Can LLMs Reason About Brand Ownership? An Empirical Study of Domain Attribution Intelligence

Researchers empirically evaluated whether large language models can reliably determine domain ownership for brand protection purposes. The study found that while LLMs achieve 82% precision enumerating brand domains from memory, they fail at ownership verification without external tools (F1 score of 0.37), but WHOIS augmentation dramatically improves performance to near-perfect precision, reducing false positives that harm users and brand reputation.

This study addresses a critical gap in cybersecurity infrastructure by systematically testing whether LLMs can reliably solve brand domain attribution—a problem that directly impacts phishing defense and brand protection at scale. Domain squatting represents a persistent threat vector, and distinguishing legitimate brand domains from malicious lookalikes requires nuanced intelligence that has traditionally required manual investigation or proprietary databases. The research reveals a meaningful limitation in zero-configuration AI approaches: LLMs possess broad brand knowledge enabling strong enumeration capabilities, yet struggle with binary classification tasks that demand precise ownership verification without contextual support.

The stark performance gap between memory-based reasoning (82% precision) and ownership verification without augmentation (0.37 F1) highlights a fundamental constraint in relying solely on training data for security-critical applications. However, the dramatic improvement from WHOIS integration—lifting macro F1 by up to 0.65 points—demonstrates practical pathways for deployment. This finding is particularly significant because WHOIS data represents an existing, accessible external signal that transforms unreliable LLM outputs into actionable intelligence.

For the cybersecurity and brand protection industries, this research provides a template for responsible AI integration in defense pipelines. Rather than viewing LLM limitations as blockers, defenders can strategically combine model strengths (broad enumeration) with targeted augmentation (WHOIS lookups) to achieve near-perfect precision. The work validates a hybrid approach that leverages AI's pattern recognition while anchoring decisions in authoritative external sources, reducing false positive risks that compromise user experience and brand trust.

• →LLMs achieve 82% precision enumerating brand domains from memory but fail at ownership verification without external tools, achieving only 0.37 macro F1 score
• →WHOIS lookup augmentation dramatically improves ownership classification to near-perfect precision (≤0.99), lifting F1 scores by up to 0.65 points
• →Study evaluates four leading models (Gemini 2.5/3.5 Flash, Claude Sonnet 4.5/4.6) across domain enumeration, attribution, and binary classification tasks
• →Zero-configuration LLM approaches alone are insufficient for brand protection; hybrid systems combining AI reasoning with external data sources are necessary
• →False positives in domain flagging harm end users and brand reputation, making reliable ownership verification critical for security infrastructure