According to research, one in three links generated by language models like GPT-4.1 do not belong to the brand in question. Some of these addresses turn out to be dangerous, opening the way for phishing attacks and the spread of malicious code.
According to research, one in three links generated by language models like GPT-4.1 do not belong to the brand in question. Some of these addresses turn out to be dangerous, opening the way for phishing attacks and the spread of malicious code.
AI chatbots often provide users with incorrect links to company websites, warns a new study by UK cybersecurity firm Netcraft.
According to the report, 34% of the URLs generated by LLM were incorrect. Of these,:
Only two-thirds of the generated links led to the right place.
What’s most alarming is that unsafe responses can be obtained without any complex queries. Even a query like «show [company] login site» sometimes returns a fake or unsafe URL.
Researchers explain that small brands are more vulnerable to such «hallucinations» because there is less information about them in the training data of language models. But the risks apply to everyone.
Attackers have begun actively registering domains that invent chatbots to later use them for attacks, such as phishing or infecting devices with malware. In a real case: the Perplexity AI system has already «tricked» a fake Wells Fargo bank website.
Another red flag: some developers are copying these malicious links into their own code. Netcraft discovered at least five public repositories with malicious URLs that were most likely inserted using AI assistants.
Hackers are now optimizing their sites not only for Google, but also specifically for AI models. This is how over 17,000 phishing pages have appeared on GitBook targeting crypto users. They are disguised as technical support, documentation, or login pages.
Netcraft urges users not to trust any automatically generated links and to enter the URL manually or check the address on the brand’s official website.
We also recently wrote about AI, which will become the Ukrainian answer to ChatGPT. We told how Kyivstar and the Ministry of Digital Affairs will build a national LLM for Ukraine: insights and international AI experience of VEON.
