The digital advertising ecosystem is increasingly being treated as part of the cybersecurity landscape rather than simply a commercial infrastructure, according to a new industry report that warns malicious advertising activity is becoming more organised, automated and financially damaging.
A newly published intelligence report, When Advertising Entered the Cyber Conversation, from The Media Trust argues that 2025 marked a turning point, with regulators, publishers and technology companies beginning to view advertising systems as potential cyber attack surfaces rather than purely revenue engines.
The report draws on threat detection data gathered across more than 200 billion ads served each month on some 100,000 digital properties worldwide. It suggests malicious advertising activity – commonly referred to as malvertising – is no longer sporadic or opportunistic, but structured and scalable.
For retailers increasingly operating their own advertising platforms, the findings highlight a growing operational risk within the fast-expanding retail media sector.
Advertising systems as attack infrastructure
Digital advertising relies on a complex web of technology platforms, third-party vendors and automated bidding systems. In practice, every ad impression can trigger code execution, data calls and redirects across multiple companies within milliseconds.
According to the report, this architecture can make advertising networks an efficient route for cybercriminals.
“Advertising has always been part of the digital media function,” says Chris Olson, CEO of The Media Trust. “What has changed is the scale and sophistication with which threat actors exploit that infrastructure.”
Malicious actors can insert harmful creatives into ad supply chains that trigger redirects, install malware, launch scams, or collect user data once an ad loads. These campaigns often rely on techniques such as cloaked landing pages or conditional redirects designed to evade detection systems.
Because ad code is frequently delivered by third-party vendors, publishers and platforms may unknowingly serve malicious content despite following standard compliance processes.
Retail media’s growing exposure
The warning comes at a time when retail media networks are expanding rapidly, with retailers turning their ecommerce sites, apps and in-store environments into advertising platforms for brands.
Retail media has been attractive to advertisers because it offers high-intent audiences and closed-loop measurement tied directly to purchase data. But the same infrastructure that enables sophisticated targeting and programmatic buying also creates new technical dependencies.
Retail media platforms typically integrate multiple external partners, including ad servers, DSPs, measurement tools, data partners and creative tools. Many of them are third-party AI-powered to boot and each integration introduces potential points of vulnerability.
If malicious code enters the ad supply chain through a compromised vendor or campaign, it could appear within a retailer’s digital environment, potentially exposing shoppers to scams or malware while they browse ecommerce sites.
For retailers whose core value proposition is built on trust and customer relationships, the reputational impact could be significant.
AI amplifies the threat landscape
The report goes on to highlight how artificial intelligence is accelerating both sides of the digital security equation.
Cybercriminals are increasingly using AI tools to automate campaign generation, scale malicious creative variations and evade detection mechanisms.
AI can help attackers rapidly test different payloads or landing pages, enabling them to identify vulnerabilities in ad verification systems more quickly.
At the same time, defensive technologies are evolving. Real-time detection systems powered by AI are now being used to identify suspicious code behaviour and block malicious activity before ads reach users.
For advertising platforms, including those run by retailers, these technologies are becoming essential rather than optional.
Targeted attacks and the human cost
One of the more concerning findings from the report is that malicious advertising campaigns are not evenly distributed across the internet.
Instead, threat activity often clusters geographically or demographically, targeting specific communities or user groups.
Scam campaigns delivered through ads can exploit vulnerable audiences with fraudulent offers, fake software updates or misleading financial promotions.
The consequences extend beyond technical security risks. According to the report, malvertising can result in direct financial losses, reputational damage and disrupted advertising revenue for platforms that fail to detect and block harmful campaigns.
For retailers that rely on both ecommerce transactions and advertising income, this creates a dual exposure.
If malicious ads damage shopper trust, customer traffic and conversion rates may fall. At the same time, advertisers may become wary of investing budgets into environments perceived as unsafe.
From compliance to accountability
The report argues that regulatory expectations around digital safety are also evolving.
Historically, platforms and publishers have often treated advertising networks as neutral infrastructure. If malicious ads appeared, the responsibility was typically attributed to the offending advertiser or intermediary.
However, regulators and policymakers are increasingly examining whether platforms have sufficient oversight of the advertising ecosystems they monetise.
According to the report, platform neutrality is becoming less defensible as enforcement actions and governance standards evolve.
For companies operating large advertising platforms — including retailers building retail media networks — the question is shifting from whether responsibility exists to how organisations manage it operationally.
That could include investments in proactive ad scanning and threat detection, tighter supply chain verification, stronger vendor accountability frameworks and real-time monitoring of creative behaviour.
The role of a more secure web
At the same time, broader changes to the technical foundations of the web may influence how these threats evolve.
Web browsers such as Google Chrome are continuing to push the internet toward fully encrypted connections through HTTPS-first browsing policies. These changes prioritise secure connections and can block insecure content loaded onto encrypted pages.
While HTTPS does not eliminate malicious advertising, it can help prevent certain forms of tampering or interception during the delivery of ads and tracking scripts.
For retail media operators, the shift reinforces the need for secure, fully encrypted advertising infrastructure, ensuring that ad calls, redirects and measurement technologies operate within protected environments.
As retail media becomes a core revenue stream for many ecommerce businesses, ensuring the safety and integrity of advertising environments may become a competitive differentiator.
Retailers have long emphasised their close relationships with customers and the value of first-party data. Protecting those environments from malicious activity will be increasingly important as advertising budgets shift toward commerce platforms.
The report concludes that protecting users and protecting revenue are closely linked.
If malicious creatives undermine consumer trust, the economic impact can ripple across the entire advertising ecosystem—from lost traffic and reduced advertiser spend to regulatory scrutiny.
For retailers building media networks, the message is clear: advertising infrastructure is no longer just a monetisation tool. It is now part of the broader cybersecurity landscape—and managing that risk is becoming a core operational requirement.
