MeetingTV sues Koi Security and Palo Alto after AI-linked report blocks its domains
A lawsuit claims an LLM hallucinated a Chinese espionage link and Koi published it anyway, harming the company globally.

MeetingTV has sued Koi Security and Palo Alto Networks over a December 30 threat-intelligence blog that allegedly used an AI system to falsely connect MeetingTV to Chinese corporate espionage. The dispute matters to every security and AI team because it turns an “analysis report” into real-world domain blocks and reputational damage.
MeetingTV is suing Koi Security and Palo Alto Networks after a Koi blog, published before Palo Alto completed its acquisition in April, allegedly linked the video conferencing startup to a Chinese corporate espionage operation. The Register reports that MeetingTV’s complaint argues the threat report was generated with an LLM, that the AI hallucinated findings about MeetingTV, and that Koi then published those as facts in a December 30 blog. In practical terms, the startup says the report triggered global blocks of its domains and services, with major providers and security teams labeling its infrastructure as malware and command-and-control.
MeetingTV founder and CEO Michael Robertson says the blocks were the only way he learned the report existed in the first place. After the Koi acquisition closed, Robertson emailed Palo Alto CEO Nikesh Arora directly asking for action, asserting that Palo Alto owned Koi but “is continuing to publish and rely on the false report.” Robertson’s central claim is brutally simple: if Koi’s key technical pivot software does not exist, then the analysis cannot reliably connect MeetingTV to a criminal actor, yet it was treated as a basis for blocking.
According to the lawsuit filed against Koi Security, its researchers, and Palo Alto Networks, Koi’s AI-driven process is the point of failure. The complaint alleges Koi used an LLM to generate the threat report, and that the AI system “hallucinated findings” about MeetingTV that were then presented as factual claims. It accuses Koi of “reckless publication of an AI-driven cybersecurity report that falsely accused Plaintiff MeetingTV Inc. of criminal conduct including operating core infrastructure for a well-funded Chinese criminal organization running a large-scale malware and corporate espionage campaign,” according to court documents [PDF]. The suit continues that the alleged false attributions came from Koi’s “unsupervised reliance” on its proprietary “Wings” analytical platform, which it says generated erroneous correlations between MeetingTV’s business and an alleged cybercriminal actor named DarkSpectre.
Koi’s blog, which MeetingTV says has been silently edited, originally labeled MeetingTV’s product Zoomcorder as a “public-facing front” for a Chinese criminal operation. The blog also allegedly claimed Zoomcorder helped “lend credibility to the infrastructure while serving as a monetization channel.” MeetingTV disputes these assertions, and the lawsuit says the blog claimed the operation was behind a 2.2-million-user campaign stealing corporate meeting intelligence. The Register reports that as a result of the report, MeetingTV says security companies and service providers around the globe blocked MeetingTV’s domains and services, labeling it as malware and command-and-control infrastructure.
The story gets more technical, and that is where the lawsuit says the link falls apart. A December blog connection hinged on Zoomcorder and a browser extension identified as “Twitter X Video Downloader.” MeetingTV says that extension does not exist, and that when the company requested information about it, Koi “refused to supply information.” The complaint alleges Koi’s “single-actor theory” rested on a fabricated technical “pivot,” repeatedly identifying the alleged extension as the critical bridge between the Zoom Stealer campaign, defined by MeetingTV’s infrastructure, and ShadyPanda, core DarkSpectre infrastructure.
Robertson’s account emphasizes process and responsiveness as much as the AI mechanics. He says Koi did not reach out to MeetingTV prior to publishing the threat report, and “even after publishing they never contacted us.” Robertson describes trying to reverse the damage by contacting security companies one by one asking them to unlock MeetingTV, and says most never responded. One finally did, he says, explaining that the blocker was the Koi report and sharing a URL. Robertson also claims that providers including Verizon and Palo Alto Networks, which completed its Koi acquisition in April, continued blocking the startup.
This is where second-order consequences move from “courtroom dispute” to “industry operating system.” For a security company, a threat-intelligence blog can become a reference point that downstream tools and vendors rely on. If those tools label domains as malware and command-and-control, the effect is immediate and blunt: companies can lose traffic, integrations can break, and customers can be scared off. For an AI team, it raises a bigger governance question: if analysis is generated by AI and then published as fact, what is the required burden of review, validation, and correction when something is wrong? Robertson frames the issue as a broader warning about AI hallucinations and the need for due process, saying there was no neutral arbiter in his case and that Koi “just declared us criminals and published it to the world.”
For executives across security, infrastructure, and AI, this case is a stress test of trust. Boards and leadership teams are increasingly asking how threat research should be produced, reviewed, and operationalized, especially after acquisition. The MeetingTV suit forces a hard reckoning: when an “analysis” becomes a global blocklist input, accuracy is not academic. It determines whether a company lives, gets blamed, or gets cleared, and how quickly the industry learns to separate signals from AI-driven noise.
This story's Key Insights and Take-aways are locked.
Create a free account to unlock Executive Actions for one credit.
Register to UnlockAlways free for Executives Club members. Join the Club
More in Business

Comcast shares jump 25% as it plans to split NBCUniversal and Sky
The tax-free spin-off could reshape focus, funding, and competition across media and tech for years.

Bungie cuts most Destiny 2 staff as Sony says Marathon still matters
Herman Hulst confirms layoffs affecting most Destiny and some Marathon teams after Bungie admits Destiny fell short.

SK Hynix jumps 11% after seeking up to $29.4B in Nasdaq listing
The chip giant filed for a Nasdaq listing plan that could raise $29.4 billion, instantly reshaping investor expectations.

