cloro
AI Strategy

Brand Protection in 2026: Monitoring Search — and Now the AI Answer Layer

Ricardo Batista
Ricardo Batista
Founder, cloro
9 min read
Brand ProtectionBrand MonitoringAI Search
On this page

Brand protection has always been about one question: who gets to speak for your brand when you’re not in the room? For twenty years the answer meant policing search results, marketplaces, social handles, look-alike domains, and paid-ad hijacking. In 2026 there is a new room, and your brand is usually not in it: the AI answer.

When a customer asks ChatGPT, Google’s AI Overview, Gemini, Copilot, or Perplexity “is [your brand] legit?” or “[your brand] return policy”, the reply is synthesized on the spot. The model pulls from whatever it retrieves in that moment. Often, that source is not your own website.

To size the problem for brand protection, cloro ran a brand-intent citation audit. It spanned 40 major consumer brands × 60 prompts each × 6 AI engines — 2,400 monitored answers in total. The finding is uncomfortable.

For the median brand, roughly half of AI answers cite no official source at all. The range runs from 31% (American Express) to 72% (Amazon). On Perplexity specifically, the brand’s own domain is cited in essentially 0% of answers.

This post maps brand protection across every surface it now spans — and treats the AI answer layer as the new front, with the data to size it.

The brand-protection surface map

Brand protection is not one job; it’s a set of adjacent monitoring problems, each with its own tooling. The surfaces, roughly in order of how long they’ve been contested:

SurfaceThe threatWho polices it
Search resultsRanking hijack, negative SEO, complaint sites outranking youSEO + reputation tools
MarketplacesCounterfeit and gray-market listingsRed Points, Corsearch
Domains / DNSTyposquats, look-alike phishing domainsMarkMonitor, PhishLabs
Paid adsCompetitors/affiliates bidding on your brand termsBrandShield, ad-monitoring
SocialFake accounts, impersonation handlesBrandShield, social listening
TrademarkInfringing use of name/logo/marksCorsearch, MarkMonitor
AI answersModels answering about you from third-party sourcesAI visibility monitoring

The first six are mature categories with established vendors. The seventh is new, largely unmeasured, and — as the data below shows — already the surface where your brand is least likely to be represented by your own words.

The AI answer layer: a 40-brand citation audit

We selected 40 well-known consumer brands spanning retail (Amazon, Walmart, Target, Costco, IKEA), apparel (Nike, Adidas, Patagonia, Lululemon, The North Face), CPG/beauty (Dove, CeraVe, Olay, Gillette, Sephora, Coca-Cola), tech (Apple, Samsung, Microsoft, Sony, Dell, HP), auto (BMW, Toyota, Tesla, Ford), travel/hospitality (Marriott, Delta, Airbnb, Starbucks, McDonald’s, Chipotle, Nespresso), finance (Chase, American Express, PayPal, Fidelity), and media/telecom (Netflix, Spotify, Verizon).

For each brand we ran 60 brand-intent prompts — the questions a real customer or prospect asks: “is [brand] legit”, “[brand] reviews”, “[brand] customer service”, “[brand] return policy”, “[brand] vs [competitor]” — across six engines: Google AI Overview, Google AI Mode, ChatGPT, Copilot, Gemini, and Perplexity. For every triggered answer we captured the full cited-source list and asked one question: did this answer cite the brand’s own domain, or only third parties?

Half your brand answers cite no official source

The headline metric is the non-official-only rate: the share of a brand’s AI answers that cite external domains exclusively — never the brand’s own site. Here is the full distribution across all 40 brands.

Non-official-only citation rate by brand — the share of AI answers citing no official domain. Amazon 72%, Toyota 59%, Sony 59%, Nike 55%, down to American Express 31%.Amazon72%Toyota59%Sony59%Nike55%Gillette53%Dell53%Olay53%BMW52%Chase52%Chipotle51%Tesla51%Sephora50%Coca-Cola48%CeraVe47%Walmart47%Spotify47%Adidas47%Costco46%Starbucks45%Microsoft45%Airbnb45%Ford45%Fidelity45%Delta43%Apple43%HP43%PayPal43%Verizon43%Netflix43%Target42%Dove42%IKEA42%The North Face42%Marriott40%McDonald’s37%Patagonia35%Nespresso35%Samsung33%Lululemon32%American Express31%

Read that as: for Amazon, 72% of the AI answers to brand-intent prompts cited only third-party domains — nearly three in four answers about Amazon are told without amazon.com in the citation list. Even the best-defended brand in the set, American Express at 31%, still loses roughly a third of its answers to third-party-only sourcing. No brand in the audit dropped below 30%. The median sits at 45% — a coin-flip on whether the model grounds its answer in your own words.

The Perplexity blind spot: ~0% official citation

The aggregate number hides a sharper, engine-specific problem. Break the same data down by engine and Perplexity is a near-total blind spot for official sources:

Official-cite rate by engine, averaged across 40 brands — Google AI Mode ~72%, ChatGPT ~72%, Copilot ~70%, Google AI Overview ~58%, Gemini ~45%, Perplexity ~4%.Google AI Mode~72%ChatGPT~72%Copilot~70%Google AI Overview~58%Gemini~45%Perplexity~4%

For 36 of the 40 brands, Perplexity cited the official domain in exactly 0 of 10 sampled answers. Only four brands (American Express, Lululemon, The North Face, and Patagonia) broke through at all, and only to 20–60%. Perplexity’s retrieval leans hard on review aggregators, forums, and editorial roundups; the brand’s own domain barely registers. If your customers use Perplexity to vet you, they are reading a version of your brand you did not write and cannot see.

Gemini is the next-weakest engine, typically citing official sources 30–50% of the time. The Google surfaces (AI Mode, AI Overview), ChatGPT, and Copilot are materially better — 50–90% — but even there, a stubborn minority of answers is sourced entirely from third parties.

Who narrates when you’re absent

If not your domain, then whose? Across all 10,281 citations in the corpus, the domains doing the talking about these 40 brands concentrate heavily in review sites, forums, and video:

#DomainShare of citationsType
1reddit.com15%Forum
2youtube.com9%Video
3trustpilot.com8%Review aggregator
4en.wikipedia.org5%Encyclopedia
5quora.com3%Q&A forum
6finance.yahoo.com3%Financial media
7bbb.org3%Complaint/rating board
8consumeraffairs.com3%Complaint/review board
9elliott.org2%Consumer-advocacy blog
10forbes.com2%Editorial

Reddit alone accounts for 15% of all citations — more than the next two combined — which tracks with its broader dominance in AI citations (we’ve measured that separately). Trustpilot, the Better Business Bureau, and ConsumerAffairs together supply another 14% — and these are complaint-weighted surfaces by construction. When a model answers “is [brand] legit” by citing BBB and ConsumerAffairs instead of your own trust page, the framing skews toward whatever grievances those platforms have indexed. That is brand impersonation by omission: no bad actor required, just a retrieval pipeline that defaults away from you.

What “brand impersonation” means in the AI era

Classic brand impersonation is a phishing domain or a fake support account pretending to be you. The AI-era analog is subtler and, in volume, far more common: an authoritative-sounding answer about your brand, assembled from sources you didn’t author. A support “phone number” lifted from a complaint thread. A returns window paraphrased from a three-year-old Reddit post. A “best price” claim sourced from an affiliate aggregator that gets it wrong.

The customer can’t tell the difference. The AI answer carries the same confident, unattributed-feeling authority whether it cites amazon.com or a random forum. And because 31–72% of answers never cite you at all, the correction you’d want to make — “actually, our return window is 30 days, here’s the policy” — never enters the model’s context for that answer.

This is why AI-answer monitoring belongs in the brand-protection stack, not adjacent to it. The threat model is the same as counterfeit listings and typosquat domains: someone other than you is defining your brand to a customer. The only difference is that the “someone” is a retrieval pipeline, and the venue is an answer box instead of a search result.

The established brand-protection stack (and where it stops)

To be clear about scope: the AI answer layer is new, not total. The mature threats still need mature tooling, and the leading platforms remain the right call for them. Keep them funded in your brand protection program:

  • Trademark & marketplace enforcementCorsearch and Red Points specialize in detecting infringing listings and counterfeit goods across marketplaces and running takedowns at scale.
  • Domain & DNS protectionMarkMonitor is the incumbent for corporate domain portfolios, typosquat detection, and registrar-level enforcement.
  • Phishing & impersonation takedownPhishLabs (Fortra) and BrandShield focus on detecting phishing sites, fake social accounts, and paid-ad hijacking, then executing takedowns.

These platforms police the open web: listings, domains, ads, social handles. What none of them yet measure is what the models say about you and whether they cite you. That’s the gap the audit above quantifies, and it’s the gap cloro’s AI visibility layer is built to fill.

Trademark and phishing monitoring, honestly scoped

Two clarifications so this post doesn’t overclaim. Trademark monitoring watches for infringing use of your name and marks. It is a legal-operations discipline, best served by the vendors above and your counsel.

AI-answer monitoring complements that brand protection work by catching cases where a model attributes a competitor’s product or a counterfeit to your brand. It is not a trademark-watch service on its own.

Phishing monitoring detects and takes down look-alike domains and credential-harvesting sites. That likewise remains a job for dedicated takedown platforms. cloro’s contribution to both is measurement of the AI-answer surface.

If a model starts citing a phishing domain or a counterfeit marketplace as if it were you, brand-intent monitoring is how you catch it early. It is not a substitute for the takedown itself.

A brand protection strategy for the AI answer layer

Most brand protection strategies were written before AI answers existed. They cover counterfeits, domains, ads, and social handles — and they stop at the open web. Extending your brand protection program to the model layer takes only a few new habits.

The goal of AI-era brand protection is unchanged: make sure your own words define your brand.

Where AI fits in the brand protection stack

Treat an AI answer like any other brand surface you already watch. Your brand protection software polices listings and look-alike domains. AI-answer monitoring polices what the models claim about you. Good brand protection now runs both checks on the same cadence.

Measure official-cite rate, not just sentiment

Sentiment tools report the tone of a mention. They rarely report who was cited. For brand protection, the citation list is the signal that matters. A confident answer sourced only from Reddit is a brand protection gap, even when the tone reads as neutral.

Turn gaps into content, not takedowns

On the open web, brand protection usually ends in a takedown request. In the AI layer, the fix is editorial instead. A low official-cite rate means your authoritative page is missing or unreachable — so publish it, make it retrievable, and measure again. That habit is the part of online brand protection the older tools miss.

Who owns brand protection for AI answers

The work spans two teams. Marketing owns the content that models retrieve. Security and legal own impersonation, phishing, and trademark abuse. A shared brand protection program keeps both views on one dashboard, so official-cite rate gets an owner the way takedowns already do.

How to monitor the AI answer layer

The build recipe is straightforward and mirrors how the audit above was produced:

  1. Enumerate your brand-intent prompts. Name + the real questions: "is [brand] legit", "[brand] reviews", "[brand] customer service number", "[brand] return policy", "[brand] vs [competitor]", "[brand] complaints". Twenty to sixty prompts covers most brands.

  2. Run them across every engine on a schedule. Google AI Overview, AI Mode, ChatGPT, Copilot, Gemini, and Perplexity — weekly at minimum, daily for high-volume brands. Answers drift as retrieval indexes update.

  3. Capture the full answer and every cited source. Not just the text — the citation list is where the signal is.

  4. Track two metrics over time. (a) Official-cite rate per engine and per prompt: is your domain in the citation list? (b) Third-party narration share: which external domains answer in your place, and are any of them complaint-weighted (BBB, ConsumerAffairs) or outright wrong?

  5. Act on the gaps. A low official-cite rate on a prompt cluster is a content signal — the model can’t find your authoritative page because you don’t have one, or it isn’t retrievable. That’s fixable with the same GEO/AEO playbook covered in what is AI SEO and AI share of voice. Persistent third-party-only sourcing on trust queries is a reputation signal to route to your brand team.

cloro’s AI visibility API returns the parsed answer plus every citation for each of the six engines, so official-cite rate and third-party narration share fall out of the data directly — the same pipeline that produced this audit. If model crawlers can’t reach your content in the first place, the AI crawler guide covers making your official pages retrievable.

Methodology

The audit covers 40 consumer brands, 60 brand-intent prompts per brand, and 6 AI engines: Google AI Overview, Google AI Mode, ChatGPT, Microsoft Copilot, Gemini, and Perplexity. That is 2,400 monitored responses, captured in cloro’s production monitoring corpus on 2026-07-04. For each brand we defined its official domains — for example, bmw.com plus bmwusa.com for BMW.

An answer counts as “official-cited” if any official domain appears in its citation list. The non-official-only rate is the share of a brand’s answers with zero official citations. Per-engine rates use 10 sampled answers per brand per engine. Fewer are used where an engine didn’t trigger an answer: AI Overview answered 88% of the time, every other engine 100%.

A few caveats. This is one measurement from one corpus, with a US-weighted, English-language prompt mix. Treat the point estimates as cloro-corpus signals, not universal constants.

The prompts skew toward trust and comparison intents like “is X legit” and “X reviews”. Those surface complaint and review sites more than a neutral mix would. So the non-official-only rates likely overstate what a brand’s full query distribution would show.

The qualitative findings are robust to prompt mix. Perplexity’s near-total absence of official citations held across 36 of 40 brands. The Reddit, Trustpilot, BBB, and ConsumerAffairs concentration is consistent brand-to-brand. Official-cite rate is not a verdict on answer quality, but it does measure whether your brand had a voice in the answer.

If you want this run continuously for your own brand — official-cite rate per engine, which third-party domains narrate in your place, and alerts when a new domain starts speaking for you — that’s what cloro’s brand protection monitoring and AI visibility tracking are built for. The threat intelligence surface covers the adjacent monitoring for impersonation and abuse signals across the same corpus, and the LLM citations study breaks down the per-engine citation mechanics underneath this audit.

Frequently asked questions

What is brand protection?+

Brand protection is the ongoing practice of monitoring — and acting on — unauthorized, misleading, or reputation-damaging use of your brand across the surfaces where people encounter it: search results, marketplaces, social platforms, domains, ads, and now AI answers. Traditionally it covers counterfeit listings, trademark infringement, phishing/impersonation domains, and paid-ad hijacking. In 2026 it extends to the AI answer layer: what ChatGPT, Google AI Overviews, AI Mode, Gemini, Copilot, and Perplexity say about your brand and, critically, which sources they cite when they say it.

How is AI changing brand protection?+

AI answer engines increasingly sit between your customers and your brand. When someone asks an assistant 'is [brand] legit?' or '[brand] customer service problems,' the answer is synthesized from whatever the model retrieves — often third-party review sites, forums, and complaint boards rather than your own domain. In cloro's audit of 40 major brands, the share of answers citing no official source at all ranged from 31% to 72%, and on Perplexity the brand's own domain was cited in essentially 0% of answers. That means the narrative about your brand is frequently written by Trustpilot, BBB, ConsumerAffairs, Reddit, and YouTube — not by you.

What is brand impersonation in AI answers?+

It's when an AI answer presents third-party, unofficial, or outright wrong information as authoritative about your brand — a support number pulled from a complaint forum, a returns policy paraphrased from Reddit, or a 'best deals' claim sourced from an affiliate aggregator. It's not always malicious; the more common failure mode is that the model simply never cites your official source. But the effect is the same as classic impersonation: customers act on information your brand didn't author and can't correct.

Which AI engines are worst at citing official brand sources?+

In cloro's audit, Perplexity was the extreme case — it cited the brand's own domain in roughly 0% of brand-intent answers for 36 of 40 brands. Gemini was the next weakest (frequently 30–50% official-cite rate). Google AI Mode, Google AI Overviews, ChatGPT, and Copilot cited official sources far more often (typically 50–90%), though even they left a substantial minority of answers sourced entirely from third parties.

How do I monitor what AI says about my brand?+

You need to run your brand-intent prompts (name + 'reviews', 'legit', 'customer service', 'returns', 'vs competitor') across every major AI engine on a schedule, capture the full answer and its cited sources, and track two things over time: whether your official domain is cited, and which third-party domains are narrating in its place. cloro's AI visibility API does this across ChatGPT, Google AI Overview, AI Mode, Perplexity, Copilot, and Gemini, returning the parsed answer plus every citation so you can measure official-cite rate per engine and per prompt.

Can brand protection software detect phishing and impersonation domains?+

Dedicated brand protection platforms (Red Points, BrandShield, Corsearch, MarkMonitor, PhishLabs/Fortra) specialize in detecting look-alike domains, phishing sites, counterfeit marketplace listings, and paid-ad hijacking, and in running takedowns. cloro is not a takedown service — it's the measurement layer for the AI answer surface those tools don't yet cover: what the models say about you and whether they cite you. The two are complementary: takedown platforms police impersonation on the open web; AI-answer monitoring tells you when the models themselves are the ones getting your brand wrong.