DNSFilter’s Annual Security Report Highlights 30% Increase in Threats

Users are encountering as many as 66 threats daily—and new domains are a top culprit

WASHINGTON, D.C. – Feb. 3, 2026 – DNSFilter announced today the release of its 2026 Annual Security Report, which reveals the massive surge in new malicious domains, child sex abuse material (CSAM) and other threats. Threat volume is rising, and that is becoming a daily, user-level problem. The report is available for download here.

DNSFilter processes over 200 billion DNS queries daily and blocks about 7% of all traffic. That includes hundreds of millions of threats each day. Every request that’s blocked means phishing attempts fail, and malware isn’t executed.

Key findings from the report include:

• Average users are encountering 30% more threats: In 2025, the average internet user was likely to encounter 66 threats per day, up from 29 in 2024.
• AI traffic is growing exponentially: The DNSFilter network processed over 6 billion AI-related queries between October 2024 and September 2025. GenAI traffic has consistently risen month-over-month, leading to the biggest spike thus far – a 102.13% increase – in September 2025.
• Attackers are switching tactics, swapping “general” GenAI terms for malicious site names for very specific ones. Malicious or impersonation of GenAI sites decreased 92% from April 2024 to April 2025. Instead, malicious domains that used the keyword “openai” saw an uptick.
• Bad actors still rely heavily on new domains: New domains make up over 65% of unique threat domains, outpacing other categories by a wide margin. This indicates adversaries are optimizing for rapid deployment, short lifetimes, and constant rotation to evade controls and takedowns.
• CSAM content is increasing as more organizations try to block it. In 2025, DNSFilter blocked 44% more CSAM content than the previous year. AI is largely driving this increase; DNSFilter partner The Internet Watch Foundation detected 26,362% more AI videos of CSAM in 2025 compared to 2024.

Ken Carnesi, CEO and co-founder, DNSFilter, said: “Our research continues to show that DNS filtering is one of the most effective ways to stop attacks before they ever reach users. Every blocked request isn’t just a data point; it’s a real attack prevented in real time. This report puts hard numbers behind the scale of that threat and the real-world harm organizations face every day.”

About the company:

DNSFilter is a cybersecurity company that protects every click, leveraging AI-driven content filtering and threat protection to block threats 10 days earlier than competitors. DNSFilter’s solution secures workers anywhere they are, helping to boost productivity, minimize compliance risk, and protect corporate brands on public Wi-Fi networks. Unlike traditional filtering solutions, DNSFilter deploys in minutes instead of days and is trusted by more than 43,000 organizations worldwide. Learn more about how DNSFilter is the first and last line of defense for corporate and hybrid networks at dnsfilter.com.