Startup Sues Palo Alto Networks Over AI-Hallucinated Espionage Claims
Video conferencing startup MeetingTV is suing Palo Alto Networks' Koi Security, alleging an AI-generated threat report falsely linked the company to Chinese espionage, leading to global service disruptions.

MeetingTV has initiated legal action against Palo Alto Networks, specifically targeting its recently acquired Koi Security threat intelligence division. The lawsuit centers on a blog post published by Koi Security, which allegedly used an AI-driven platform to falsely accuse MeetingTV of operating core infrastructure for a Chinese corporate espionage operation. The complaint asserts that Koi's proprietary 'Wings' analytical platform, powered by a large language model (LLM), generated erroneous correlations, leading to the hallucinated findings about MeetingTV and its product, Zoomcorder.
The legal filing claims that Koi Security's "reckless publication of an AI-driven cybersecurity report that falsely accused Plaintiff MeetingTV Inc. of criminal conduct" resulted in MeetingTV's services being blocked globally by security companies and service providers. These entities labeled MeetingTV's domains and services as malware and command-and-control infrastructure, severely impacting the startup's operations and reputation. MeetingTV's founder and CEO, Michael Robertson, stated that the company only discovered the issue when its services began to be blocked, and that Koi Security did not contact them prior to publication.
Koi's original blog post, which has since been edited to remove specific references to MeetingTV's product, had labeled Zoomcorder as a "public-facing front" for a Chinese criminal operation, allegedly linked to a campaign that stole corporate meeting intelligence from 2.2 million users. The lawsuit contends that Koi's AI-generated report relied on a fabricated technical pivot: a non-existent browser extension called 'Twitter X Video Downloader.' This alleged extension was presented as the critical link connecting the Zoom Stealer campaign to the threat actor DarkSpectre and its alleged ties to ShadyPanda.
Palo Alto Networks acknowledged the lawsuit, stating they are "aware of the lawsuit brought by MeetingTV Inc. regarding a threat research report published by Koi Security prior to the acquisition." The company defended Koi's research as reflecting "its commitment to identifying and exposing threats" and expressed confidence that the dispute would be resolved legally. However, they declined to comment on the specific allegations regarding the AI's role and the alleged hallucinations.
Robertson expressed deep concern over the long-term implications of AI-generated misinformation, particularly with LLMs now labeling his company as associated with Chinese cybercriminals. He highlighted the difficulty in rectifying such false information once it's disseminated. The lawsuit underscores the potential for AI systems to generate and propagate harmful inaccuracies without adequate human oversight, especially when used in critical security analysis.
The case raises broader questions about the reliability and accountability of AI in cybersecurity research. Robertson emphasized that AI findings should not be accepted as fact without rigorous human review, especially as AI is increasingly used for decisions impacting individuals' lives. The lack of due process for MeetingTV, which was allegedly declared criminal and publicly branded as such without recourse, serves as a stark warning about the potential pitfalls of unchecked AI deployment in sensitive domains.
MeetingTV is seeking damages and injunctive relief, demanding that Palo Alto Networks retract the false report, remove MeetingTV's domains from their blacklist, and assist in clearing them from other blacklists. The startup argues that the continued reliance on the flawed report by Palo Alto Networks, even after the acquisition of Koi, exacerbates the damage and perpetuates the false accusations.
This incident serves as a critical case study in the emerging risks associated with AI-driven threat intelligence. It highlights the imperative for robust validation processes, human oversight, and clear accountability mechanisms when employing AI tools in cybersecurity to prevent reputational damage and operational disruption for legitimate businesses.