AI-generated typosquatting has emerged as a significant threat to supply chains, with attackers embedding deceptive domains within legitimate scripts used by numerous web applications. This shift from targeting individual users to exploiting the supply chain poses a serious challenge to conventional security measures.
Escalating Threat from AI-Driven Domains
Recent incidents highlight the growing sophistication of AI-powered typosquatting attacks. Unlike traditional methods requiring user interaction, these new attacks leverage AI to create thousands of domain variations quickly. This has led to a 156% increase in malicious package uploads, rendering manual vetting ineffective.
Conventional security tools like firewalls and WAFs fall short as they lack visibility into the execution of third-party scripts within browsers. This limitation was starkly demonstrated during the Trust Wallet attack, where $8.5 million was stolen without triggering any alerts.
Notable Supply Chain Attacks
Several high-profile attacks illustrate the exploitation of browser-runtime vulnerabilities. In December 2025, Trust Wallet users suffered significant losses when a trojanized Chrome extension harvested sensitive data. Similarly, a phishing campaign in September 2025 compromised popular npm libraries, affecting billions of downloads.
The Solana Web3.js library was also targeted in December 2024, with attackers inserting malicious code that intercepted private keys. These incidents underscore how attackers have shifted from deceiving users to exploiting trusted relationships within the supply chain.
Addressing the Security Blind Spot
The current security landscape is ill-equipped to deal with these sophisticated threats. Traditional monitoring, such as Content Security Policy (CSP), fails to detect malicious behavior post-execution. The solution lies in runtime behavioral monitoring, observing script actions and deviations from normal behavior.
Key indicators of malicious activity include unexpected data exfiltration and changes in domain resolution. However, addressing these requires advanced detection capabilities, including AI-based behavioral deobfuscation tools like Reflectiz, which analyze script behavior in real-time.
Developing a Proactive Defense Strategy
Organizations must prioritize securing their most vulnerable assets. Initial steps include auditing third-party scripts and deploying runtime monitoring on payment and authentication pages. Establishing baselines for script behavior and implementing subresource integrity checks are essential measures.
While proactive domain registration and strict CSP enforcement are critical, they are insufficient on their own. A comprehensive strategy must encompass runtime monitoring and adapt to evolving threats. For further guidance, organizations can refer to expert resources, such as the CISO Expert Guide, which provides a detailed framework for enhancing security postures.
