MUMBAI — In the architecture of the internet, domain names are often treated as plumbing: necessary, invisible and noticed only when something goes wrong. But in India, where digital services now anchor everything from banking and commerce to welfare delivery, the misuse of domain names has become a frontline cybersecurity problem.
At the ICANN85 Community Forum in Mumbai, the National Internet Exchange of India, or NIXI, used that premise to frame a new cybersecurity initiative for the country’s .in domain ecosystem. The organization said its newly deployed artificial intelligence system is designed to identify suspicious or fraudulent domains at the point of registration, rather than after victims have already been exposed.
The timing reflects the scale of the challenge. According to NIXI, nearly 3,000 new .in domains are registered each day, creating a volume of activity that has outstripped purely human monitoring. In that environment, the risk is not simply one of quantity, but of speed: malicious actors can launch cloned banking pages, fake e-commerce portals and impersonation sites faster than traditional complaint-driven systems can respond.
That lag has long defined the “window of harm” in online fraud — the period between a site going live and a regulator, registrar or victim realizing what it is.
A Shift From Takedown to Detection
The ambition of NIXI’s system is to narrow that window, or eliminate it altogether.
Presented by Dr. Devesh Tyagi, the organization’s chief executive, the model operates as a four-layered AI detection engine that begins scanning the moment a domain is created. The first layer analyzes the domain name itself, looking for suspicious linguistic patterns, typo-squatting and brand impersonation cues embedded in the URL. A second layer uses network graph analysis to detect coordinated bulk registrations, a tactic often associated with organized scam infrastructure.
From there, the system turns to the content itself. According to the presentation, AI-driven inspection tools assess whether a website is mimicking known interfaces, especially those designed to harvest credentials. The final layer monitors behavioral indicators, including unusual traffic flows and redirection chains that can signal more adaptive, “living” threats.
The broader idea is straightforward but consequential: to make fraud detection part of the registration lifecycle, rather than a clean-up exercise after abuse has already spread.
In effect, NIXI is proposing that the domain registry itself can function as an early-warning system.
The Numbers Behind the Claim
What gave the presentation its force was not just the architecture of the system, but the claim that it is already producing measurable results.
NIXI said that in just six months of early implementation, the system had identified and neutralized more than 24,000 fraudulent websites, protected more than two million users from potential fraud, and reduced the majority of response times to less than one hour from the moment of registration.
One case study stood out. According to the presentation, the system detected and blocked 143 fake State Bank of India websites before a single victim could be targeted.
Numbers such as these are difficult to assess in isolation without fuller methodological detail, but they point to the scale of abuse the registry believes it is facing — and the speed with which it says automation is now allowing it to respond.
If accurate, the claims would suggest that registry-level monitoring is becoming one of the more important, if underexamined, layers in India’s anti-fraud infrastructure.
Digital Trust as Infrastructure
The deeper argument made in Mumbai was not only about cybersecurity, but about legitimacy.
S. Krishnan, Secretary of the Ministry of Electronics and Information Technology and Chairman of NIXI, framed the initiative within a broader vision of an “open, secure, inclusive and resilient Internet.” In that formulation, fraudulent domains are not merely isolated scam tools; they are corrosive to public confidence in digital systems themselves.
That matters especially in India, where the expansion of the digital economy has depended on mass trust in online banking, government portals, consumer platforms and interoperable public digital infrastructure. A fake domain that resembles a bank or public service portal is not just a cyber incident. It is an assault on the credibility of the system users are being asked to rely on.
Seen from that vantage, NIXI’s AI initiative is less about technical novelty than about institutional adaptation. The registry is acknowledging that the growth of the .in ecosystem — and the sophistication of the scams built around it — has pushed legacy monitoring tools to their limits.
The initiative by ICANN and NIXI to deploy AI-driven monitoring for the .in domain ecosystem is a significant step toward reducing website-based cyber fraud. A large proportion of cybercrimes originate through malicious or compromised websites, and proactive AI detection can help identify suspicious domains much earlier. As India’s digital economy moves toward the trillion-dollar milestone, such technology-driven safeguards will be crucial to strengthening trust, protecting citizens, and securing the country’s expanding digital infrastructure.
— Prof. Triveni Singh, Ex-IPS & Chief Mentor, Future Crime Research Foundation
At ICANN85, that recognition arrived in a distinctly Indian context: a country trying to scale its digital future while holding together the fragile foundation on which that future rests.
The fight over domain abuse is unlikely to command the spectacle of data breaches or ransomware attacks. But it may be one of the more consequential battles for public trust online — one website, and one registration, at a time.
