Profile
AI chatbots like ChatGPT are bec...
AI-Generated URLs Are Putting Users at Risk
July 4, 2025 -
2 minutes, 56 seconds
AI-Generated URLs Are Putting Users at Risk
AI chatbots like ChatGPT are becoming everyday tools for millions—but recent research reveals a major risk: AI-generated URLs are often wrong, and in some cases, dangerously misleading. A new study by cybersecurity firm Netcraft found that around one in three URLs provided by large language models (LLMs) like GPT-4.1 are inaccurate. This means users could unknowingly land on phishing sites or inactive domains just by asking for something as simple as a login link. The risk is especially high for lesser-known brands, which are underrepresented in AI training data.
Why AI-Generated URLs Pose a Cybersecurity Risk
According to Netcraft, 34% of URLs shared by AI tools were not owned by the brands they referenced. Even more concerning, 5% linked to real but unrelated sites, and 29% were completely unregistered—potential goldmines for cybercriminals. In one real case, Perplexity AI suggested a fake Wells Fargo login page, which could have easily tricked users. Attackers are now gaming the system by registering these unclaimed URLs, or worse, building phishing sites specifically optimized to appear trustworthy to AI tools rather than search engines like Google.
Developers and AI Tools May Be Accidentally Spreading Malware
The danger isn’t limited to end-users. Developers are also at risk of embedding fake links in their code by trusting AI-generated content. Netcraft’s report highlights incidents where developers unknowingly copied malicious URLs into public repositories, often via AI coding assistants like Cursor. This creates an unintended vector for malware to spread through trusted platforms, undermining open-source projects and professional workflows alike.
How to Protect Yourself from Fake AI-Generated URLs
To stay safe, cybersecurity experts urge users to treat AI-generated URLs with skepticism. Always verify website addresses manually—especially for logins and financial services. Type the brand name into your browser or use official apps instead of relying on chatbot responses. Businesses can also take proactive steps by registering potential misspellings or unclaimed domains related to their brand. As AI tools become more integrated into daily life, awareness and cautious behavior are the best defenses against phishing scams and digital deception.
Related Posts
Photos
Contact Information
Suggested Writers
-
2.4K articles
-
1.3K articles
-
34 articles
-
28 articles








Comment