I received an email last week. A senior official from a reputable bank, urgent matter, a transfer requiring my immediate assistance, and the usual assurance that my cooperation would be generously rewarded. The Nigerian Prince attack, repackaged for 2026.

I recognised it immediately. But here is what stopped me for a second longer than it should have: the language was perfect. No spelling errors. No awkward phrasing. No obvious tells. The kind of polished, confident English that used to take a skilled human writer to produce. It did not take a skilled human writer anymore. It took a prompt.

That small moment sitting in my inbox is the leading edge of a much larger problem.

The Grammar Tell Is Gone

For years, one of the most reliable signals of a phishing attempt was poor language. Broken sentences, strange formatting, obvious translation errors. Security trainers built entire awareness programmes around it. Spot the grammar mistake, spot the scam.

Large language models have quietly dismantled that heuristic. AI-generated phishing content is now linguistically indistinguishable from legitimate communication. The same technology producing this sentence can produce a convincing bank alert, a fake government notification, or a fraudulent employment offer, in seconds, at scale, in any language. Mandarin. Bahasa. Tamil. Hindi. The language barrier that once limited phishing campaigns to English-speaking bad actors no longer exists.

DNS abuse has always been the infrastructure layer underneath these attacks. Fake domains give phishing content a destination. A convincing message pointing to a convincing lookalike domain is the complete package. AI has now made the content half of that equation nearly undetectable by conventional means.

What AI Changes About the Threat Surface

The traditional DNS abuse problem was one of volume and speed. Malicious domains were cheap to register, fast to deploy, and slow to take down. The governance response, including ICANN’s 2024 amendments to the Registrar Accreditation Agreement and the launch of Domain Metrica in February 2025, was built for that problem.

AI changes the threat surface in three specific ways that existing frameworks were not designed to handle.

First, personalisation at scale. AI can generate targeted phishing content tailored to the recipient’s language, location, and digital context without meaningful human effort. A fake tax authority notification targeting users in Indonesia and a fake pension portal targeting retirees in the Philippines can now be produced simultaneously, each perfectly localised, each pointing to a purpose-built lookalike domain. What once required local knowledge and linguistic skill now requires neither.

Second, automated domain variation generation. AI tools can systematically generate thousands of plausible typosquatted domain variations, test which ones evade detection systems, and deploy the survivors into active campaigns. The process that once required a human operator making deliberate choices is now a background task running without supervision.

Third, visual and interface cloning. AI design tools can replicate the visual appearance of legitimate banking interfaces, government portals, and corporate websites with minimal technical skill. Across Asia Pacific, where digital government services have expanded rapidly, every new portal is a potential cloning target. The combination of a convincing domain, a cloned interface, and an AI-generated message in the user’s native language is a phishing package that would have required significant resources five years ago. Today it requires an afternoon.

The Population at Risk Is Not Evenly Distributed

The technological sophistication of the threat has increased dramatically. The distribution of risk has not changed.

Across Asia Pacific, the populations most exposed to AI-enhanced DNS abuse share a common profile: first-generation internet users navigating digital-first government services, young people entering a digital job market without the tools to evaluate domain names critically, and communities in lower-income economies where digital literacy programmes have not kept pace with connectivity growth.

In Vietnam, government e-service portals have expanded rapidly. In Bangladesh, mobile financial services have brought millions online for the first time. In the Pacific Islands, connectivity projects are reaching communities that had no internet access a decade ago. Each expansion of digital infrastructure creates a new surface for lookalike domains. Each new population coming online arrives without the instincts that come from years of navigating a hostile digital environment.

The grammar check that might once have saved someone is gone. The visual inconsistency that might have triggered suspicion is gone. For someone encountering a fake portal for the first time, in their own language, with a familiar interface, the only remaining tell is the domain name itself. And reading domain names critically is a skill that no one has taught them.

What the Governance Response Has Not Caught Up With

ICANN’s registrar accountability frameworks were designed for human-scale abuse. A bad actor registering domains manually, deploying them into campaigns, and moving on when they get flagged. AI has changed the operating model. Automated generation means the volume of potential abuse domains is no longer constrained by human effort. Automated testing means the domains most likely to evade detection survive. Automated personalisation means the content targeting each victim is harder to flag as suspicious.

Abuse reporting infrastructure across the region assumes a technically literate complainant who knows that domain registrars exist and understands how to file a report. That assumption was already wrong for most victims of DNS abuse. AI-enhanced attacks, precisely targeted and linguistically convincing, will produce more victims who have even less context for what happened to them and even fewer pathways to report it.

Ronald, founder of Treenia, is building AI orchestration and trust infrastructure specifically for the domain name ecosystem. The fact that private sector actors are moving on this is a signal that the industry recognises the shift. The question is whether governance frameworks will move at the same speed.

The Ask

AI has not invented DNS abuse. It has industrialised it and removed the friction that gave victims a fighting chance.

The governance response needs to catch up on three fronts. Registrar accountability frameworks need to be recalibrated for automated abuse at AI scale. ICANN needs to explicitly connect its DNS security work to the populations across Asia Pacific most harmed by AI enhanced attacks, the ones who will never file an abuse report because they do not know the system exists. And the organisations expanding digital infrastructure across the region need to understand that an AI enhanced DNS abuse environment makes every inclusion goal significantly harder to achieve.

I recognised the email in my inbox. Most people I work with through my NGO sessions would not. That gap is not a technology problem. It is a governance problem. And AI just made it significantly more urgent.

Garv Chauhan is a cybersecurity student at the National Forensic Sciences University, New Delhi, researching Digital Public Infrastructure and digital rights across Asia through NetMission Asia. He is a Fellow of APNG18 and contributes to internet governance forums, including Youth IGF India, Youth IGF Asia, and ICANN. His work on DNS abuse and Universal Acceptance is published on CircleID.