Nearly 73% of chief information security officers (CISOs) say AI presents more of an opportunity than a risk for cybersecurity. However, these security leaders continue to face challenges in addressing attacks, including AI-powered domain generation algorithms (DGAs), which 86% of respondents cite as a threat, according to CSC’s CISO Outlook 2026 report.
“As cybercriminals continue to leverage AI in new ways to launch targeted and widespread attacks, including those that specifically exploit domains, CISO strategies for domain risk need to evolve to keep pace with the increasing complexity of these threats,” says Ihab Shraim, chief technology officer of CSC’s Digital Brand Services. “In 2026, CISOs and security leaders must prioritize securing fundamental digital building blocks for their enterprises, like DNS, which are now considered critical infrastructure but have often been overlooked. Agentic AI could further accelerate this risk by enabling bad actors to automate reconnaissance, impersonation, and domain-based attacks at scale, making proactive domain security and monitoring more urgent for enterprises.”
Key takeaways:
- Domain/DNS hijacking and subdomain takeover attacks; cybersquatting, including typosquatting and online counterfeits; and ransomware and malware are ranked the Top 3 threats.
- Only 14% of respondents say they are “very confident” in their company’s ability to mitigate domain attacks, with one in 10 respondents believing that major businesses and organizations are “significantly underprotected” against DNS outages.
- 98% of respondents are concerned about the risks of giving third-party AI-based systems, including large language models (LLMs), access to company data.
- 79% say they are “concerned” or “very concerned” that suppliers’ and partners’ AI tool use poses a cybersecurity risk to their organization, yet almost three-quarters (70%) of respondents say their organizations apply risk controls only to key suppliers.
- Looking to the rest of 2026 and beyond, respondents expect social media impersonation and defamation to pose the greatest cybersecurity threat, ahead of domain and DNS hijacking, subdomain takeover attacks, and cybersquatting.
- More than half (57%) of survey respondents confirmed that they use AI-based monitoring and enforcement solutions, and 44% use AI-based solutions for threat detection and fraud prevention. Both of these figures increased from last year, when 50% used AI-based monitoring and enforcement and 36% used AI for threat detection and fraud.
