An AI threat report branded a startup a Chinese spy front and got its domains blocked worldwide

The video-conferencing startup MeetingTV sued Palo Alto Networks and its recently acquired Koi Security in July 2026, alleging a Koi blog post used an LLM to generate a threat report that hallucinated findings and published them as fact. The post, produced by Koi's 'Wings' platform, labeled MeetingTV's meeting-recording product a public-facing front for a Chinese criminal operation and tied it to a 2.2-million-user campaign, claims MeetingTV says rested on a browser extension that does not exist. Security firms blocked the startup's domains as malware.

Palo Alto Networks (Koi Security) · Incident Jul 8, 2026 · Indexed Jul 10, 2026 · 1 source

Records by entity: Palo Alto Networks

If people on the internet are blocked from reaching your company, that is a death sentence, and now the LLMs all say we work with Chinese cyber criminals.
What
The video-conferencing startup MeetingTV sued Palo Alto Networks and its recently acquired Koi Security in July 2026, alleging a Koi blog post used an LLM to generate a threat report that hallucinated findings and published them as fact.
Incident date
Jul 8, 2026
Who
Palo Alto Networks (Koi Security)
Failure mode
Hallucination
AI surface
Agentic Workflow
Severity
High

What happened

MeetingTV sued Palo Alto Networks, along with Koi Security (which Palo Alto acquired in April) and its researchers, alleging that a December 30 Koi blog post used an LLM to generate a threat report that hallucinated its findings and published them as fact. The post, produced by Koi's proprietary "Wings" analytical platform, labeled MeetingTV's meeting-recording product a public-facing front for a Chinese criminal operation it called DarkSpectre and tied it to a 2.2-million-user campaign stealing corporate meeting intelligence. MeetingTV says the claims rested on a browser extension that does not exist. As security firms worldwide blocked the startup's domains as malware, founder Michael Robertson said he learned of the report only from the blocks. Palo Alto said the research reflected Koi's commitment to exposing threats and expected the dispute to be resolved through the legal process; Koi quietly edited the post to remove references to the product.

What broke inside the model

Failure path · mode profile · Hallucination
  1. 01 · TriggerA user asks for a fact, a citation, or a figure.
  2. 02 · Model stepThe model writes a fluent, confident answer.
  3. 03 · Control gapNothing ties the claim back to a real source.
  4. 04 · FailureA fabricated fact ships as if it were verified.
  5. 05 · ConsequenceThe false claim reaches a customer, a court, or the public.

Confidence holds, and even spikes, as the claim detaches from any source.

An LLM-driven analysis platform fabricated a threat attribution, inventing a criminal campaign, a scale figure, and a browser extension that did not exist, then presented the synthesis as a factual security finding. Published by a security vendor, the hallucinated report carried enough authority that other firms acted on it and blocked the startup's domains, turning a fabricated claim into real-world denial of service and reputational harm that propagated into other AI systems' answers.

Public visibilityMedium
Regulatory exposureActive
Customer impactFew customers
Financial impactUnknown
Time to disclosureMonths
  1. PressLabs Build the First Jailbreak Severity Score; An AI-Hallucinated Report Brands a Startup a Spy Frontthedayafterai.com
Permalinkhttps://failureindex.ai/failures/meetingtv-koi-security-ai-hallucinated-threat-report
CitationAI Failure Index. "An AI threat report branded a startup a Chinese spy front and got its domains blocked worldwide" (FI-0717). Realm Labs. https://failureindex.ai/failures/meetingtv-koi-security-ai-hallucinated-threat-report (indexed Jul 10, 2026).
Share cardA branded image of this record for posts and slides.

Data fields CC-BY 4.0, prose citation permitted. Incident ID FI-0717. Full dataset at /data.

Note from Realm Labs, the Index steward

How Realm would have caught this

Controls for this failure mode
  • Prism
  • OmniGuard
  • AI Detection & Response (AIDR)

Realm flags a generated claim that its own cited evidence does not support, catching an attribution built on a nonexistent artifact before it is published as fact. For an automated threat-intelligence pipeline, that grounding check is what separates a real finding from a confident fabrication with downstream consequences.