I spy with my little ‘.ai’: Navigating the tricky waters of domain name deception

07 December 2023

In the fast-evolving world of new artificial intelligence (AI) startups such as Stability.ai, Elon Musk’s X.ai and OpenAI, a new challenge has emerged for businesses: the increasing use of the ‘.ai’ domain name. This trend, while indicative of the AI boom, has unfortunately led to a rise in AI-themed scams. Cybercriminals are exploiting the ‘.ai’ domain name and its increasing popularity with AI developers to create cybersquatting and typosquatting scams. The situation underscores the urgent need for businesses to proactively safeguard their online presence, brand identity and domain names.

Understanding the ‘.ai’ domain name: more than just AI

The ‘.ai’ domain name is not just synonymous with AI; it is the country code top-level domain (ccTLD) for Anguilla, a British Overseas Territory. Since 2013, there has been a 12,523% increase in the use of ‘.ai’ domain names by AI developers. Despite this surge in popularity, many global companies have yet to secure trade mark protection for their ‘.ai’ domain names, leaving them vulnerable to infringement.

The mechanics of ‘.ai’ domain name misuse

Cybercriminals are increasingly exploiting ‘.ai’ domain names to mimic legitimate businesses, leveraging new consumer trust in AI services. This involves cybersquatting, where bad actors register domain names resembling well-known trade marks or brands without authorisation. For instance, they might register a domain name similar to a renowned company, aiming either to sell it at a high price or to mislead the public. Complicating matters further is typosquatting, also known as URL hijacking, which involves registering domain names with minor misspellings of prominent businesses or brands. This preys on user typing errors, directing them to fraudulent sites potentially rife with phishing schemes, online investment scams, malware, or unauthorised data collection.

Cost dynamics: ‘.ai’ vs. ‘.com’

In this context, it’s also important to consider the cost dynamics between ‘.ai’ and ‘.com’ domain names. Registering an ‘.ai’ domain name is more expensive than other ccTLDs, but it remains more affordable than securing a ‘.com’ domain name. This pricing disparity makes ‘.ai’ domain names particularly attractive to cybercriminals. It’s a strategy reminiscent of past misuses of similar sounding ccTLDs, such as Cameroon’s ‘.cm’ and Colombia’s ‘.co’, which have been exploited to imitate ‘.com’ domain names. This cost-effectiveness of ‘.ai’ domain names, coupled with their rising popularity, underscores the urgency for businesses to strengthen their domain name management strategies.

The Anguilla ccTLD registry in response to increasing cybersquatting has updated its penalty framework for managing ‘.ai’ domain names to combat misuse. This includes levying substantial fines on registrars who permit malicious registrations. However, the sharp increase in domain name registrations poses a challenge. There’s a growing concern that the Anguilla registry might struggle to effectively monitor the surge in applications, potentially impacting the registry’s capacity to effectively curb ‘.ai’ domain name misuse.

In response to these challenges, businesses must adopt a proactive approach to domain name security and infringement. Key strategies may include:

  1. Domain name management and security:
    • Assess the security protocols of your domain registrar.
    • Implement domain registry locks and Domain Name System Security Extensions (DNSSEC) to enhance security.
    • Manage domain name system records diligently to prevent subdomain hijacking.
    • Proactively register ‘.ai’ domain names that are closely related to your business or brand to pre-empt misuse.
  1. Enforcement and takedowns:
    • Initiate cease and desist actions against entities infringing on your domain name rights.
    • Seek registrar-level domain suspensions and employ fraud alert mechanisms.
    • Anguilla is subject to the Uniform Domain Name Dispute Resolution Policy (UDRP) procedures for resolving disputes and acquiring contested domain names.
    • Leverage the UDRP to register a complaint for an infringing ‘.ai’ domain name.

For a further discussion of enforcement and take down options please see our article on the topic here.

As the ‘.ai’ domain landscape expands in tandem with AI advancements, it becomes imperative for businesses to adopt enhanced digital defence strategies. Businesses must take decisive action to secure and vigilantly monitor their ‘.ai’ domain names, effectively reducing the risk of cyber scams and reinforcing their brand’s integrity. Prioritising trade mark registration and devising a robust strategy to combat cybersquatting are essential steps in this journey. Ultimately, these proactive measures not only protect your business’s online identity and domain name, but also play a pivotal role in preventing consumer harm, ensuring a trusted and secure digital presence in the rapidly evolving AI landscape.

This article was written by Luke Dale, Partner and Christopher Power, Law Clerk.

Subscribe to HWL Ebsworth Publications and Events

HWL Ebsworth regularly publishes articles and newsletters to keep our clients up to date on the latest legal developments and what this means for your business.

To receive these updates via email, please complete the subscription form and indicate which areas of law you would like to receive information on.

Contact us