WordPress.com Reports Spike in AI-Generated DMCA Takedowns, 86% Rejection Rate
Key Takeaways
- ▸WordPress.com processed 2,431 DMCA notices in H2 2025, a 20% increase from the prior year, with an 86% rejection rate
- ▸AI-generated mass reporting services, particularly Enforcity, are driving takedown abuse by targeting non-infringing content to reduce costs and maximize revenue
- ▸Enforcity sent 838 inactionable notices claiming to protect OnlyFans creators, but none targeted actual infringing material, wasting significant platform resources
Summary
Automattic, the company behind WordPress.com and Tumblr, has revealed a concerning surge in AI-generated DMCA takedown notices in its latest transparency report covering the second half of 2025. The platform processed 2,431 takedown notices during this period—a 20% increase year-over-year—with 86% rejected due to various shortcomings. The spike is largely driven by automated mass reporting systems, particularly from copyright protection service Enforcity, which accounted for 838 inactionable notices (34% of all takedowns sent).
Automattic's Trust & Safety team documented that Enforcity's AI-generated notices, which began arriving in August 2025 and claimed to protect OnlyFans creators, targeted non-infringing content including static pages with no content and dynamic search URLs that returned no results. The blogging platform's policy team contacted Enforcity multiple times starting in September 2025 to address the abuse, but notices continued until January 2026, when submissions finally ceased after repeated outreach. This case highlights how payment structures incentivizing volume over accuracy are enabling systematic abuse of the DMCA notice-and-takedown system through AI automation.
- The DMCA system remains vulnerable to automated abuse, with only 27% of all notices processed by WordPress.com since 2014 resulting in actual removals
Editorial Opinion
This report underscores a critical flaw in the DMCA notice-and-takedown system: it can be weaponized by bad actors using AI to automate false claims at scale. While Automattic's willingness to publicly name Enforcity and document the abuse pattern is commendable, the fact that it took months of outreach to stop the notices suggests that current accountability mechanisms are insufficient. Regulators and platform operators must establish stronger verification and penalty systems to prevent bad-faith actors from exploiting the DMCA as a tool for harassment and platform manipulation.
