A new report from enterprise domain registrar CSC finds that despite the rapid rise of artificial intelligence, many of the Forbes Global 2000 do not control their .AI domain names or have not registered a .AI domain name for their business.

The finding came from CSC’s 2023 Domain Security Report, which highlights that many companies remain unaware of the state of their domain name portfolio despite rising phishing and online fraud. The report also finds that many companies overlook foundational domain security measures such as registry lock, domain-based message authentication, reporting and conformance, DNS security extensions and DNS redundancy.

The rapid rise in AI adoption and integration was the key focus of the report, with CSC arguing that AI further elevates the need for domain security investments. Some 47% of the Forbes Global 2000 do not control their .AI domain names, with the names being registered by third parties. In addition, 49% of .AI domains for the Forbes Global 2000 also remain unregistered, leaving them exposed to fraud and brand infringement.

The report also dives into how cybercriminals are now taking advantage of trusted brands by creating fraudulent .AI domain extensions that misdirect internet users. The issue is emphasized by a 350% year-over-year increase in domain dispute cases involving .AI extensions in 2023 from companies that realized that third parties had misappropriated their brand .AI domains.

Other key findings in the report include that 79% of all lookalike domains are owned by third parties, up 4% from 2022. Malicious actors were found to be continuing to capitalize on lookalike domains (homoglyphs) that resemble the Global 2000 brands to launch phishing attacks, other forms of digital brand abuse, or IP infringement.

Disturbingly, 112 of the largest companies in the world had a domain security score of zero, leaving them with the highest risk of domain security threats.

In a positive finding, the report found that DMARC adoption grew 6% in 2023 and is up 28% since 2020. DMARC is an email authentication protocol that helps protect domain owners from email spoofing by validating emails and protecting a company’s email domain from being used for spoofing and phishing scams. The level of DMARC adoption over the last four years has risen from 39% in 2020 to 67% in 2023.

The number of companies that use registry locks with enterprise-class registrars also increased to 46%, mitigating human error and third-party risk and protecting their domain names against accidental or unauthorized modifications or deletions.

“Over the last year, we’ve seen a surge in cybercriminals exploiting AI’s popularity by attempting to register the domains of trusted brands for malicious activity,” noted Mark Calandra, president of CSC’s Digital Brand Services division. “Companies need to deploy proactive monitoring and domain security measures beyond just foundational efforts.”

Image: CSC