How to implement DNS filtering for AI security

How DNS filtering supports an AI security strategy

DNS filtering refers to the use of the Domain Name System to block certain domains and IP addresses from loading within a given network. If domain queries are blocked and are not allowed to resolve to an IP address, then network-connected client devices cannot load them. One of the most common for DNS filtering is blocking users from reaching malicious or inappropriate Internet content on a secure network. Doing so can help prevent cyber attacks like ransomware, botnet activity, and phishing (since credential harvesting sites and other malicious sites can be blocked), and can help ensure that internal users do not violate company acceptable use policies.

In addition to its value for overall web protection, DNS filtering can also support artificial intelligence (AI) security specifically. The rapid adoption of generative AI tools created an environment where internal security teams lack visibility of how sensitive data is flowing. At the same time, attackers are using AI to enhance their attacks and exploit this expanding attack surface. DNS filtering can help keep these risks under control and secure AI usage.

How DNS filtering secures AI usage

Shadow AI discovery

Organizations cannot plan for security risks if they do not know what or where they are. However, unapproved AI apps and models often end up integrated into business processes or application infrastructure. 98% of employees use unsanctioned apps across shadow AI and shadow IT use cases, per the 2026 Cloudflare Security Signals Report. Filtering DNS queries provides visibility into shadow AI use by tracking which app domains are resolved.

Access control for AI

DNS filtering is a lightweight way to restrict access to applications and services, including AI services. Administrators can use DNS filtering to see DNS queries, set the approval status for apps to which those queries are directed, and set block or allow policies for AI apps based on their approval status. Nonapproved, untrusted, or unreviewed AI tools can be blocked.

Stopping AI-enhanced attacks

AI is a powerful tool in the hands of cyber attackers, and AI-enhanced attacks can help them breach systems far more efficiently than in years past. For example, AI can help attackers:

• Craft highly convincing spear phishing campaigns, for instance by generating highly personalized emails based on the targets' online presence
• Discover and exploit vulnerabilities before they can be patched
• Automate previously manual activities so that attacks move much more quickly

However, DNS filtering can inhibit or block a wide range of attacks by blocking phishing webpages, messages to command-and-control servers, algorithmically generated domains, and DNS tunneling (which is when attackers disguise their traffic as DNS queries).

Blocking data poisoning attempts

Data poisoning is when a model's data is altered in a way that causes the model to behave unexpectedly. Protecting proprietary training data from unauthorized changes goes a long way for preventing data poisoning attacks.

But the issue is that AI apps tend to also rely heavily on data from external libraries, pre-trained models, and feeds from third-party sources. Knowing this, attackers can typosquat domains that host counterfeit AI services. AI developers may accidentally incorporate data from these malicious sources by mistyping a domain or clicking a link.

DNS filtering can block these untrusted domains to ensure such mistakes do not corrupt a model's data.

Blocking indirect prompt injections

In an indirect prompt injection, malicious instructions are hidden in a third-party source that an AI model ingests. Attackers can hide instructions in a seemingly safe webpage to fetch data from a secondary domain that they control, a domain that hosts untrusted code or direct prompt injection attacks. DNS filtering can block AI models from being directed to these untrusted domains.

How to implement DNS filtering for AI security

DNS filtering is most often implemented by changing network policies to direct DNS queries to a trusted filtering provider. Organizations that rely on hybrid workforces (both on-premises and remote) will need to ensure the same policy applies to DNS queries even when workers are not connected to internal corporate networks. Adopting a coffee shop networking model makes it simpler to roll out DNS filtering policies across all users at once.

The basic steps for implementation:

• Step 1: Direct DNS queries to the filtering service by updating router settings and deploying device clients for remote users.
• Step 2: Determine the goal. After gaining visibility of which AI tools are being used, decide on risk tolerance: which tools will be allowed, and which blocked? Finally, decide whether specific domains will be blocked, or entire categories of tools. If the latter, find a DNS filtering service that allows for customization.
• Step 3: Vet the DNS filtering service to ensure the right domains are blocked.
• Step 4: Adopt a zero trust architecture to close other AI security holes. This can be a longer journey, but zero trust is crucial for making sure AI tools are not overprivileged, and that attacks and breaches are contained.

It is important to note that DNS filtering is a powerful first line of defense, but it should not be relied upon for complete protection. A comprehensive AI security platform should include multiple technologies to close AI security holes. Learn more about AI security.

 

FAQs

What is DNS filtering?

DNS filtering uses the Domain Name System to block specific domains and IP addresses from loading on a network. If domain queries are blocked, network-connected client devices cannot load them. This prevents users from reaching malicious or inappropriate content. It also helps prevent cyber attacks like ransomware, botnet activity, and phishing.

Why is DNS filtering important for artificial intelligence (AI) security?

The rapid adoption of generative AI tools creates an environment where internal security teams lack visibility into sensitive data flows. At the same time, attackers use AI to enhance their attacks and exploit this expanding attack surface. DNS filtering keeps these risks under control and secures AI usage by giving administrators visibility into what tools are in use and allowing them to block unmanaged tools.

How does DNS filtering help manage shadow AI?

Unapproved AI apps are often integrated into business processes or application infrastructure. DNS filtering provides visibility into shadow AI use by tracking which app domains resolve.

Can administrators use DNS filtering to control access to AI applications?

DNS filtering is a lightweight way to restrict access to applications and services. Administrators can use DNS filtering to see DNS queries, set approval statuses for apps, and enforce block or allow policies. This ensures nonapproved, untrusted, or unreviewed AI tools remain blocked.

How does DNS filtering prevent data poisoning attacks?

AI applications rely on external libraries, pre-trained models, and feeds from third-party sources. Attackers may squat on domains hosting counterfeit AI services to exploit this reliance. AI developers might accidentally incorporate data from these malicious sources when they mistype a domain or click a link. DNS filtering blocks such untrusted domains to ensure these mistakes do not corrupt model data.