NordVPN hits 96% phishing detection in AV-Comparatives test
NordVPN has published results from an independent AV-Comparatives anti-phishing test and simultaneously launched a dedicated private VPN server product, adding two distinct capabilities to its Complete subscription tier in the same week.
The AV-Comparatives evaluation, conducted between 11 and 22 May 2026, tested NordVPN's next-gen antivirus against 275 active phishing URLs targeting platforms including PayPal, online banking services, email providers and social networks. The product detected 96% of those URLs and produced zero false positives on legitimate banking sites. That represents a six-percentage-point improvement on the same organisation's test from May 2025. NordVPN said it became the first VPN provider to earn AV-Comparatives' anti-phishing badge in June 2024; the badge requires detection of at least 85% of phishing URLs without triggering false alarms.
Domininkas Virbickas, product director at NordVPN, said: "Phishing sites today are sophisticated enough to fool almost anyone, and most people shouldn't have to become cybersecurity experts just to stay safe online."
Dedicated server feature
The second update is a dedicated private VPN server, available as a monthly add-on at $11.99 on top of an active NordVPN subscription. Unlike the standard shared-server model, where many users share the same IP address, each instance gives one user exclusive hardware resources: 1 vCPU, 4 GB of RAM, bandwidth up to 1 Gbps, a 4 TB monthly data allowance, a static IP address, and port forwarding support. Up to ten devices can connect simultaneously. Available server locations at launch are Boston, Manchester, Frankfurt and Paris.
Port forwarding is the feature that unlocks the most distinctive use cases here. Subscribers can host private game servers, expose smart-home devices such as network-attached storage or connected cameras for remote access, or run self-hosted tools including personal password managers or locally hosted AI agents, all without revealing a real IP address to external parties. The company cited DDoS exposure as a specific risk that dedicated routing mitigates for game-server operators.
Market context
NordVPN occupies the consumer and prosumer end of a VPN market that has increasingly blurred with the broader endpoint-security category. Competitors such as Surfshark (also a Nord Security brand), ExpressVPN and Mullvad focus on privacy and unblocking, while enterprise-grade zero-trust network access vendors, including Zscaler and Cloudflare Access, are pushing downmarket toward SMBs. NordVPN's move to bundle antivirus detection alongside a dedicated-server add-on is consistent with an industry-wide trend of VPN vendors broadening their offering to justify platform-level pricing rather than competing purely on connection price.
The 96% detection figure is a concrete third-party data point in a category where efficacy claims are often difficult to verify. AV-Comparatives is a well-regarded independent testing body, and the methodology of testing against live phishing URLs is more demanding than static-sample tests. That said, detection rates in anti-phishing testing are sensitive to the composition of the URL sample, and buyers should treat a single test cycle as one data point rather than a definitive benchmark.
On the regulatory side, the EU's NIS2 Directive and the UK's updated Network and Information Systems regulations are raising baseline cybersecurity expectations for organisations, which may drive more SMBs toward layered endpoint tools. Consumer-grade products such as NordVPN's sit outside the direct scope of those frameworks, but brand credibility built on third-party testing results becomes a commercial differentiator as enterprise procurement teams increasingly scrutinise vendor security posture.