DNS Audit of 39 AI Companies Reveals Anthropic Verification Adoption and Email Security Gaps
Key Takeaways
- ▸Anthropic domain verification adopted by 17 prominent AI companies signals significant Claude API enterprise penetration across the industry
- ▸23% of audited AI companies have weak or absent email authentication, creating spoofing vulnerabilities that affect both commercial and safety-focused organizations
- ▸MCPv1 DNS verification is emerging as an early-stage infrastructure standard, with only 6 of 39 companies currently adopting it
Summary
A comprehensive DNS security audit of 39 AI-adjacent companies reveals widespread adoption of Anthropic's domain verification system and significant email authentication vulnerabilities across the industry. The analysis found that 17 of the audited domains contain Anthropic domain verification records, likely indicating enterprise Claude API customers, while 14 companies have Cursor verification records. These verification records, stored in publicly accessible DNS TXT records, provide a map of vendor relationships that companies may not realize they're broadcasting.
The audit uncovered critical email security gaps: 9 out of 39 companies (23%) lack proper DMARC or SPF configuration, creating vulnerabilities to email spoofing. This is particularly concerning for AI safety organizations like MIRI and Alignment Forum, which handle sensitive research but lack basic email authentication protections. Conversely, major players including Anthropic, OpenAI, Stripe, and Cloudflare maintain strict p=reject DMARC policies. Additionally, 6 companies have deployed MCPv1 DNS records containing cryptographic public keys for Model Context Protocol server identity verification, suggesting early adoption of emerging infrastructure standards.
The audit also profiled broader technology infrastructure patterns: 74% of companies use Google Workspace for email, 46% are hosted on Cloudflare, and 72% rely on Let's Encrypt or Google Trust Services for SSL certificates. This concentration reflects how a small number of providers dominate AI company infrastructure.
- AI industry infrastructure shows high concentration: Google Workspace (74%), Cloudflare (46%), and Let's Encrypt dominate their respective markets
Editorial Opinion
This audit provides valuable transparency into both the security practices and vendor dependencies of the AI ecosystem. The 23% email authentication gap is troubling given the sensitive nature of AI research and safety work, particularly for organizations handling security-critical research. The widespread adoption of Anthropic's verification system signals growing enterprise reliance on Claude API, while MCPv1 adoption suggests Model Context Protocol could mature into a key infrastructure standard as AI agents become more prevalent.
