Startup sues Palo Alto Networks' Koi Security, saying an AI-hallucinated report falsely linked it to Chinese espionage
MeetingTV, a US webinar and video conferencing startup, has sued Palo Alto Networks and its newly acquired threat-intelligence firm Koi Security, alleging an AI-hallucinated report
By The Register
MeetingTV, a US webinar and video conferencing startup, has sued Palo Alto Networks and its newly acquired threat-intelligence firm Koi Security, alleging an AI-hallucinated report falsely linked the company to a Chinese espionage operation. The legal complaint, filed on March 18, targets Koi Security, its researchers, and Palo Alto Networks over a blog post published on December 30, 2025, titled "DarkSpectre".
The lawsuit claims Koi used an unsupervised large language model (LLM) via its proprietary "Wings" analytical platform to generate the report, which erroneously identified MeetingTV's core domain, Meetingtv[.]us, as infrastructure for a Chinese criminal organization known as "DarkSpectre". MeetingTV alleges the report falsely accused the startup of operating core infrastructure for a well-funded Chinese criminal group running a large-scale malware and corporate espionage campaign.
The company specifically disputes a fabricated technical "pivot" in the report, which repeatedly misidentified a piece of software as the "Twitter X Video Downloader" extension and linked it to MeetingTV's "Zoomcorder" product. Michael Robertson, the entrepreneur who founded MeetingTV, stated he believes Koi relied on AI outputs that hallucinated findings about his company's product and published them as facts.
The false attribution caused lasting damage to MeetingTV's business, as enterprise security vendors blocked or warned against its service based on the report. Koi Security later reversed its position in a February 12 update, stating it had revalidated the domain and found "no evidence that this domain is connected" to the alleged cybercriminal actor.
The lawsuit accuses Koi of reckless publication of an AI-driven cybersecurity report that falsely accused the plaintiff of criminal conduct. Koi Security has until June 30 to respond to MeetingTV's amended complaint, and the legal question regarding responsibility for AI-generated threat intelligence remains unresolved.
No police, council officials, parents, residents, or customers were mentioned in the source reports regarding this dispute.