The Business of Gavin Dunaway: Digital Trust, Malvertising Wars, and the Future of Ad Tech

From Adotas to AdMonsters: The Therapist of Ad Tech

Gavin Dunaway spent nearly a decade embedded in the ad tech trenches, first at Adotas, then as the agenda-wrangling overlord at AdMonsters. His job? Making sense of an industry that often makes no sense. If you were drowning in supply path spaghetti or wondering why your premium ad buys kept ending up sandwiched between fake celeb death hoaxes, Gavin was likely the one moderating a panel where executives awkwardly pretended to have a solution.

Essentially, he was ad tech’s therapist, nodding along while industry veterans spiraled into existential crises about CPMs and brand safety. "How many header bidding partners is too many?" was a question that got asked way too many times. Gavin listened, facilitated, and tried to steer the conversation toward something useful—while probably wondering how much of this would still be relevant in six months.

Watching the Chaos from the Sidelines

But there’s only so long you can be the guy in the commentator’s booth before you want to grab the ball and run. Gavin wasn’t playing the game—he was narrating it. And as the industry devolved into an overcomplicated Rube Goldberg machine of bad decisions, he saw the same patterns over and over.

"I just kept leading these panels about header bidding strategies and I was like, this is miserable. This is awful." The entire digital ad experience was turning into an unskippable, autoplaying video ad—annoying, intrusive, and completely unavoidable. And yet, the industry was still debating tweaks to a system that was fundamentally broken.

The moment of clarity hit: this wasn’t a technology problem. It was a trust problem.

So when The Media Trust came calling, pitching him on the radical idea that maybe, just maybe, consumers shouldn’t be bombarded with scammy ads, malicious redirects, and fraudulent nonsense, he didn’t hesitate.

Enough with the panel discussions. It was time to get his hands dirty.

He wasn’t going to be the guy moderating the endless debates anymore—he was picking a side. Instead of just talking about fixing digital advertising, he was stepping into the fight. The mission? Slay malvertising monsters, clean up the ad supply chain, and—somehow—restore a little bit of sanity to an ecosystem that had lost its way.

Because if the industry wasn’t going to fix itself, someone had to.

Slaying Malvertising Monsters & Digital Lockpicking 101

Gavin Dunaway didn’t sign up to be a digital exterminator, but here he is—wielding a marketing megaphone like a flamethrower, torching malvertising scams and exposing the cockroaches of the ad industry.

Once upon a time, malvertising used to be seasonal, a predictable infestation that crept in when the ad world let its guard down. Q1 and Q3 were peak hunting seasons for bad actors—post-holiday lulls, skeleton ad ops teams, a golden opportunity for hackers to test new scams. But even the cybercriminals are done playing by the old rules. "It used to be that malware invasions slowed down during Q4," Gavin said. "Not anymore." Now, it’s year-round chaos.

It’s not just the sheer volume of attacks—it’s the creativity of the con artists. Gavin recently had to deal with an outbreak where hackers basically built a cipher puzzle straight out of an Indiana Jones movie—locking in bits of repeating text across different ad servers so that the final payload only revealed itself when the conditions were just right. The result? Phishing redirects detonating across the internet, turning ordinary websites into booby traps.

But that’s just the surface-level stuff. The deeper problem? Zombie ad tech.

The Internet’s Forgotten Corpses

The ad industry, in its infinite wisdom, never really deletes anything. Defunct ad tech companies leave behind rotting digital infrastructure, their old domains sitting there like abandoned buildings just waiting to be squatted in. The original owners? Gone. The ad tags? Still embedded in publisher pages, serving who-knows-what to who-knows-who. "All a threat actor has to do is buy a defunct domain, and next thing you know, random sites are suddenly running malicious redirects—without even knowing it."

And then there’s Polyfill, the open-source JavaScript library that became the biggest cybersecurity disaster no one saw coming. It was embedded in over 100,000 websites, quietly doing its job—until it got hijacked by a Chinese hacker group. Suddenly, major brand advertisers (who Gavin very politely did not name) were serving stealth malware to millions of unsuspecting users.

"This was hitting kids’ sites," he said, still in disbelief. "Publishers, advertisers—it didn’t matter. They all had old code buried in their pages that got taken over. Next thing you know, data breaches everywhere."

Welcome to the Wild West of Digital Advertising

It’s one thing to block a bad ad before it loads, but what about the ads that disguise themselves as something legitimate? That’s the next level of the fight. It’s not just about playing defense anymore—it’s about exposing the bad actors before they even get through the door.

Because in this industry, if you’re not watching the code, someone else is. And chances are, they’re not doing it for the good of the internet.