News

100 Million Domains Risk Assessed: How It Works and What We Learned

The Milestone

Our recent post covered OpenAI's 10 billion token milestone award. Among those 10 billion tokens was a line that deserves its own story: 100 million domain names risk assessed.

Since December 2023, the system has assessed 100 million domains, helping organizations stay ahead of cyber threats before they materialize.

Today, we are sharing what the system delivers, what we learned along the way, and where we are heading next.

Why This Matters: The Domain Security Evolution

Every day, more than 300,000 new domains are registered worldwide. Hidden among legitimate businesses, personal projects, and genuine innovations are criminals setting up infrastructure for phishing campaigns, malware distribution, fraud schemes, and brand impersonation.

For years, the industry has fought back with reactive tools: blacklists, threat feeds, and abuse management systems that respond after threats are detected and weaponized. These systems are essential. They work. But they have a fundamental limitation: they are always playing catch-up.

What if you could assess risk before a domain is weaponized? What if you could identify potential threats at registration, not days or weeks later when they appear on blacklists? What if you could combine the speed of AI with the depth of human expertise?

This is the gap IQ Domain Risk Assessment addresses, not to replace reactive security, but to add a proactive layer that catches threats earlier.

The IQ Innovation: Proactive Intelligence at Scale

IQ Domain Risk Assessment monitors zone files from registries, assessing domains as they are registered. Each assessment delivers three things:

1. Binary Classification: Is this domain benign or malicious?

2. Confidence Score: How certain is the AI about this classification?

3. Transparent Reasoning: A 3-4 sentence explanation of why this decision was made

This is not a black box. Every decision is explainable, auditable, and reviewable. And it happens at scale, from one domain to millions, with the same accuracy and speed.

The concept is straightforward: advanced AI models optimized specifically for domain threat analysis. The system recognizes patterns that humans would catch (typosquatting, homoglyphs, suspicious structures) but at a speed and scale no human team could match.

Assessments complete in 2-5 seconds with consistent accuracy that distinguishes legitimate activity from threats without blocking legitimate registrations. Configurable confidence thresholds match your organization's needs. Every assessment includes detailed reasoning that security teams can trust and regulators can audit.

The Journey to 100 Million

December 2023: The first production version was deployed. The goal was simple: add proactive domain intelligence as an early warning system, complementing the reactive abuse management tools the industry already relies on.

The approach addresses what organizations need. When NIS2's October 2024 deadline arrived and the Cooperation Group recommended "predictive algorithms" as best practice for domain verification, our solution was already in production. The technology opportunity came first. Regulatory alignment followed.

2024: The year of proving it works. The system processed millions of domains as models were refined to improve clarity, stability, and real-world reliability. Operating at production scale underscored what matters most: explainability. Regulators and customers need clear, actionable reasoning behind why a domain is flagged.

The technology's broader potential was clear from the start. Beyond DNS abuse detection, the same AI can catch brand impersonation and flag domains likely associated with regulated categories (adult content, gambling, investment services, pharmaceuticals) that warrant further review. One system, multiple applications.

2025: Commercial traction. Paying customers across the hosting and domain name industry have begun integrating the system's outputs into their operational workflows to reduce malicious activity online. Registry operators are adopting automated screening to streamline compliance processes, while hosting providers are using risk-assessment signals as an early-warning layer to curb fraud and abuse.

November 2025: 100 million domains assessed. Two years from launch to this milestone. Powered by 10 billion OpenAI tokens. The system is operational at scale.

Market Validation: Who Is Using This

We cannot name all our customers (confidentiality matters), but here is who is adopting proactive domain intelligence:

Registrars: EU registrars meeting NIS2 Article 28 compliance requirements use our system for pre-registration screening and periodic portfolio reviews. Risk classification triggers identity verification for suspicious domains. Audit trails document compliance for regulatory inspections.

Registry Operators: Registries monitor their zone files to enforce TLD-specific policies, whether gambling restrictions, adult content rules, or local presence requirements. One European ccTLD screens every new registration: domains flagged as potentially malicious are held in pending status for human review before being allowed through. Proactive monitoring catches problems before complaints arrive.

Emerging use cases: We are also seeing strong interest from enterprises monitoring supply chain and vendor domains, and brand protection teams looking to catch typosquatting attempts within hours rather than days. These applications use the same underlying technology: early warning through proactive risk assessment.

The consistent theme? Organizations want to shift from reactive to proactive. They want early warning systems that complement their existing security infrastructure.

Real-World Impact

Here is what happens when you catch threats early:

Prevention at Registration: Threats flagged at registration can be held for review before they are ever activated. Domains that do not pass scrutiny never become abuse tickets.

Regulatory Compliance: EU registrars demonstrate NIS2 compliance with documented risk assessments, classification decisions, and audit trails. When inspectors ask "how do you implement risk-based verification?", they have answers.

Cost Savings: Preventing attacks costs less than responding to them. Every threat caught at registration is one less abuse ticket, one less takedown request, one less incident to investigate. Early detection shifts the economics from response to prevention.

Maintained Accuracy: Across more than 100 million assessments, the system has consistently distinguished between legitimate and harmful activity without creating operational friction for real customers. When legitimate registrations are mistakenly flagged or delayed, it erodes trust, strains partner relationships, and creates downstream business risk.

Beyond DNS Abuse: Expanding Use Cases

The approach was developed knowing the applications would be broad. The same AI analyzing phishing domains can identify:

One customer described it as "context-aware intelligence that understands why a domain might be problematic, not just matching keywords." That context (understanding what makes a domain suspicious in its specific regulatory or security context) is what AI does better than pattern matching.

What Is Next: The Path to 1 Billion

100 million domains is a milestone. It is proof that proactive domain intelligence works at production scale. But it is not the destination.

Next milestone: 1 billion domains assessed. We are expanding capacity, refining models, and exploring new use cases. Every edge case informs our approach. Every customer deployment reveals new applications.

We are also exploring deeper integrations: feeding risk assessments directly into SIEM systems, enriching threat intelligence platforms, automating compliance reporting, and building custom models for industry-specific patterns.

The technology is mature. The market is ready. The regulatory environment increasingly favors it. And the threat landscape demands it.

Get Started with Proactive Domain Intelligence

Whether you are a registrar navigating NIS2 compliance, a registry operator enforcing TLD policies, an enterprise security team defending against phishing, or a brand protection team fighting typosquatting, proactive domain intelligence can transform how you work.

For Registrars and Registries: Schedule a demo to see how we help with NIS2 compliance, pre-registration screening, and TLD policy enforcement.

Want to explore a specific use case? Whether it is fraud prevention, brand protection, or regulatory screening, let us talk about your requirements.

For Developers: Our API documentation is available at IQ Abuse Manager API Documentation. Integration typically takes hours, not weeks.

About IQ Global: We build AI-powered security and intelligence solutions for the domain industry. Our Domain Risk Assessment system has evaluated 100 million domains since December 2023, helping organizations worldwide shift from reactive response to proactive prevention. Learn more at iq.global.

Read more

Why iQ Global Is Supporting Reputable Domains

After 8 years in abuse management, we founded Reputable Domains to prevent legitimate businesses from being incorrectly blacklisted. Here is why we believe in this initiative.

Intelligence as a Service: A New Approach to Business Intelligence Production

How AI agents are changing how organizations produce and consume business intelligence. Discover how Intelligence as a Service uses autonomous AI agents to execute complete intelligence workflows—from data collection through analysis to finished output.

Building at the Frontier: Our 10 Billion Token Milestone with OpenAI

OpenAI recognized our achievement of processing over 10 billion tokens through their API. This milestone represents thousands of hours building production AI systems that serve real customers in the domain industry. Here's what we learned building at the frontier of AI.