom squatting,' a novel supply chain attack vector where adversaries register web domains that LLMs consistently hallucinate for legitimate brands. By proactively mapping LLM hallucination patterns across 913 brands and 2.1 million generated URLs, researchers identified 13,229 confirmed malicious URLs and ~250,000 unregistered phantom domains. Real-world cases — including the Montana Empire phishing kit built with an AI coding assistant — demonstrate that adversaries independently converge on the same hallucinated domains, with detection lead times of 18–51 days. The threat exploits a structural, unpatchable property of LLM architectures and bypasses reputation-based defenses through zero-reputation newly registered domains.