PhantomGuard is a real-time trust firewall and security interceptor designed to prevent autonomous AI coding agents (such as Claude Code, Codex, Aider) from executing hallucinated instructions. It actively blocks supply-chain threats including Phantom Squatting (hallucinated domain hijacks) and Slopsquatting (hallucinated package registry takeovers) using a hybrid, two-stage evaluation pipeline. Large Language Models (LLMs) used by AI coding agents are highly prone to hallucinating external resources under low temperature or out-of-distribution prompts. Phantom Squatting: An agent hallucinates a brand-adjacent URL (e.g. docs.github-extra-workflows.org) to fetch setup files. Attackers monitor agent behavior or public logs, register the domain, and deploy malicious payloads. Slopsquatting (Package Hallucination): An agent attempts to install a non-existent package (e.g. pip install requests-url-helper). Threat actors pre-emptively upload malware under common hallucinated package names to PyPI or npm registries. PhantomGuard moves the security boundary from static scanning to real-time dynamic interception: Zero-Trust Runtime Interception: Intercepts outgoing requests at the network proxy level and shell execution level before they execute, halting malicious actions instantly. Intelligent Typosquat Defense: Instead of flat allowed lists that block safe new libraries, PhantomGuard uses embedding similarity models (ROCm) and custom fine-tuned classifiers (Fireworks Gemma 4) to dynamically separate legitimate packages from brand-adjacent squats. Developer-First HITL: Automatically allows safe dependencies while cleanly escalating suspicious threats to a Streamlit control center for manual override, preserving agent velocity.
Category tags: