On this page
TL;DR
In a recent disavow operation we ran for an AI governance vendor, 200+ referring domains across five PBN networks were submitted to Google's Disavow Tool in a single batch. Domains followed the rank-your.*, buybacklinks.*, seo-power.* signature. The cost of ignoring it is slow, compounding trust decay, not a manual action. Source: field notes, 2026-05-20.
What a toxic backlink profile actually looks like in the AI security category
For most AI security and governance vendors, the toxic backlink problem is not random spam - it is a category problem. AI security domains rank for keywords with strong commercial intent (think "AI DLP", "AI governance platform", "LLM data leakage"). Those keywords attract attention from grey-market SEO operators who run pre-built link networks they then "rent" to whoever is willing to pay. The result is that a target domain accumulates referring links from network clusters whose only purpose is link manipulation.
The patterns we see most often in the AI-security category share five characteristics:
- Domain name signatures in the form rank-your-[topic].*, buybacklinks.*, seo-power-[topic].*, top-rank-[topic].*, and similar. The naming convention is a strong heuristic.
- Cookie-cutter site structures - identical theme, identical "about" page boilerplate, identical contact form, identical menu structure across dozens of TLDs.
- Topical drift. A site whose home page is about gardening or pet care suddenly hosts an article about "the best AI governance platforms of 2026" with the target's anchor text.
- Anchor text clustering. Hundreds of incoming links all use the same commercial money phrase as anchor, far above the rate that would occur organically.
- No traffic, no engagement. The hosting domains have negligible organic traffic in Ahrefs or Semrush despite a high apparent DR, because the DR is itself the product of mutual link inflation across the network.
None of these signals on its own is dispositive, but when several show up at the same time across the same cluster of domains, you are looking at a PBN, not a publisher. Google's official guidance via John Mueller has been consistent for years: most sites do not need to use the Disavow Tool, but when there is a known attempt to manipulate link signals at scale, disavow is the correct response.
Why it matters when nothing visible breaks
The most common mistake we see is treating toxic backlinks as a Google penalty problem. Manual actions are rare and obvious - they show up in Google Search Console as explicit messages. The real cost of a toxic profile is invisible and compounds quietly.
First, there is search trust decay. Modern ranking systems use a constellation of trust signals (link patterns, anchor distribution, topical coherence of the referring sites). When the link profile diverges sharply from what organic acquisition would produce, the trust signal degrades even without a manual action. This shows up as inconsistent rankings, page-2-to-page-1 oscillation on money terms, and a Domain Rating that flatlines or drops despite continued real link acquisition. Ahrefs documents the DR metric as a function of the strength and quantity of inbound links, so a flood of low-quality referring domains can artificially inflate DR in the short term but is regularly recalibrated as the underlying domains lose their own link equity.
Second, there is buyer trust decay. Procurement-grade security buyers and their consultants now routinely run link-profile checks on AI vendors as part of due diligence. A profile dominated by buybacklinks.* and rank-your.* domains looks exactly like what it is: a vendor that has bought links rather than earned them. In a category where trust is the product, this is the kind of finding that ends a deal without an explicit conversation.
Third, there is the reputation laundering risk. PBN operators often mix client domains in a way that links your domain to the other clients of the same network. If those other clients are themselves grey-market, your domain ends up co-cited with material your CISO and legal team would refuse to be associated with.
How we approach disavow in practice
At Areebi, we built an internal playbook for vendor backlink audits because the same patterns kept showing up across the AI-security category and most of the vendors we work with were unaware until we showed them the data. The playbook has five steps.
Step 1: Acquire the full referring-domains list. Pull from Ahrefs, Semrush, and Google Search Console. The three sources disagree, so you need all three. Deduplicate by registrable domain (eTLD+1), not by URL.
Step 2: Cluster by signature. Group by domain name pattern (rank-your.*, buybacklinks.*, seo-power.*), by WHOIS data where available, by hosting IP block, and by site structure fingerprints. Most PBNs reveal themselves at this step because operators reuse infrastructure across hundreds of domains.
Step 3: Manually review the clusters. The rule we apply: if a cluster has more than ten domains, all with the same naming convention, all with the same theme, and all linking to commercial money terms, the cluster goes to disavow as a whole. Borderline clusters get a manual sample review.
Step 4: Build the disavow file. Use domain-level disavow entries (domain:rank-your-ai.com), not URL-level. Domain-level is what Google's own documentation recommends for network-wide spam. Submit via Google Search Console's Disavow Links Tool. For Bing, submit via Bing Webmaster Tools' Disavow Links feature (the two engines maintain separate disavow databases, and Bing requires a separate submission).
Step 5: Monitor for re-emergence. PBN operators frequently regenerate their networks on new TLDs (.shop, .online, .xyz) and re-link. Schedule a quarterly review and refresh the disavow file. Treat the disavow file like a security allowlist: it is a living document, not a one-time submission.
Get your free AI Risk Score
Take our 2-minute assessment and get a personalised AI governance readiness report with specific recommendations for your organisation.
Start Free AssessmentDisavow workflow at a glance
The five-step workflow above looks like this in practice.
+-------------------------+
| 1. Pull referring data |
| Ahrefs + Semrush |
| + GSC, dedup eTLD+1 |
+-----------+-------------+
|
v
+-------------------------+
| 2. Cluster by signature |
| Domain pattern, |
| WHOIS, host IP, |
| site fingerprint |
+-----------+-------------+
|
v
+-------------------------+
| 3. Manual review |
| >=10 domain cluster: |
| auto disavow |
| borderline: sample |
+-----------+-------------+
|
v
+-------------------------+
| 4. Submit disavow file |
| Google Search Console|
| + Bing Webmaster |
| domain: level entries|
+-----------+-------------+
|
v
+-------------------------+
| 5. Quarterly refresh |
| Track re-emergence |
| Treat as a living |
| allowlist |
+-------------------------+
What not to do
There are three failure modes we see repeatedly when AI vendors react to a toxic profile.
Failure 1: Mass URL-level disavow. Submitting thousands of individual URLs rather than domain-level entries. Google's documentation explicitly recommends domain-level disavow for network spam because URL-level entries are brittle (a new URL on the same spam domain bypasses the disavow). Use the domain: prefix.
Failure 2: Disavowing legitimate sites that look spammy. A short, freshly registered domain that links once with branded anchor is more likely a real publisher than a PBN. Do not over-disavow. John Mueller has repeatedly stated that the disavow tool is unnecessary for most sites and that aggressive use can harm rankings by removing legitimate signal. Reserve it for clusters that meet the multi-signal criteria above.
Failure 3: Treating disavow as a one-time event. PBNs regenerate. We have seen client domains accumulate fresh waves of toxic links within 60 to 90 days of a clean disavow submission. Without quarterly review, the profile is dirty again before annual reporting cycles complete.
Quick checklist for AI vendor SEO leads
If you are responsible for an AI vendor's organic acquisition, this is the minimum hygiene checklist for 2026.
- Quarterly export of referring domains from Ahrefs, Semrush, and Google Search Console.
- Automated clustering by domain name pattern, hosting IP, and anchor text - flag any cluster of 10+ domains.
- Manual review of any flagged cluster against a documented decision rule.
- Domain-level disavow submission to Google Search Console for confirmed PBN clusters.
- Parallel submission to Bing Webmaster Tools - the engines maintain separate disavow databases.
- Quarterly diff of the disavow file against the latest referring-domains snapshot, refresh as needed.
- Anchor-text distribution review at least twice a year, looking for unnatural concentration on commercial money terms.
- Document the policy. Whoever owns SEO should be able to point to a written decision rule for what gets disavowed and what does not.
For AI security and governance vendors specifically, treat backlink hygiene as part of the trust surface, the same way you would treat security questionnaire responses or SOC 2 evidence. The category is small enough that buyers compare vendors on softer signals than they would in larger categories.
What to read next
If you are an AI vendor thinking about brand trust holistically, these are the related Areebi resources to work through next.
- Build an AI governance programme - the operating model that treats trust as a product surface, not a marketing function.
- AI governance vs AI security - the framing buyers use when they evaluate vendors in the category.
- AI governance ROI business case - the buyer-side framing that complements the trust-surface argument above.
- The Areebi platform - what we build, and the kind of trust signal we want our own backlink profile to support.
- AI Governance Assessment - the entry point we point vendors and buyers to when they want a structured starting point.
Frequently Asked Questions
Does Google still use the disavow tool in 2026?
Yes. The Disavow Links Tool remains live inside Google Search Console as of May 2026. Google's official guidance, including statements from John Mueller across multiple Office Hours and Twitter/X threads over recent years, is that most sites do not need to use it, but it remains the correct tool when there is a known attempt to manipulate link signals at scale (such as PBN clusters targeting an organisation). Bing Webmaster Tools also maintains its own Disavow Links feature.
Will disavowing toxic links improve my rankings?
Often it stops harm rather than producing a visible ranking lift. Google's algorithms are designed to discount low-quality links automatically, so the marginal lift from disavow is usually small. The bigger benefit is removing the buyer-trust risk (procurement-grade security buyers running link audits as due diligence) and stopping the long tail of compounding trust decay if PBN exposure grows. In the AI security category specifically, the buyer-trust risk is often the larger of the two.
How do I identify a PBN cluster?
Look for multiple signals at once: a shared domain naming convention (rank-your.*, buybacklinks.*, seo-power.*), cookie-cutter site structures, topical drift (gardening sites suddenly publishing AI-security articles), heavy anchor-text concentration on commercial money phrases, and negligible organic traffic despite a high apparent Ahrefs Domain Rating. Any one of these is weak evidence on its own. Three or more present at the same time across a cluster of domains is a strong signal of PBN activity.
Should I disavow at URL level or domain level?
Domain level, using the domain: prefix in the disavow file. Google's own documentation recommends domain-level disavow for network-wide spam because URL-level entries are brittle - any new URL the spam domain publishes that links to you bypasses the existing entry. The exception is a single legitimate site that happens to publish one bad page; for that case URL-level is appropriate.
How often should I refresh the disavow file?
Quarterly is a sensible baseline. PBN operators frequently regenerate networks on new TLDs and re-link, so a one-time submission decays. In practice, treat the disavow file like a security allowlist: it is a living document. Diff the referring-domains snapshot against the current disavow file each quarter and append confirmed new PBN clusters.
Does Bing have its own disavow tool?
Yes. Bing Webmaster Tools maintains a Disavow Links feature that is independent of Google Search Console. The two engines maintain separate disavow databases, so a submission to one does not transfer to the other. For an AI vendor with material Bing traffic (or material exposure to Microsoft-affiliated buyers who use Bing internally), submit to both.
Related Resources
Stay ahead of AI governance
Weekly insights on enterprise AI security, compliance updates, and governance best practices.
Stay ahead of AI governance
Weekly insights on enterprise AI security, compliance updates, and best practices.
About the Author
Areebi Research
The Areebi research team combines hands-on enterprise security work with deep AI governance research. Our analysis is informed by primary sources (NIST, ISO, OECD, federal registers, IAPP) and the operational realities of CISOs running AI programs in regulated industries today.
Ready to govern your AI?
See how Areebi can help your organization adopt AI securely and compliantly.