AI-Powered Fraud: The New Digital Battlefield

Disclaimer: Please be advised that this recorded webinar has been edited from its original format, which may have included a product demo and other engagement features. To set up a live demo, please complete the form above on our website. If you currently are not on our website and are watching this on our YouTube channel, there's a link to the website in the description of this video. Thank you.

Christy: Hello, everyone, and welcome to today's webinar, "AI-Powered Fraud: The New Digital Battlefield." My name is Christy DeMaio Ziegler, and I will be your moderator.

Joining us today is Ihab Shraim. Ihab is the Chief Technology Officer at CSC's Digital Brand Services, where he leads the technology, vision, and innovation across cybersecurity, domain security, fraud protection, and brand protection. He has a strong track record of driving product growth through cutting-edge technology and go-to-market strategy and is the primary inventor on 10 U.S. patents. And with that, let's welcome Ihab.

Ihab: Hello, everyone. Thank you for taking time to join this important webinar. I will describe to you just a quick summary what I will be going through today. First, I'm going to discuss AI threats and their financial impact on the industry. And then I'll go through a typical domain name attack, threat vectors used by bad actors. Then I'll proceed with discussing what are these favored threat vectors or types utilized by bad actors and why.

Then I'll go over three exact problems related to domain names. As you know, everything starts with a domain name, and the old methodology of IP-based URLs is no longer used due to the fact that you can register domain names or lookalike domain names that mimic the brand owner. Then we'll discuss AI frameworks that are favored by bad actors. Unfortunately, we only have 45 minutes, but this might take a webinar on its own. But I'll touch base on what's out there and what is favored by bad actors.

Then I would like to go over a discussion about what I classify as a missing pillar in the cybersecurity posture. I think this has been overlooked. We're seeing it across the industry, and the reason behind that everybody thinks that it's inclusive in some of the products that they have purchased. Yes, it will include a subset, but not the entire umbrella by which that missing link or missing pillar is being addressed. And then, last but not least, I will address how we, in CSC, defend against AI-enabled attacks, what products do we have, and how we mitigate some of these top threat vectors across our customer base.

All right. So let me begin with what are the threats that are impacting the financial industry, as well as what is impacting from a financial perspective, as you can see in the market. Ninety percent of the financial crime professionals have reported an increase of AI-driven attacks in the past two years. What that equates to is almost $600 billion dollar in losses. Now, of course, remember we're talking about financial crime here. AI-driven attacks are a subset of how they deploy or how bad actors deploy their gear to attain the ROI on what the campaign states. So whether it's a phishing campaign, or whether it's a malware campaign, a DDoS campaign, there is always an ROI now being achieved by bad actors.

What we have seen through our research is that AI-enabled fraud surged 1,200%. Well, that's alarming because it will jump to $40 billion in 2027, and this is about 3 times of what has been reported in 2025, which is $12 billion in losses.

Now probably most of you know that AI enables email fraud, which will be well-crafted, doesn't have any grammatical errors. We all know that. So what's new here? It could reach almost, by 2027, about $11.5 billion in losses, and this is only the subset of just the email fraud. In 2022, it was about roughly $3 billion. So having that jump means it could go in an accelerated motion as AI develops. As you know, every week AI moves light years. In the old days, technology moved within years. Now we are dealing with weeks, which means you have to stay on top of your game in order for you to solve the problem and be able to be ahead of it.

The ROI on AI-enhanced fraud, it's about 4.5 times more profitable than traditional methods, which means that the old method they had to do recon, which I will describe shortly, and they had to build the campaign, select their target, study their target, and then attack the target, which is the brand owner online. But we also found that 97% of the organizations lacked security controls. These are AI-centric security controls. In fact, we see that most people have already went and acquired an account. It's beyond ChatGPT. We're talking about DeepSeek, Alibaba, which are Chinese LLMs, machine learning models, by which users are trying to get some more information or build their own LLM. The losses are, for each organization, between $5 million to $25 million. By the way, the source of that data is already on the bottom of this screen.

So let's talk a little bit about what are the typical domain name attack vectors in the AI era. And this is, again, a list that contains the top threat vectors.

These are phishing attacks. And I emphasize campaigns because each campaign is enclosed with a target, a return on the investment, how they monetize the attack pattern, and how they can create a high ROI on that phishing campaign. Now some campaigns are blended with malware or independently with malware. And I'm going to go through how bad actors, in general, execute on their methodology to enter the enterprise, meaning hack into it, and then how they execute to exfiltrate the data, which takes us to the next topic, which is ransomware.

Ransomware, as you know, since 2018 had become one of the top threat vectors. However, ransomware is declining now, and malware is taking more presence because most vendors have come up with some good methodologies to defend against the known families of deploying ransomware. Having said that, at the end of the day, the data doesn't have to be encrypted. It's exfiltrated if they were to breach an enterprise. Therefore, malware is the key here.

Impersonation is one of the top, in my opinion, threat vectors because, remember, impersonation is not just impersonating a person or a brand. Impersonation is the C-level, at a minimum, by which bad actors may attack that C-level. And if they have done proper recon on the company, they really can get some valuable information. And I'll show you how they do that with open-source intelligence tools and others.

E-commerce counterfeit, this is a real threat vector, and it targets e-commerce sites. And it also targets brand owners who have a product that needs to be protected from counterfeit. So brand abuse is a multitude of top threat vectors. It's counterfeit, it's unauthorized reseller, or it could be a benign one by which somebody is selling unauthorized products which are legitimate. So there are three parts here that are inclusive in the brand abuse and e-commerce counterfeit.

DDoS, everyone thinks that DDoS is gone. Well, DDoS is with us to stay forever. It's similar to in the old days, in the early 2000s, we had a lot of vendors said, "The spam is gone." Well, guess what? It hasn't gone. Ninety percent of your inbox is spam. That doesn't mean it's bad. It means the tactics are embedded in the protocol of IPv4. If the protocol on the internet allows bad actors to inject a form of manipulation of the protocol, it will create the problem forward because the tactics keep changing.

That will get us on DNS poison and DNS hijacking, which I will describe shortly to why these two threat vectors are important. Remember, at the end of the day, as you all know, everything has a domain name and an IP address. So DNS poison and DNS hijacking, which are the primary ones, there is also subdomain name dangling DNS associated with that, which are critical for companies and enterprises to watch for.

Last, but not least, deepfake. Deepfake, as you know, voice cloning, other methodologies by which they make believe that an executive has authorized some financial approval or some other approval within the organization. But remember, deepfake is going to become better and better. Now we can detect it. But it's going to be almost undetectable. So what do enterprises do about that? Now, of course, you have to train your masses, meaning your employees. You have to train also your customers. So deepfake is going to be one of the top threat vectors in the next few years.

So I'd like to go over now what are the threat vector types that are favored by bad actors, and I'm zooming on a few. I wish I had more time to zoom on more.

The most important one, the top threat vector that is the easiest to deploy today is phishing and social engineering. Spear-phishing, meaning targeted phishing, targeted meaning they study their victim closely. They look at their job postings. They look at what is the chatter for employees. They watch the primary website of the corporation. They gather a lot of intel. And guess what? It's all done by AI now. You don't have to work hard. You can do it in 10 minutes, and boom, now you have all the data that you need to develop a campaign. And the campaign is end to end, which means the mitigation piece, they have countermeasures against it. I'll go over that again as I describe my slides to you.

Domain generation. We've all talked about domain generation for more than 20 years. Domain generation algorithm. Okay, well, that's the old method. Now it's generative adversarial networks. This is a bigger umbrella than just domain generation algorithm. And the way the bots are formed by bad actors is extremely intelligent. In the old days, they would have one command and control controlling the bot, sometimes two. However, now it's a distribution of command-and-control servers across many geolocations. So look at how specific they are. They may come from one geolocation with a command and control that is being masked from the masses through proxy servers that are dynamically utilized. Therefore, the mitigation piece by, for example, vendors will be less effective, and that poses a challenge in the market.

AI recon. Well, recon now is done by LLMs and open-source intelligence. There are gazillions of tools out there. You don't have to be, with all due respect, a genius to build that. It's already pre-built. You can buy them from the underground world, in the dark web, and it's extremely cheap. It's what you want. The whole concept is to scan for vulnerabilities on the target, meaning the brand owner. They're very selective. They may ask in the dark web, "I want to attack XYZ Company." And you will have a lot of takers, and they will offer you a cost factor on their platform. And these are very stealth platforms. I've seen botnets that can be rented in the upwards of hundreds of thousands of machines. You can rent them all if you want. There are bots that can be much higher than that. But the more specific the bot, the higher the price.

AI LLM and machine learning, they are centric today in today's attacks. Why is that? Well, AI agents empower that. In the old days, we used to say microservices. The same analogy applies here. Map microservices to AI agents. Remember, technology shifts, but the concepts are always the same. It's the how do you deploy the attack real time, and how do you make sure how you defend against these dynamic botnets?

As I said earlier in my summary, I'd like to go over three scenarios of threats against domain names. Again, everything begins with a domain name. Nothing starts with an IP like the old days. Does that mean this will not be used? Yeah, you can use it. The technology always shifts a little bit, and you will see it maybe in the browser bar. Yeah, in the old days, as you know, they used to have an IP address, and then they overlay it with a box to show a name. But then vendors and the consumers realized that you can move the box. But in the future, it all depends on the browser carriers how they would allow such things to happen. It could be blocked, or it may not be blocked. We shall see. But at the moment the scenarios are revolving around domain names.

One of the three problems I described to you earlier. What are these problems? AI accelerating impersonations. Well, logical because AI accelerates anything that will enable that particular function or service. But according to a Harvard study, the click-through rate has risen from 12% to 54%. That's very important. It means between two, you have one that will click. In other words, if you have 100 emails, 50 of those someone will click on, which means it might be a phishing attack, it might be a malware attack, it might be a ransomware attack. It might be a lot of types of attacks, or it might be a way that the individual who clicked will be hacked into, meaning they hack the user's machine, and then from there they pivot into the enterprise network.

So it's no longer launching single fake websites. This is the old method. It's no longer being pursued. And if a bad actor is pursuing it, that means the bad actor is not on top of their game with respect to what's happening in the AI era.

So what are these channels that we are talking about? Well, on lookalike domains and domain cloning, there is a whole ecosystem about registering a new domain name, dropping an old domain name, or re-registering the domain name. So the tools that I refer to, done by vendors, to detect phishing or domain-centric attacks don't look at that. And if they look at it, they cannot do it on a daily basis. And if they know how to do it on a daily basis, they have to go deep. They have to go in gTLDs, global top-level domains, and ccTLDs, country code top-level domains. We do know that most customers don't do that. We do know that most enterprises don't do that.

However, our customer base is protected because when we manage their domain name portfolio, we embed these solutions immediately because without them, you cannot play at a good defensive mode, meaning the security posture or the missing link is truly missing. So we cover that gap immediately.

Other avenues, well, search engines. If you notice, the bad actors, they're doing site engine optimization to their links, and this is a gap also by search engines that is being allowed. Now search engine carriers can block it. But, of course, they get some of the profit out of the pay-per-click ads, and they let it happen. Are they doing it intentionally? Well, that's a debate. We can discuss that separately. But it's allowed. So if you are searching for something specific, they will highlight that so that you can click, and most people will click on that particular malicious link.

What other avenues? Ad platforms. Ad platforms pop. Even if you have a pop-up blocker, by either the browser or you purchased one, the bad actors know how to manipulate and go undetected against these defense mechanisms by the browser carriers and the search engines.

So how do they do that? They study. Their ROI is a serious topic to them because they don't want to just do a campaign like the good old days. You send 5 million emails, and maybe the click-through rate could be 3% to 5%. That's not a good ROI for them. So they have learned over time that the click-through rate is very important, and therefore, they are using multitudes of channels. Sometimes they use them all. Sometimes they use a portion of them. It's up to the bad actor group to do that. And by the way, bad actors, as you all know, they have full-time jobs being a bad actor, employed by other platform carriers, meaning the bad platform carriers, which I will show you a few shortly, or they work for a state sponsor, and state sponsors are not being discussed here, but it's a very important topic.

Trusted platforms, such as GitHub, Zoom, social media and, by the way, social media, I'm talking about all the big names, Microsoft Teams, they're all unfortunately allowing abuse or compromised malicious links. Yes, they do have a detection mechanism, but they cannot detect everything. And that tells you even the smartest of the smart cannot block everything unless they dedicate their energy toward blocking that. So the idea of trusted platforms is very important because these trusted platforms, you assume that everything is healthy there, when in reality, most of it is healthy and a small subset is not.

Supply chain and third party. Well, this is a peer trust. Imagine an API to API connection with some of the big companies out there. And all you've got to do is go on one of your favorite search engines and say breach is done by so-and-so, and you will see that these platforms are trusted, yet the data has leaked. You ask the question, "How is that? Almost a trillion-dollar company. How could this happen?" The environment is large. We're not talking about just the word "large." It's vast. The entry points are almost infinite. And to secure the perimeter, it takes aggressive, not just defensive, aggressive methodologies to do that.

The next problem I would like to go over is how do bad actors execute their attack strategies? Well, first of all, remember blended attacks is going to be the norm, just like DDoS is the norm, which the analogy I referred to before as spam. You accept it. So spam, we live with it. DDoS, we live with it, and everybody gets DDoS. From a breach perspective, a lot of people or companies say, "Thank God, I haven't been breached. But I don't know." There's doubt. And why is there a doubt? Because they do see what is happening on the internet. They do see all the media and the hype. Big companies are being breached, and their data is being exfiltrated.

So blended attacks, meaning a multitude of types of attacks are going to become the new norm, and I promise you this will happen. Now does it happen today? Yes, a very minute number of types of attacks do happen today. Well, what is a blended attack? A blended attack could be a bad actor will attack say email and DDoS at the same time while they are doing their covert operation to exploit a vulnerability. That's a blended attack because you get the IT folks busy in defense and they're zooming on the problem because there is a DDoS attack. And they're zooming on the email gateway because they want to bring the email because the entire company is working through email to do their daily routines. However, the stealth attack is being neglected. Why is that? No one will be watching the logs. Even if you have a log aggregator and then you operate that into a SIM, the bad actors do know that companies have that. And how do they know what do you have inside your enterprise? It's easy. Look at the job postings and the historical job postings. So this is very crucial for our future to operate online.

So since all these cyber attacks are surgical, well-crafted, and heavily targeted, that means they execute their first step, strong recon. What are they looking for? Vulnerabilities or security holes in the enterprise. Which company doesn't have legacy products or applications? Almost none, unless they are just started yesterday. And if it's a new startup, it's even worse, in my opinion, because they don't have the personnel to do everything. They wear multiple hats in these startups. So you will have a beautiful website telling the masters, "Oh, I have AI. I have all these great things." And then you sit with them, which I sit with a lot of them by the way, "Tell me about your security posture." "I have a firewall." "Yeah, beautiful. What about how do you aggregate your logs?" "Hey, yeah, we put them in one location, and then we have that SIM." "Beautiful. Do you have a full-fledged SIM? Do you have a modern SIM?"

So the questions will become, as I ask these questions deeper, I realize that they don't have true security controls. What they have is a firewall, which is doing probably a good job in general. But inside the organization, the network is not segmented. It's in the cloud. Some of them will use some of the famous cloud providers, like hosting companies. Those hosting companies don't care. All they care about is to get that domain name, sell you the hosting section that they want to sell you, and they want to sell you additional tools, and that's it. They'll walk away. They don't monitor the environment.

And the proof is out there. Just google some of these big hosting companies, and you will see how much they are breached. In fact, a lot of the hosting companies last year, last summer, eight of them, to include cloud providers, have received a letter. Their CEO received a letter that their platform is an enabler for bad actors to launch attacks. And this is a serious letter. And by the way, the letter is online, and if you want to see it, I will be glad to send you the link.

So first they do recon. Then as they enter, they want to upgrade privileges. Now how do you do that? Well, you start sniffing traffic, and as you sniff traffic, you realize the communication and where people are going. And then you realize that the network is not all segmented or partially segmented. And then they start installing their backdoors. They normally don't install one backdoor, multiple. And this is for future attacks. For example, in a ransomware case, you will have ransomware being deployed to encrypted traffic within that organization. And if they don't pay, they come in again, and they steal more data. And while the company thinks, "Oh, I blocked them." Not really. You didn't block them. Anytime there's a breach, know that there are other backdoors. You better go and start looking at every stone inside the organization in order for you to defend against what's happening nowadays.

Then they install malware. In some cases, well, actually in a lot of cases, they install malware. What is the objective of that malware? Well, it's an agent that will report back to the command and control. And they find in IPv4 a ton of ways to launch or carry on their communication protocol over one of the existing protocols. You may ask, "Well, I also have IPv6." Beautiful, but the internet doesn't operate 100% on IPv6. We're still operating on IPv4. Look at the cloud carriers. Look at the DNS infrastructure on the internet. It still operates on IPv4, even though we have depleted all the IP space on the internet.

Then they encrypt the data if it's ransomware. If not, they'll exfiltrate the data, and they will exfiltrate it in a very methodical, systematic way by partitioning the data. Most likely they'll operate it on the weekend when the staff is at its minimum. And the whole idea is to get their hands on the data, and either they sell it in the dark web, or they blackmail the company that their data has been encrypted and no one can get to it.

Now there is another thing that could be of importance here. We will see that that platform that they hacked into becomes a pivot for attack to other enterprises. So the other enterprises think, for example, XYZ Company is attacking them where they are not. It's truly embarrassing from the perspective of having a network that is legitimate attacking another legitimate network, and that's done by bad actors.

Next I'd like to go to problem number two. Problem number two is AI targets neglected domain names and infrastructures. You may say, "Well, yeah, this is logical." Ask yourself the following question. When was the last time the DNS zone file was purged from all domains? In large companies, it's almost none. This is like having your garage loaded with stuff, and you don't get to clean it every weekend. You get to clean it every 10, 15 years. That's the average. And DNS zone files are the same.

Most companies don't go clean their DNS zone files. And if they clean it, it will take forever. It's a real project, specifically if the company has some years behind it in operating online, because there are domain names that have been purchased or active or all the above by which subdomain names were created, but no one is purging those domain names that are not being used. So if a bad actor gets their hands on it, that's a big problem.

And that's what we talked about earlier, DNS hijacking or DNS poison if they got into the enterprise. But if they didn't, can they go after dangling DNS? Look at the press releases on dangling DNS in the past, say, two years. A lot of them get that kind of attack. What are they looking for? They're looking for vulnerabilities within the DNS zone file.

And some of these domain names expired, but the trust is still there. Even though when I say expired, that doesn't mean it got dropped. No, expired meaning they're not being used, but it's still sitting there. And that's what we classify a dormant problem. So the trust is very, very important to keep in mind that that trust needs to be kept in place, but you need to do auditing for the DNS zone files and how the domain name ecosystem within that enterprise is being managed in a secure fashion and well protected.

Next, I'd like to describe something very important, which is related to our topic here, the AI stack. It's becoming a challenge for supply chain risks. Why is that? As you know, an AI stack is comprised of applications, comprised of a model, whether it's large language model or machine learning. But something important about these models, on the application side, you have legacy applications. You have code generated by AI now. What if a bad actor injected a line, one line to do a backdoor? While companies are looking for efficiencies, which I am highly supportive of, you've got to audit the code. You just can't just say, "Well, I got this model, who had given me the ability to code. What I used to do in, say, a month, I can do it within a few hours." Yeah, but you're using somebody else's code, or an already been written code in, say, GitHub. But that code must be audited.

So looking at IAM, IAM now is the new frontier by which how users can authenticate within an enterprise. Beautiful products out there, but it's also hackable products. That infrastructure must be fully protected. And when IAM operates in your environment, you do have the comfort level that the vendor has taken all the measures with their third-party companies that they connect to. In other words, you have to audit them. So you conduct a security audit.

APIs is very dear to my heart. Everything runs on APIs today. And if you don't have the right API, meaning that secured API, you're in trouble. To have a secured API, it requires a team dedicated to APIs. And that team must look at code, how the data is transferring from one database to the other, or from one location to the other within the enterprise.

DNS, we've talked about neglected zone files. Network infrastructures, a lot of these network infrastructures you will see legacy appliances. You'll also see that as much as the IT team is on top of their game, if the environment is vast, they will be playing catch-up. Why is that? It's because the challenge with IT, you need an engineering team to go and keep zooming on the actual problem.

So the network infrastructure is crucial. What is the network infrastructure? We're talking about the network gear. We're talking about the systems, whether it's virtual or physical. We're talking about servers that are used in labs, etc.

Security posture perimeter, what is that? By the way, demarc is not DMARC for DNS or email authentication. I'm talking about the demarc which is the perimeter of the network. In other words, the concept of zero trust applies here. So this is important. Applying zero trust is extremely valid. Apply it. Don't trust anything. Trust only with validation. So zero trust is crucial to enterprises today.

Let's talk a little bit about what is new in the AI frameworks that bad actors like and why do they like it. So as we know, bad actors are using LLMs to execute their attacks, it's a given, with very well-crafted AI agents. The whole idea is automation, and it's fully automated.

But in March 2026, AI malware families, which I'm describing a few here, PROMPTSTEAL, PROMPTFLUX, QUIETVAULT, and FRUITSHELL, were utilized within Google Gemini and Hugging Face APIs to generate code in order to exfiltrate environments or to bypass security controls within that environment. Now this is important because some of these platforms are already there. You don't have to do a lot of work. And I'm describing only a portion of the platforms that we are very familiar with.

You have AutoPhish to generate phishing attacks. ExploitGenerator, it can generate an exploit based on real-time exploits. FraudGPT. FraudGPT stems into multiple disciplines. So you've got to pick what area you want to focus on. WormGPT, PoisonGPT for DNS, EvilGPT, which is a multitude of types of threats. PentesterGPT, you don't have to be a good pen tester now. All you've got to do is just go on that platform. You'll be fine. They'll take it. You can pen test anyone in a stealth mode. LLMJacking, this is, as you have heard, on model hallucinations, model data poison that was injected within the private model within the organization after, of course, it's being hacked. Their target is one of those LLMs to manipulate the data in their favor.

So the problem became so complex nowadays. But you have to think about everything now. And the teams cannot just sit and do daily work as we did in the past.

All right. So let's talk a little bit about what is that missing pillar that I referred to earlier. The missing pillar is important. It's part of the security posture. It's no longer acceptable for any organization not to have a domain secured portfolio. If it's not done right, or if it's within the legal team or within the marketing team and the security team doesn't have access to it, something is wrong.

What we are seeing is the CISO now has exposure if it's being managed by the marketing team or the legal team within the enterprise. And in a lot of cases, they are taking it over. Why is that? Because of the problems that you are seeing.

We have a classification on some domain names we call dormant, meaning somebody acquired a domain name and just parked it, not for pay-per-click, parked it, meaning they're not going to use it. Four months later, it gets weaponized. It can be used in an attack. And by the way, they don't sign up for one. It's enough for a slew of those. So if you want to go mitigate it, meaning do enforcement on it, there's nothing on that particular domain name, nothing. There's no website. There is an IP address, maybe a park site. It doesn't matter. But what you don't see, content that is malicious. And most companies will neglect it. What if you have 100 of those? What if you have 200? What if you have 1,000? Companies have thousands of domain names that they care about, which we call vital domain names, and other domain names that are just defensive, and other domain names that are owned by a third party and those are the dangerous ones, which dormant domain names become weaponized in the future.

Phishing, we've talked about it. Malware payloads, we did talk about it. Dangling DNS, it's a very important problem. And fake digital brand ecosystem is another problem.

How can CSC help you or help against AI-enabled attacks? We have a suite of products. We predicted seven years ago that this problem will become the most prominent problem on the internet. And therefore, we built our data centers, our posture, as in security posture, to attend to our customer base and build these products, and these are cutting-edge AI-enabled products. We manage and secure enterprise global domains. That's for gTLDs, global top-level domains, and ccTLDs, country code top-level domains.

We're the largest B2B registrar out there, but it's not a regular registrar. We're a secure registrar. ISO 27001 and 27002 certified. Our data centers are certified. We get audited by not only our customers, but we have annual audits by a third party to ensure that the environments are sound and secure.

We detect and analyze, it's very important, as well as mitigate the top threat vectors targeting our customers. So you have that domain name portfolio. Think of it like a circle. We start looking at all these threats targeting that portfolio, and it's a slew of products, like 3D Domain Security and Enforcement because we look at the ecosystem of domain names, as in add, drop, modify, and delete. We have monitoring of these dormant domain names. We have a slew of products designed to look on these threat vectors targeting the domain name portfolio. We also monitor the entire ecosystem beyond gTLDs and ccTLDs. In other words, we look at things that could lead to a domain name, like dangling DNS, because we have a full solution.

We are one of the strongest and the top enforcement vendor globally. We shut down thousands of domains. Now some of you will say, "Well, this is whack-a-mole." Let me just be clear here. This is not a whack-a-mole business. This is a serious enforcement that disrupts the botnet itself and takes over, in a legal fashion, the enforcement piece of what we classify as malicious, whether it's a brand infringement, a fraud infringement, phishing attacks, malware payloads, all the gamut. Why is that important? Because we have what's called Domaincasting, by which we have the largest network to block not through just browsers, through carriers, security companies, companies that whole traffic end to end on the internet.

So the enforcement is no longer the good old days are whack-a-mole. And you will hear companies, "Oh, I can do it." Well, there's something called you're responsible for what you do. In other words, can you indemnify the work? Indemnification is a very important topic for legitimate large companies. You can't just go take something down, either illegally or just block it. You have to do the right things and validate. That's why we say analyze.

Last, but not least, APIs. We can share data. We have what we call the DomainSec platform, by which we share data, which is crucial for the CISO as well as all the C-levels to see what is happening in the domain secured ecosystem and these threat vectors that are either brand-centric, domain-centric, fraud-centric as in phishing, malware, and so forth.