When Attackers Use AI, Defense in Depth Isn’t Enough — DNS Filtering Is Your Backstop

By Sonit Jain, C.E.O., DNSCircle · 19th May 2026

The math of cybersecurity changed in 2024. Most defenders haven’t caught up.

For three decades, the standard security playbook has been “defense in depth”: layer your firewall, your endpoint protection, your email gateway, your SIEM, your patch management. The theory was simple. A determined attacker would have to defeat every layer in sequence. Each layer bought you time. With enough layers, you’d buy enough time to detect them and respond.

That theory assumed the attacker had roughly the same resources you did. A human attacker writing custom malware. A human analyst reading your firewall rules. A human social engineer crafting a phishing email.

That assumption is now broken.

You will not patch every vulnerability. You will not catch every phishing email. You will not detect every polymorphic payload. These battles are now mathematically lost.

The new asymmetry

A single attacker with an off-the-shelf large language model can today:

  • Generate one hundred thousand unique, grammatically perfect phishing emails per hour, each personalized to a different target’s job title, company, recent LinkedIn post, and writing style. The same task in 2022 took a team of skilled native-language writers a full week.
  • Write a novel exploit for a CVE within an hour of its public disclosure. Trellix’s Advanced Research Center reporting shows the median time-to-weaponization for high-severity CVEs has dropped from 23 days in 2021 to under 6 hours in 2025. By the time your patching team finishes triage, the exploit is already in the wild.
  • Generate thousands of polymorphic malware variants that share zero bytes with each other, defeating signature-based detection. A single binary that was 100% blocked by AV vendors yesterday becomes 10,000 binaries with 0% detection coverage today.
  • Spin up new attack infrastructure faster than threat-intelligence feeds can blocklist it. Domain generation algorithms (DGAs) used to produce a few hundred candidate domains per day. AI-driven DGAs now register tens of thousands daily, each just long enough to deliver one payload before being burned.
  • Bypass your security controls without ever directly attacking them — by impersonating a vendor in a Zoom call, voice-cloning your CFO to authorize a wire transfer, or convincing a junior employee that “IT” needs their MFA code.

“One attacker with an LLM versus your entire security team. They move at machine speed. You still move at meeting speed.”

🐦 Click to tweet

The asymmetry is now: one attacker with an LLM versus your entire security team. They move at machine speed. You still move at meeting speed.

Why “plug every gap” stopped working

Every CISO understands defense in depth conceptually. In practice, the work is brutal:

  • The average enterprise runs 300+ software products across endpoints, servers, cloud services, and SaaS — each with its own patch cycle, configuration surface, and supply chain.
  • The median time between a CVE being disclosed and a patch landing in production is 34 days for the fastest organizations and 6+ months for the slowest, according to Tenable’s vulnerability research.
  • 70% of breaches in 2024 originated from third-party SaaS or supply-chain compromise, per the Verizon Data Breach Investigations Report — vendors you don’t control, code you don’t write, dependencies several layers deep.
  • Shadow IT — apps employees install without telling IT — is estimated to account for 30–40% of an organization’s actual attack surface.

You cannot plug every gap. There is no team large enough, no budget big enough, no patch window short enough. The traditional advice — “just be more thorough” — is mathematically impossible given the resources defenders have.

What you can do is choose a defensive position where the attacker’s AI advantage is neutralized. There is exactly one such position in the modern stack: DNS.

The DNS chokepoint

Here is a fact that hasn’t changed since 1983: before a device can connect to anything on the internet, it must look up a domain name.

Diagram: AI-generated attack passes through victim device → DNS lookup → C2/phishing/exploit server → compromise. DNSCircle stops the chain at the DNS lookup step.
Every modern attack chain — no matter how AI-augmented — converges on a DNS lookup. DNSCircle stops the chain there.

This single, protocol-independent fact has profound implications when you think about it from an attacker’s perspective:

  • A phishing email contains a link. The link points to a domain. The victim’s device must resolve that domain before the browser ever loads the page.
  • A piece of malware needs to call home to its command-and-control server. The malware must resolve a domain (or several) before it exfiltrates a single byte.
  • A drive-by exploit kit is hosted on a freshly-registered domain. The user’s browser must resolve that domain before the JavaScript runs.
  • A clone of your CEO’s voice in a phone scam asks for a wire transfer to a “vendor” — the bank’s payment system, eventually, looks up the vendor’s domain to verify SPF, DMARC, DKIM.

Every modern attack chain has a DNS lookup early in its sequence. Often within the first 50 milliseconds. If the lookup fails, the attack fails, regardless of how sophisticated the rest of the chain is.

DNS filtering doesn’t try to detect every variant of every attack. It does something simpler and more durable: it cuts off the attack at the infrastructure layer, before the attacker’s code, payload, or social engineering ever has a chance to execute.

When an attacker generates 10,000 polymorphic malware variants overnight, the variants don’t matter — they all phone home to the same handful of C2 domains. Block the domain, all 10,000 variants are inert.

“Block the domain, all 10,000 malware variants become inert. Block the domain, all 100,000 phishing emails become harmless text in a spam folder.”

🐦 Click to tweet

When an attacker generates 100,000 phishing emails per hour, the email content doesn’t matter — they all link to the same set of phishing domains. Block the domain, all 100,000 emails become harmless text in a spam folder.

When an attacker registers a fresh DGA domain at 3:47 AM and uses it for 20 minutes to push a payload — the payload doesn’t reach a device that’s blocked the DGA pattern.

DNS is a chokepoint that collapses the attacker’s AI scale advantage. Generating a million unique payloads is cheap with AI; registering a million domains and getting them past threat intelligence within minutes is not.

Why other security layers can’t fill this role

You might ask — doesn’t my endpoint protection do this? My firewall? My web proxy?

Endpoint protection is signature- or behavior-based. AI-generated polymorphic malware defeats signatures by construction. Behavioral detection works after the payload runs on the device, which means the device is already compromised — you’re racing the malware’s execution window.

Firewalls filter on IP/port/protocol. Modern attacks tunnel everything over HTTPS on port 443. Firewall rules can’t see inside the encrypted traffic, and modern CDN-hosted attack infrastructure shares IPs with legitimate sites — IP blocking causes massive collateral damage.

Web proxies add a level of inspection but require TLS interception, which breaks certificate pinning, mobile apps, and any service using HSTS. They also only cover web traffic — not every malicious lookup is HTTP.

Email gateways stop a fraction of phishing. They don’t help when the link arrives via SMS, WhatsApp, Slack, Teams, Discord, or QR code.

DNS filtering covers every device and every protocol because every device, regardless of the application, must resolve domain names. Phones, laptops, IoT, smart TVs, printers, the CEO’s tablet — all of them.

What DNSCircle does specifically

DNSCircle is built for the AI-attacker era. Here’s the architecture that matters:

Real-time AI classification — fighting AI with AI

Threat intelligence feeds have a problem: they’re a backward-looking list. By the time a malicious domain makes the list, it’s been used in attacks for hours.

DNSCircle runs every previously-unseen domain through a real-time classification pipeline within milliseconds of the first lookup. Before the device ever receives an answer, the domain is categorized — phishing, malware, parked, DGA, legitimate. This closes the window of opportunity that AI-driven attackers exploit: the gap between registration and blocklisting.

Encrypted DNS — the filtering itself can’t be bypassed

Traditional DNS travels in plain UDP on port 53. Attackers know this and many malware families bypass DNS filtering by querying their own DNS resolver inline. DNSCircle delivers DoH (DNS-over-HTTPS) on standard port 443, indistinguishable from regular web traffic. Devices cannot be silently coerced into using a different resolver, and the policy decisions cannot be tampered with on the network.

Policy enforced per user, per group, per device

A single tenant can define different policies for the executive team, the finance team, the engineering team, and BYOD personal devices. An attacker who compromises a low-privilege account doesn’t automatically gain the policy of a privileged one. AI-driven attackers — who are very good at lateral movement — find this enforcement boundary much harder to climb than a flat network.

Visibility for the responder

When attacks happen — and they will — your security team’s first question is “what did the device try to reach?” DNSCircle logs every query: domain, user, timestamp, action taken. When an alert fires elsewhere in your stack, the DNS log instantly tells you the chain of infrastructure your attacker touched. Incident response that used to take hours now takes minutes.

Deploy in 15 minutes

The reason DNS filtering isn’t the universal first layer of every enterprise stack isn’t technical — it’s that traditional DNS filtering products require complex network reconfiguration, on-prem appliances, or per-device VPN clients that users disable.

DNSCircle deploys via:

  • An encrypted DNS profile on managed iPhones, iPads, and Macs
  • A native DNS-over-HTTPS configuration on Windows 11
  • A lightweight Android VPN app
  • A Windows DoH client for legacy machines
  • Single-IP DNS configuration on the router for the entire LAN

Most customers go from contract to live filtering in a single business day. Talk to our team to get started.

The bottom line

AI hasn’t made every attack inevitable. It has made every attack fast. And speed is a defense problem that almost no security layer can solve at scale — except DNS.

You will not patch every vulnerability. You will not catch every phishing email. You will not detect every polymorphic payload. These battles are now mathematically lost.

But every attack chain — without exception — begins with a DNS lookup. If you control that lookup, you cut off the attack before any of the other layers are even tested.

DNSCircle gives you that control across every device, every protocol, and every user — at a speed that finally matches the attackers.

“You will be breached at the DNS layer, where damage is zero — or somewhere deeper, where damage is everything. The question is which.”

🐦 Click to tweet

The question isn’t whether you’ll be breached.

The question is whether you’ll be breached at the DNS layer, where damage is zero, or somewhere deeper, where damage is everything.

See DNSCircle in action

A 15-minute deployment can collapse your AI-driven attack surface to a single, monitored chokepoint.

Request a Demo View Pricing

SJ

Sonit Jain

C.E.O., DNSCircle

Related Reading

GajShield Infotech India Private Limited. Trusted by enterprises, schools, and service providers across India and beyond. References: Trellix Advanced Research Center, Tenable Research, Verizon DBIR.

 

Scroll to Top