Palo Alto-Owned KOI Security Accused Of Publishing AI Hallucinated Findings

A US startup says KOI Security report got its domains flagged as malicious across the security industry in a lawsuit.

Published on Jul 6, 2026
Akshaya Asokan Written by Akshaya Asokan
Palo Alto-Owned KOI Security Accused Of Publishing AI Hallucinated Findings

A US startup has alleged that Koi Security wrongly linked its infrastructure to a Chinese hacking operation, blaming AI “hallucinations” for the mistake. In a lawsuit, the company alleged this left its domains blocked by other security providers.

MeetingTV, a video meeting app that enables a webinar search engine, has sued Koi Security for punitive damages over a Dec. 2025 report that attributed the webinar app’s domains as linked to a Chinese espionage hacking campaign. Palo Alto acquired Koi Security in April 2026 for $400 million.

The lawsuit alleges the Koi assertion of MeetingTV’s links to the Chinese group was based on a non-existent software program called “Twitter X Video Downloader,” that allegedly the Koi AI system hallucinated. MeetingTV alleges this led to its domains being classified as malicious, and subsequently blocked by major cybersecurity vendors such as Verizon, Avast, and Cloudflare.

That claim is contested. Koi does use AI to analyze software and browser extensions, but as Axios reported, none of MeetingTV’s filings provide direct evidence that an AI system produced the disputed findings. MeetingTV infers it from discrepancies in the report.

“This case exposes the grave dangers of publishing unverified and unsupervised AI outputs in the high-stakes arena of cybersecurity threat intelligence,” the lawsuit reads. “When automated analytical tools generate false correlations,  and those outputs are rushed into the marketplace, legitimate businesses can be devastated overnight and the integrity of global digital infrastructure undermined.”

MeetingTV did not immediately respond to a request for comment. But its co-founder Michael Robertson told Inc that some of its domains are still blocked. “They never contacted us. We had no idea why all of sudden our sites were inaccessible to the world,” Robertson said.

The lawsuit names Koi Security’s US and Israeli entities, along with CEO Amit Assaraf, CTO Idan Dardikman, and researchers Tuval Admoni and Gal Hachamov; Palo Alto Networks was later added as a defendant. 

Koi has moved to dismiss the suit, arguing cybersecurity research is protected speech and that its report never named MeetingTV as the threat actor. It also argues other factors may explain the blocks, including prior complaints about the platform and separate Proofpoint research that also flagged MeetingTV. A Palo Alto spokesperson said Koi’s research “reflects its commitment to identifying and exposing threats,” and that it expects the dispute to be resolved “through the appropriate legal process.”

MeetingTV is seeking compensatory and punitive damages. Koi Security did not immediately respond to a request for comment. A Palo Alto Networks spokesperson told The Register that it is aware of the lawsuit brought by MeetingTV.

This field is for validation purposes and should be left unchanged.

FREE NEWSLETTER

Cyber Weekly

Get curated cybersecurity news, threats and insights delivered free every Thursday.

Written By Written By
Akshaya Asokan
Akshaya Asokan Freelance Journalist

Akshaya Asokan is a U.K.-based cybersecurity and technology journalist with experience covering nation‑state hacking operations, cyber and tech policy, and emerging cybercrime trends. She previously served as the senior European cybersecurity correspondent for Information Security Media Group’s Global News Desk. Before that, she reported on IT developments for IDG Media and covered artificial intelligence and machine learning for Analytics India Magazine. Earlier in her career, she wrote on sexual and religious minority rights as a reporter for The New Indian Express.