Palo Alto Networks and Koi Security Sued Over Alleged AI Hallucinations in Threat Report

Palo Alto Networks and its recent acquisition Koi Security are facing a lawsuit over a security report that allegedly used AI hallucinations to falsely accuse a company of Chinese cyber-espionage.

The plaintiff is MeetingTV, a videoconferencing provider. They’re contesting a Koi Security blog post that claimed MeetingTV’s domain and Zoomcorder service were fronts for a China-linked threat actor. MeetingTV says the blog was published during acquisition negotiations to show off Koi’s AI platform, Wings, and inflate its valuation.

The lawsuit alleges Koi published “unverified AI-generated conclusions” without proper human oversight. This despite known risks of AI hallucinations and false positives in cybersecurity work. MeetingTV disputes the existence of a key piece of malware mentioned in the report and says the AI-generated accusations also targeted its Zoomcorder product.

The suit includes an email from MeetingTV’s CEO to Palo Alto Networks’ CEO asking them to remove the false report and delist MeetingTV’s domains — which had been flagged as malicious by multiple security firms after Koi’s post went up.

The original Koi report has since been updated to remove mentions of MeetingTV.

This case raises uncomfortable questions about AI use in threat intelligence. If a security vendor’s AI generates false accusations, who’s liable? And what happens when those accusations get amplified by multiple security tools before anyone checks the facts? The lawsuit could set a precedent for how much human review is expected before publishing AI-generated threat findings.