Advertisers lose between 15 and 25 cents on every programmatic dollar they spend. Most of that loss comes from fraud moving faster than the tools built to stop it, but the financial hit is only half the story. Ad fraud and ad security are no longer separate challenges; they've converged into a single, interconnected threat that impacts the entire supply chain, putting both revenue and user safety at risk. The MGID × GeoEdge Ad Security Report 2026 explains how the gap between standard defenses and real attack activity widened through 2025.
What changed is speed driven by AI. Fraud operators now rotate their domains and creatives every few hours. They use generative AI to cloak assets. They move between SSPs as soon as one starts cleaning up. A lot of partners kept running the filtering setup they had trusted for years. Many of them only saw the problem once yield softened or advertisers started asking harder questions.
Motorik runs a programmatic marketplace across web, in-app, and CTV. GeoEdge handles verification and real-time protection on every impression we process. What follows draws on GeoEdge's research and on what we see moving through our own supply.
Why standard filters stopped keeping up
Most ad security setups still rely on three things: signature detection, pre-launch creative review, and blocklists that assume a few days of shelf life. In 2025, attackers found a way through each of them.
Cloaking is the clearest example. A fraudster uses generative AI to build a clean version of an ad for review. Once the ad is approved, the landing page swaps to a scam or malware payload. GeoEdge estimates cloaking affects at least one in five malicious ads. By the time a verification team spots the switch, the campaign has rotated its domains and started again somewhere else.
The supply chain has become part of the problem, too. GeoEdge's Q2 2025 data flagged a UK-focused SSP, generally considered high quality and widely trusted by major UK publishers. That SSP accounted for one-third of all detected attack activity during the UK tech support scam wave. Certification still helps. The 2026 report notes that TAG-certified channels carry up to 80% lower invalid traffic than uncertified ones. But certification works as a starting point, not a safety net.
"Filtering at the partner level made sense when threats moved slower. It doesn't hold up when a clean SSP can host a compromised campaign for hours before anyone spots it. You need visibility at the creative and impression level, and you need it live." — Svyat Poshva, CEO, Motorik.
What our partners are dealing with
A short list of threats did most of the damage in 2025.
Auto-redirects led the year. They grew from 48% of all malicious activity in Q1 to 66% in Q2. Mobile devices absorbed 79% of attacks. The pattern itself is simple. A creative passes review, runs hidden code once it reaches a real user, and sends them to an affiliate scam or a phishing page. What changed was scale. Redirects are now the default attack, not a specialist one.
Tech support scams rose on the back of a large UK campaign that spilled into Canada. At the peak, one in every 40 ad impressions in the UK turned malicious. Canada's rate reached one in 35, driven by the same underlying scam infrastructure.
Intrusive formats and made-for-advertising sites keep eroding trust while staying inside the rules. Floating ads alone have grown eightfold since 2024. The 2026 report notes that 60% of users say these formats ruin their experience of the site they appear on.
CTV fraud ended the idea that streaming was safer ground. The 2026 report puts invalid traffic at around 18% of CTV impressions in Q2 2025. Much of that comes from server-side ad insertion spoofing, where fraudsters send fake ad requests from what looks like legitimate server traffic. Because these requests never come from a real end-user device, client-side bot-detection cannot see them. CTV ad spend grew about 20% year-on-year through the first half of 2025, so the amount of budget exposed to this gap is growing in absolute terms.
None of these threats are caught reliably by a static, pre-launch filter. That is why they defined the year.
The real cost of a breach
The money side is visible on any quarterly review. The 2026 report cites ANA findings that advertisers lose 15% to 25% of every programmatic dollar spent. That money goes to hidden fees, fake inventory, or invalid traffic. On the other side of the market, buyers are shifting budget toward verified supply. The same report cites IAB Europe data showing a 40% increase in budget allocated to certified and verified paths in 2025.
The slower costs are where partners underestimate the damage. A user who loads a page, gets hit by a redirect, and closes the tab does not file a complaint. They just stop visiting. The 2026 report puts it plainly: "a single bad ad can drive users away for months." Session depth, return rate, and search performance all trail the incident itself. That is part of why the cost takes so long to show up in the numbers.
Brand safety incidents hit advertisers on the same delay. The 2026 report says directly that "one compromised SSP can corrupt thousands of campaigns." A brand's logo can land next to content no one would have approved. By the time an agency catches it, the reputational damage has already started working its way through the client relationship. The buyers asking sharper verification questions in 2026 are mostly the ones who paid that cost in 2025.
"2025 showed us how quickly AI has changed malvertising. Attackers are using generative tools to create endless variations of the same threat, changing visuals, copy, domains, and delivery paths fast enough to slip past static defenses. The only way to keep pace is real-time, impression-level scanning paired with forensic analysis that connects those variations back to the same underlying attack pattern.” - GeoEdge research team.
How Motorik approaches this
Every creative and landing page in our marketplace passes through GeoEdge's verification before it reaches a publisher's page. GeoEdge's real-time protection then sits on live impressions and watches for cloaking campaigns trying to swap their payload. When a threat is blocked, the incident data feeds back into GeoEdge's detection models. The same campaign has a harder time reaching its next target.
For publishers on our supply side, that means fewer incidents reach live sessions. Demand becomes steadier because the partners on the other side have already been checked. For advertisers, campaigns run on inventory where the reporting reflects what users experienced, not what the bid request claimed.
The 2026 report's main point is one we took seriously when we built this part of the marketplace. Ad security and fraud are now the number-one business risk in digital media. Partners who added live verification in 2025 are a year ahead of the ones still using the same tools that let last year's attacks through.
Sources: GeoEdge Q2 2025 Ad Quality Report; MGID × GeoEdge Ad Security Report 2026