An AI threat report branded a startup a Chinese spy front and got its domains blocked worldwide
The video-conferencing startup MeetingTV sued Palo Alto Networks and its recently acquired Koi Security in July 2026, alleging a Koi blog post used an LLM to generate a threat report that hallucinated findings and published them as fact. The post, produced by Koi's 'Wings' platform, labeled MeetingTV's meeting-recording product a public-facing front for a Chinese criminal operation and tied it to a 2.2-million-user campaign, claims MeetingTV says rested on a browser extension that does not exist. Security firms blocked the startup's domains as malware.
Records by entity: Palo Alto Networks
If people on the internet are blocked from reaching your company, that is a death sentence, and now the LLMs all say we work with Chinese cyber criminals.
Key facts
- What
- The video-conferencing startup MeetingTV sued Palo Alto Networks and its recently acquired Koi Security in July 2026, alleging a Koi blog post used an LLM to generate a threat report that hallucinated findings and published them as fact.
- Incident date
- Jul 8, 2026
- Who
- Palo Alto Networks (Koi Security)
- Failure mode
- Hallucination
- AI surface
- Agentic Workflow
- Severity
- High
What happened
MeetingTV sued Palo Alto Networks, along with Koi Security (which Palo Alto acquired in April) and its researchers, alleging that a December 30 Koi blog post used an LLM to generate a threat report that hallucinated its findings and published them as fact. The post, produced by Koi's proprietary "Wings" analytical platform, labeled MeetingTV's meeting-recording product a public-facing front for a Chinese criminal operation it called DarkSpectre and tied it to a 2.2-million-user campaign stealing corporate meeting intelligence. MeetingTV says the claims rested on a browser extension that does not exist. As security firms worldwide blocked the startup's domains as malware, founder Michael Robertson said he learned of the report only from the blocks. Palo Alto said the research reflected Koi's commitment to exposing threats and expected the dispute to be resolved through the legal process; Koi quietly edited the post to remove references to the product.
What broke inside the model
- 01 · TriggerA user asks for a fact, a citation, or a figure.
- 02 · Model stepThe model writes a fluent, confident answer.
- 03 · Control gapNothing ties the claim back to a real source.
- 04 · FailureA fabricated fact ships as if it were verified.
- 05 · ConsequenceThe false claim reaches a customer, a court, or the public.
Confidence holds, and even spikes, as the claim detaches from any source.
An LLM-driven analysis platform fabricated a threat attribution, inventing a criminal campaign, a scale figure, and a browser extension that did not exist, then presented the synthesis as a factual security finding. Published by a security vendor, the hallucinated report carried enough authority that other firms acted on it and blocked the startup's domains, turning a fabricated claim into real-world denial of service and reputational harm that propagated into other AI systems' answers.
What it cost
Sources
Cite this entry
https://failureindex.ai/failures/meetingtv-koi-security-ai-hallucinated-threat-reportAI Failure Index. "An AI threat report branded a startup a Chinese spy front and got its domains blocked worldwide" (FI-0717). Realm Labs. https://failureindex.ai/failures/meetingtv-koi-security-ai-hallucinated-threat-report (indexed Jul 10, 2026).Data fields CC-BY 4.0, prose citation permitted. Incident ID FI-0717. Full dataset at /data.
Note from Realm Labs, the Index steward
How Realm would have caught this
- Prism
- OmniGuard
- AI Detection & Response (AIDR)
Realm flags a generated claim that its own cited evidence does not support, catching an attribution built on a nonexistent artifact before it is published as fact. For an automated threat-intelligence pipeline, that grounding check is what separates a real finding from a confident fabrication with downstream consequences.