[{"data":1,"prerenderedAt":3438},["ShallowReactive",2],{"application-flags":3,"navbar":7,"always-visible-banner":36,"navbar-about-highlight":100,"navbar-resource-highlight":174,"blog/why-modern-browser-attacks-evade-edr":220},[4],{"enabled":5,"name":6},false,"maintenanceMode",[8],{"createdDate":9,"id":10,"name":11,"modelId":12,"published":13,"query":14,"data":15,"variations":20,"lastUpdated":21,"firstPublished":22,"testRatio":23,"createdBy":24,"lastUpdatedBy":25,"folders":26,"meta":27,"rev":35},1742208588866,"1c7a4e423bf54ac1a328bb4063459ef2","Banner","1c6207a5f24948ab82d4a0b17f251193","published",[],{"type":16,"url":17,"text":18,"link":19},"web-banner","https://pushsecurity.com/resources/browser-attacks-report","Get our latest report analyzing browser attack techniques in 2026",{},{},1774258294825,1742208637545,1,"CydmZnOWU1XuAaLhEDCoYNM4Z8W2","jKjF9r5jcvXU8tzZEfFQm31Iyvr2",[],{"kind":28,"lastPreviewUrl":29,"breakpoints":30,"hasAutosaves":34},"data","",{"xsmall":31,"small":32,"medium":33},320,640,768,true,"7ec0c6aa90q",{"createdDate":37,"id":38,"name":39,"modelId":40,"published":13,"stageModifiedSincePublish":5,"query":41,"data":42,"variations":89,"lastUpdated":90,"firstPublished":91,"testRatio":23,"createdBy":92,"lastUpdatedBy":93,"folders":94,"meta":95,"rev":99},1774965361051,"fd266d0172cc47429be7ad10f48c99ad","always visible banner","0678d178ec8b41efb8a23c09dba7874d",[],{"url":29,"ctaText":43,"text":44,"blocks":45,"state":85},"ewrererw","testrfesssssssssss",[46,73],{"@type":47,"@version":48,"id":49,"component":50,"responsiveStyles":63},"@builder.io/sdk:Element",2,"builder-ca12c06a52de41d7b8743da53118cd38",{"name":51,"tag":51,"options":52,"isRSC":62},"TopBannerContent",{"text":53,"ctaText":54,"url":55,"mainText":56,"cta":59},"New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks","Save Your Spot","https://pushsecurity.com/webinar/state-of-browser-security",{"content":57,"fontSize":58},"\u003Cp>Is your stack covered? 51 browser & identity attacks, mapped.\u003C/p>","text-base",{"content":60,"fontSize":58,"url":61},"\u003Cp>\u003Cstrong style=\"font-weight:700;\">See the matrix →\u003C/strong>\u003C/p>\n","https://pushsecurity.com/resources/browser-identity-attacks-matrix/",null,{"large":64},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"marginTop":70,"marginBottom":70,"fontSize":71,"fontWeight":72},"flex","column","relative","0","border-box",".56rem","1.125rem","700",{"id":74,"@type":47,"tagName":75,"properties":76,"responsiveStyles":80},"builder-pixel-ea963hyr71","img",{"src":77,"aria-hidden":78,"alt":29,"role":79,"width":68,"height":68},"https://cdn.builder.io/api/v1/pixel?apiKey=f3a1111ff5be48cdbb123cd9f5795a05","true","presentation",{"large":81},{"height":68,"width":68,"display":82,"opacity":68,"overflow":83,"pointerEvents":84},"block","hidden","none",{"deviceSize":86,"location":87},"large",{"path":29,"query":88},{},{},1778612252607,1774968080803,"ST0tXQM8slWpFrmioqKHmENB2qe2","ax7YYfD0OCeqT1Vxxv1G4FUbqVr1",[],{"kind":96,"hasLinks":5,"breakpoints":97,"lastPreviewUrl":98,"hasAutosaves":34,"hasErrors":5},"component",{"xsmall":31,"small":32,"medium":33},"https://pushsecurity.com/?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests%2CmergePullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=always-visible-banner&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.always-visible-banner=fd266d0172cc47429be7ad10f48c99ad&builder.overrides.fd266d0172cc47429be7ad10f48c99ad=fd266d0172cc47429be7ad10f48c99ad&builder.options.locale=Default","nvvs606wpyf",[101,137],{"createdDate":102,"id":103,"name":104,"modelId":105,"published":13,"stageModifiedSincePublish":5,"query":106,"data":107,"variations":130,"lastUpdated":131,"firstPublished":132,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":133,"meta":134,"rev":136},1776247359804,"9136a8f18b3b4a6ba29b8653a99372b1","testimonial-inductive-automation","20d9eaa352304613b3d1a794b400703d",[],{"link":108,"type":109,"testimonialLink":110,"testimonial":111},{},"testimonial","/customer-stories/inductive-automation",{"@type":112,"id":113,"model":109,"value":114},"@builder.io/core:Reference","f028f2b685bb47cd8bf9e82a26dd5a79",{"query":115,"folders":116,"createdDate":117,"id":113,"name":118,"modelId":119,"published":13,"data":120,"variations":124,"lastUpdated":125,"firstPublished":126,"testRatio":23,"createdBy":92,"lastUpdatedBy":92,"meta":127,"rev":129},[],[],1735823466309,"We found Push to be more accurate when compared to competitors and the browser agent offered features that others couldn’t match.","42035571a56940ac98bff4544aa79aa5",{"author":121,"jobTitle":122,"quote":118,"image":123},"Jason Waits","\u003Cp>CISO at Inductive Automation\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Ff04c0c0689ce4a89ac0f0708d78c0a07",{},1735910703862,1735823501152,{"kind":28,"lastPreviewUrl":29,"breakpoints":128,"hasAutosaves":34},{"small":32,"medium":33},"p5cq5iu5ttn",{},1776247404986,1776247404973,[],{"breakpoints":135,"kind":28,"lastPreviewUrl":29,"hasAutosaves":5},{"xsmall":31,"small":32,"medium":33},"14m5qhc3fj8",{"createdDate":138,"id":139,"name":140,"modelId":105,"published":13,"meta":141,"stageModifiedSincePublish":5,"query":143,"data":144,"variations":170,"lastUpdated":171,"firstPublished":172,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":173,"rev":136},1776255761419,"05a9322735fc427db12e2740e4302300","Report: 2026 Browser Attack Techniques",{"breakpoints":142,"kind":28,"lastPreviewUrl":29,"hasAutosaves":5},{"xsmall":31,"small":32,"medium":33},[],{"testimonial":145,"link":164,"type":167,"title":140,"description":168,"image":169},{"@type":112,"id":146,"model":109,"value":147},"192acbb1f9ca4cac918c0ec435a8bae3",{"query":148,"folders":149,"createdDate":150,"id":146,"name":151,"modelId":119,"published":13,"data":152,"variations":158,"lastUpdated":159,"firstPublished":160,"testRatio":23,"createdBy":92,"lastUpdatedBy":24,"meta":161,"rev":163},[],[],1728981467463,"Push does for identity what CrowdStrike did for the endpoint",{"video":153,"jobTitle":154,"author":155,"qoute":29,"quote":156,"image":157},"https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8b30e8ca50064058bbaef0f3c6164575%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=8b30e8ca50064058bbaef0f3c6164575&alt=media&optimized=true","\u003Cp>Deputy CISO at Microsoft\u003C/p>\u003Cp>Former LinkedIn, Slack, Palantir\u003C/p>","Geoff Belknap","Push does for identity what CrowdStrike did for the endpoint.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F748f0ad0a5064a00a13f4721fcc8dea1",{},1742902158597,1728981782923,{"kind":28,"lastPreviewUrl":29,"breakpoints":162,"hasAutosaves":34},{"small":32,"medium":33},"a3qf9jq159n",{"text":165,"url":166},"Download now","/resources/browser-attacks-report","resource","Learn about the latest techniques being used in the wild.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b4a5ebf81d64e8c9d7fc35f6c96c4a9",{},1776255810913,1776255810900,[],[175,198],{"createdDate":176,"id":177,"name":140,"modelId":178,"published":13,"meta":179,"stageModifiedSincePublish":5,"query":181,"data":182,"variations":193,"lastUpdated":194,"firstPublished":195,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":196,"rev":197},1776256900280,"1f429607996e4e5fae8fe3f9b9610e55","4829faa81e7c4ee8bd2d000e160e8d3c",{"breakpoints":180,"kind":28,"lastPreviewUrl":29,"hasAutosaves":5},{"xsmall":31,"small":32,"medium":33},[],{"testimonial":183,"link":192,"type":167,"title":140,"description":168,"image":169},{"@type":112,"id":146,"model":109,"value":184},{"query":185,"folders":186,"createdDate":150,"id":146,"name":151,"modelId":119,"published":13,"data":187,"variations":188,"lastUpdated":159,"firstPublished":160,"testRatio":23,"createdBy":92,"lastUpdatedBy":24,"meta":189,"rev":191},[],[],{"video":153,"jobTitle":154,"author":155,"qoute":29,"quote":156,"image":157},{},{"kind":28,"lastPreviewUrl":29,"breakpoints":190,"hasAutosaves":34},{"small":32,"medium":33},"ja9ru9mmnw",{"text":165,"url":166},{},1776256937553,1776256937540,[],"wyr0vaut6s",{"createdDate":199,"id":200,"name":201,"modelId":178,"published":13,"stageModifiedSincePublish":5,"query":202,"data":203,"variations":214,"lastUpdated":215,"firstPublished":216,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":217,"meta":218,"rev":197},1776256949234,"ce043785b71b4ece98eac811ecf4ba10","inductive-automation",[],{"link":204,"type":109,"testimonial":205,"testimonialLink":110},{},{"@type":112,"id":113,"model":109,"value":206},{"query":207,"folders":208,"createdDate":117,"id":113,"name":118,"modelId":119,"published":13,"data":209,"variations":210,"lastUpdated":125,"firstPublished":126,"testRatio":23,"createdBy":92,"lastUpdatedBy":92,"meta":211,"rev":213},[],[],{"author":121,"jobTitle":122,"quote":118,"image":123},{},{"kind":28,"lastPreviewUrl":29,"breakpoints":212,"hasAutosaves":34},{"small":32,"medium":33},"cys0ljv4vru",{},1776256974140,1776256974130,[],{"breakpoints":219,"kind":28,"lastPreviewUrl":29,"hasAutosaves":5},{"xsmall":31,"small":32,"medium":33},{"id":221,"title":222,"authorsCollection":223,"content":231,"extension":1149,"featured":5,"hashTags":62,"meta":1150,"metaTitle":1151,"ogImage":62,"publishedDate":1152,"relatedBlogPostsCollection":1153,"slug":3414,"stem":3415,"subtitle":62,"summary":3416,"synopsis":3427,"sys":3428,"tagsCollection":3431,"__hash__":3437},"blog/blog/why-modern-browser-attacks-evade-edr.json","Your EDR is working exactly as intended. Attackers are getting around it anyway.",{"items":224},[225],{"fullName":226,"firstName":227,"jobTitle":228,"profilePicture":229},"Peyton Padfield","Peyton","Product Team",{"url":230},"https://images.ctfassets.net/y1cdw1ablpvd/1GU01HXElmc07nwi89qP3b/3188050420106c62e9df2ed4e4893b7f/1677005177901__1_.jpeg",{"json":232,"links":1067},{"nodeType":233,"data":234,"content":235},"document",{},[236,247,255,262,269,276,298,317,321,329,336,360,369,388,395,398,406,413,420,427,434,443,461,469,486,494,511,519,536,543,574,580,583,591,598,606,637,645,652,659,667,708,714,717,725,732,740,747,754,762,769,777,784,792,799,827,833,836,844,851,859,866,873,881,888,895,902,910,917,924,930,933,941,948,1017,1025,1045,1048],{"nodeType":237,"data":238,"content":239},"heading-1",{},[240],{"nodeType":241,"value":242,"marks":243,"data":246},"text","Why endpoint security has a blind spot in the browser ",[244],{"type":245},"bold",{},{"nodeType":248,"data":249,"content":250},"paragraph",{},[251],{"nodeType":241,"value":252,"marks":253,"data":254},"Modern EDR makes compromising the OS hard. Process execution, memory behavior, file system changes: all of it under real-time scrutiny from an agent that never sleeps. Getting in through the endpoint is expensive, noisy, and increasingly not worth the effort.",[],{},{"nodeType":248,"data":256,"content":257},{},[258],{"nodeType":241,"value":259,"marks":260,"data":261},"So attackers expanded their focus. ",[],{},{"nodeType":248,"data":263,"content":264},{},[265],{"nodeType":241,"value":266,"marks":267,"data":268},"The browser is the logical target. It's where work happens now. Authentication, data access, application administration, sensitive file handling — all of it inside a browser tab, with no real security instrumentation, no behavioral detection, and no one paying attention. ",[],{},{"nodeType":248,"data":270,"content":271},{},[272],{"nodeType":241,"value":273,"marks":274,"data":275},"The endpoint got Falcon, Defender, Singularity, Cortex, etc. The browser didn't. And the economics made the choice obvious: a PhaaS kit that proxies credentials and steals session tokens costs about $1k a year, a credential list off a dark web marketplace runs $15, and an admin-level account from an initial access broker goes for a few thousand dollars. None of those require getting past an endpoint agent.",[],{},{"nodeType":248,"data":277,"content":278},{},[279,283,294],{"nodeType":241,"value":280,"marks":281,"data":282},"We've written before about ",[],{},{"nodeType":284,"data":285,"content":287},"hyperlink",{"uri":286},"https://pushsecurity.com/blog/push-plus-endpoint-security",[288],{"nodeType":241,"value":289,"marks":290,"data":293},"how Push and endpoint security fit together",[291],{"type":292},"underline",{},{"nodeType":241,"value":295,"marks":296,"data":297}," and how the two layers complement each other. This post goes further into why succeeding at securing the endpoint isn't enough on its own, and why the gap between what EDR sees and what actually happens in the browser is exactly where attackers have built their playbook.",[],{},{"nodeType":248,"data":299,"content":300},{},[301,304,313],{"nodeType":241,"value":29,"marks":302,"data":303},[],{},{"nodeType":284,"data":305,"content":307},{"uri":306},"https://www.crowdstrike.com/explore/2026-global-threat-report",[308],{"nodeType":241,"value":309,"marks":310,"data":312},"82% of attack detections are now malware-free",[311],{"type":292},{},{"nodeType":241,"value":314,"marks":315,"data":316},", according to CrowdStrike's 2026 Global Threat Report, and that's not because attackers got more sophisticated. If anything, the barrier to entry is considerably lower now. It's because they got smarter about where to target their efforts.",[],{},{"nodeType":318,"data":319,"content":320},"hr",{},[],{"nodeType":237,"data":322,"content":323},{},[324],{"nodeType":241,"value":325,"marks":326,"data":328},"What EDR actually sees",[327],{"type":245},{},{"nodeType":248,"data":330,"content":331},{},[332],{"nodeType":241,"value":333,"marks":334,"data":335},"Before behavioral detection, defense meant chasing known-bad indicators: a malicious hash was identified, it got blocked, the attacker changed the hash, and the cycle repeated indefinitely. EDR broke that dynamic by running an agent inside the operating system and watching what actually happened on the host — process execution, file system changes, memory behavior, registry modifications.",[],{},{"nodeType":248,"data":337,"content":338},{},[339,343,356],{"nodeType":241,"value":340,"marks":341,"data":342},"The",[],{},{"nodeType":284,"data":344,"content":346},{"uri":345},"https://pushsecurity.com/blog/our-design-philosophy-detecting-what-matters/",[347,351],{"nodeType":241,"value":348,"marks":349,"data":350}," ",[],{},{"nodeType":241,"value":352,"marks":353,"data":355},"Pyramid of Pain",[354],{"type":292},{},{"nodeType":241,"value":357,"marks":358,"data":359}," explains why this worked. Tools and indicators at the bottom of the pyramid are trivially easy for attackers to rotate, while behavioral TTPs at the top are expensive to change. EDR moved detection up the pyramid, which is why fileless attacks, living-off-the-land techniques, and lateral movement started getting caught. It's also why attackers shifted their focus away from the OS.",[],{},{"nodeType":361,"data":362,"content":368},"embedded-entry-block",{"target":363},{"sys":364},{"id":365,"type":366,"linkType":367},"2N04ycJ6RKGfHdX5X1TwU3","Link","Entry",[],{"nodeType":248,"data":370,"content":371},{},[372,376,384],{"nodeType":241,"value":373,"marks":374,"data":375},"All of that visibility ends at the browser boundary. From the EDR agent's perspective, Chrome is a well-behaved process. It opens, connects to the internet, does browser things. The agent can see the process, but it can't see which tab is open, what the page is rendering, what scripts are executing, or whether the login form the user just submitted was real or a convincing ",[],{},{"nodeType":284,"data":377,"content":379},{"uri":378},"https://pushsecurity.com/blog/2025-top-phishing-trends/",[380],{"nodeType":241,"value":381,"marks":382,"data":383},"cloned page",[],{},{"nodeType":241,"value":385,"marks":386,"data":387},". It doesn't know whether the session token that just got issued is about to leave the organization.",[],{},{"nodeType":248,"data":389,"content":390},{},[391],{"nodeType":241,"value":392,"marks":393,"data":394},"For browser-based attacks, EDR registers nothing unusual, because nothing unusual happened at the OS layer. EDR worked — but the attackers worked around it.",[],{},{"nodeType":318,"data":396,"content":397},{},[],{"nodeType":237,"data":399,"content":400},{},[401],{"nodeType":241,"value":402,"marks":403,"data":405},"The attack surface has moved beyond the endpoint",[404],{"type":245},{},{"nodeType":248,"data":407,"content":408},{},[409],{"nodeType":241,"value":410,"marks":411,"data":412},"Attackers didn't stumble into the browser. They moved there deliberately, and the tooling reflects it.",[],{},{"nodeType":248,"data":414,"content":415},{},[416],{"nodeType":241,"value":417,"marks":418,"data":419},"The numbers tell the story. PhaaS-driven account compromise surged 389% year-over-year according to eSentire. Fake CAPTCHA lures used in ClickFix attacks increased 563% in 2025, according to CrowdStrike, and ClickFix is now the most common initial access vector observed by Microsoft, accounting for 47% of attacks. ",[],{},{"nodeType":248,"data":421,"content":422},{},[423],{"nodeType":241,"value":424,"marks":425,"data":426},"We see it too; in a single 30-day proof-of-value deployment at a financial services organization, Push detected 6 ClickFix attacks and 10 AiTM phishing attempts that were invisible to the existing security stack.",[],{},{"nodeType":248,"data":428,"content":429},{},[430],{"nodeType":241,"value":431,"marks":432,"data":433},"These aren't niche techniques. They're the dominant playbook, and none of them need to touch the endpoint to succeed, or for an attacker to achieve their goals.",[],{},{"nodeType":435,"data":436,"content":437},"heading-2",{},[438],{"nodeType":241,"value":439,"marks":440,"data":442},"AiTM phishing",[441],{"type":245},{},{"nodeType":248,"data":444,"content":445},{},[446,449,457],{"nodeType":241,"value":29,"marks":447,"data":448},[],{},{"nodeType":284,"data":450,"content":452},{"uri":451},"https://pushsecurity.com/solution/stop-browser-based-attacks/adversary-in-the-middle-attacks",[453],{"nodeType":241,"value":454,"marks":455,"data":456},"AiTM phishing kits",[],{},{"nodeType":241,"value":458,"marks":459,"data":460}," render a convincing login page inside the browser, proxy the authentication in real time, and lift the session token as it passes through. The user completes what feels like a normal login; the attacker gets a valid session. The OS saw a browser connecting to a website.",[],{},{"nodeType":435,"data":462,"content":463},{},[464],{"nodeType":241,"value":465,"marks":466,"data":468},"Session hijacking",[467],{"type":245},{},{"nodeType":248,"data":470,"content":471},{},[472,475,482],{"nodeType":241,"value":29,"marks":473,"data":474},[],{},{"nodeType":284,"data":476,"content":478},{"uri":477},"https://pushsecurity.com/solution/stop-browser-based-attacks/session-hijacking",[479],{"nodeType":241,"value":465,"marks":480,"data":481},[],{},{"nodeType":241,"value":483,"marks":484,"data":485}," skips authentication entirely by targeting an existing session. By stealing and replaying a token acquired by an infostealer, or a malicious browser extension, they can import the session into their own browser and continue using it — there's no password prompt, no MFA challenge, no re-authentication. The session blends into normal browser activity and generates nothing an endpoint agent was built to catch.",[],{},{"nodeType":435,"data":487,"content":488},{},[489],{"nodeType":241,"value":490,"marks":491,"data":493},"Device code phishing",[492],{"type":245},{},{"nodeType":248,"data":495,"content":496},{},[497,500,507],{"nodeType":241,"value":29,"marks":498,"data":499},[],{},{"nodeType":284,"data":501,"content":503},{"uri":502},"https://pushsecurity.com/blog/device-code-phishing/",[504],{"nodeType":241,"value":490,"marks":505,"data":506},[],{},{"nodeType":241,"value":508,"marks":509,"data":510}," is harder to spot, because the user authenticates on a legitimate identity provider page. The attacker initiates a device authorization flow and tricks the user into entering a code on the real Microsoft (or Google or GitHub) login page. The IdP issues a valid token. The phishing happened before the authentication page even loaded, and the session token goes straight to the attacker. Push has documented a 37x increase in device code phishing attacks this year, with 12+ unique kits now offering the technique.",[],{},{"nodeType":435,"data":512,"content":513},{},[514],{"nodeType":241,"value":515,"marks":516,"data":518},"ClickFix",[517],{"type":245},{},{"nodeType":248,"data":520,"content":521},{},[522,525,532],{"nodeType":241,"value":29,"marks":523,"data":524},[],{},{"nodeType":284,"data":526,"content":528},{"uri":527},"https://pushsecurity.com/solution/stop-browser-based-attacks/clickfix-fix-variants",[529],{"nodeType":241,"value":515,"marks":530,"data":531},[],{},{"nodeType":241,"value":533,"marks":534,"data":535}," takes a different approach: the lure tricks the user into copying a malicious payload to their clipboard and running it themselves, framed as a verification step or a fix for a page that won't load. It's social engineering dressed up as a CAPTCHA. Unlike the attacks above, ClickFix is a hybrid — the delivery and lure happen in the browser, but the payload executes on the endpoint. That split is important when we get to how the detection layers divide.",[],{},{"nodeType":248,"data":537,"content":538},{},[539],{"nodeType":241,"value":540,"marks":541,"data":542},"The attacks look different on the surface, but the design principle is the same: stay out of the OS, stay inside the browser, and stay invisible to every tool that's watching the endpoint.",[],{},{"nodeType":248,"data":544,"content":545},{},[546,550,558,562,570],{"nodeType":241,"value":547,"marks":548,"data":549},"Once access to an app is established via a compromised identity, attackers can also achieve their goals without touching the endpoint. Most of the time, this involves data theft and extortion, but adversaries like ",[],{},{"nodeType":284,"data":551,"content":553},{"uri":552},"https://pushsecurity.com/blog/analyzing-the-instructure-breach/",[554],{"nodeType":241,"value":555,"marks":556,"data":557},"ShinyHunters",[],{},{"nodeType":241,"value":559,"marks":560,"data":561}," and ",[],{},{"nodeType":284,"data":563,"content":565},{"uri":564},"https://pushsecurity.com/blog/scattered-lapsus-hunters/",[566],{"nodeType":241,"value":567,"marks":568,"data":569},"Scattered Spider",[],{},{"nodeType":241,"value":571,"marks":572,"data":573}," are also experts in cloud-based disruption and destruction techniques — with no ransomware binary dropped to user endpoints for an EDR agent to intercept. ",[],{},{"nodeType":361,"data":575,"content":579},{"target":576},{"sys":577},{"id":578,"type":366,"linkType":367},"4eZcjfuT34oQoKIZAsZCr4",[],{"nodeType":318,"data":581,"content":582},{},[],{"nodeType":237,"data":584,"content":585},{},[586],{"nodeType":241,"value":587,"marks":588,"data":590},"The EDR you're using doesn't change the result",[589],{"type":245},{},{"nodeType":248,"data":592,"content":593},{},[594],{"nodeType":241,"value":595,"marks":596,"data":597},"The constraint isn't vendor-specific. Every EDR's observation model stops at the OS layer because that's where the agent sits. What happens inside a browser session is outside that model by design. A better EDR doesn't close the gap; a different layer does.",[],{},{"nodeType":435,"data":599,"content":600},{},[601],{"nodeType":241,"value":602,"marks":603,"data":605},"Reputation-based filtering falls short too",[604],{"type":245},{},{"nodeType":248,"data":607,"content":608},{},[609,613,621,625,633],{"nodeType":241,"value":610,"marks":611,"data":612},"Some platforms add URL filtering or domain reputation checks at the browser boundary, and that narrows the surface somewhat. But reputation-based filtering hits the same wall against PhaaS infrastructure engineered to rotate domains before reputation databases catch up. ",[],{},{"nodeType":284,"data":614,"content":616},{"uri":615},"https://www.spamhaus.com/resource-center/supporting-researchers-with-passive-dns/",[617],{"nodeType":241,"value":618,"marks":619,"data":620},"89% of phishing domains are active for fewer than two days",[],{},{"nodeType":241,"value":622,"marks":623,"data":624},". A reputation engine can't flag infrastructure it hasn't seen, and ",[],{},{"nodeType":284,"data":626,"content":628},{"uri":627},"https://pushsecurity.com/blog/phishing-detection-evasion-launch/",[629],{"nodeType":241,"value":630,"marks":631,"data":632},"modern phishing operations",[],{},{"nodeType":241,"value":634,"marks":635,"data":636}," are designed around that window.",[],{},{"nodeType":435,"data":638,"content":639},{},[640],{"nodeType":241,"value":641,"marks":642,"data":644},"Some vendors recognize the problem",[643],{"type":245},{},{"nodeType":248,"data":646,"content":647},{},[648],{"nodeType":241,"value":649,"marks":650,"data":651},"The market has started to acknowledge this. CrowdStrike's acquisition of Seraphic is a direct signal that endpoint vendors see the browser gap and want to close it, and it validates what we've been building here at Push since day one. That's a good thing for defenders — the more coverage at this layer, the better.",[],{},{"nodeType":248,"data":653,"content":654},{},[655],{"nodeType":241,"value":656,"marks":657,"data":658},"But endpoint vendors see the world through the endpoint. Their platforms, their telemetry models, and their detection logic are all structured around what happens at the OS layer. When they acquire browser capability, it gets pulled into that orbit. Seraphic was built to detect browser exploits by injecting into the browser's JavaScript runtime from the OS. ",[],{},{"nodeType":435,"data":660,"content":661},{},[662],{"nodeType":241,"value":663,"marks":664,"data":666},"Attacks in vs. on the browser: why this distinction matters",[665],{"type":245},{},{"nodeType":248,"data":668,"content":669},{},[670,674,682,686,692,696,704],{"nodeType":241,"value":671,"marks":672,"data":673},"In other words, ",[],{},{"nodeType":284,"data":675,"content":677},{"uri":676},"https://pushsecurity.com/blog/how-to-avoid-the-browser-security-buyers-trap/",[678],{"nodeType":241,"value":679,"marks":680,"data":681},"their focus is on attacks on the browser itself",[],{},{"nodeType":241,"value":683,"marks":684,"data":685},", rather than those happening ",[],{},{"nodeType":241,"value":687,"marks":688,"data":691},"inside",[689],{"type":690},"italic",{},{"nodeType":241,"value":693,"marks":694,"data":695}," the browser session. That's a meaningful capability, but it's a different problem from detecting the identity attacks that dominate the threat landscape today — AiTM phishing, session hijacking, OAuth consent abuse, ClickFix — where the attacker never triggers an exploit and the browser works exactly as designed. We've written in detail aboutwhy that ",[],{},{"nodeType":284,"data":697,"content":698},{"uri":676},[699],{"nodeType":241,"value":700,"marks":701,"data":703},"architectural distinction matters",[702],{"type":292},{},{"nodeType":241,"value":705,"marks":706,"data":707}," for buyers evaluating the category.",[],{},{"nodeType":361,"data":709,"content":713},{"target":710},{"sys":711},{"id":712,"type":366,"linkType":367},"37815BxUTO55avL4molrA5",[],{"nodeType":318,"data":715,"content":716},{},[],{"nodeType":237,"data":718,"content":719},{},[720],{"nodeType":241,"value":721,"marks":722,"data":724},"What browser-native detection actually looks like",[723],{"type":245},{},{"nodeType":248,"data":726,"content":727},{},[728],{"nodeType":241,"value":729,"marks":730,"data":731},"Network tools and reputation engines see where a user went and whether the destination had a known-bad reputation. What they can't see is what happened on the page once the user got there — whether the login form was real or a proxied clone, whether a session token was issued and where it went next.",[],{},{"nodeType":435,"data":733,"content":734},{},[735],{"nodeType":241,"value":736,"marks":737,"data":739},"Why network-layer detection can't keep up",[738],{"type":245},{},{"nodeType":248,"data":741,"content":742},{},[743],{"nodeType":241,"value":744,"marks":745,"data":746},"At the network layer, a brand-new domain hosting a pixel-perfect Microsoft login page is indistinguishable from the real thing. There's no signal to act on — the domain is in good standing, the TLS cert is valid, and the traffic looks normal.",[],{},{"nodeType":248,"data":748,"content":749},{},[750],{"nodeType":241,"value":751,"marks":752,"data":753},"But it's not as simple as looking at the page itself. The phishing pages attackers are building now don't look like the clone-and-paste jobs of a few years ago. Attackers are vibe-coding imitations where the AI has constructed the page from scratch — visually identical to the real login page, but with a completely different underlying structure. They look the same to the user and to any tool doing a surface-level comparison. You need to understand how credential-harvesting mechanics actually work, how authentication relay is structured, and what behavioral fingerprints phishing kits leave behind regardless of how the page was built.",[],{},{"nodeType":435,"data":755,"content":756},{},[757],{"nodeType":241,"value":758,"marks":759,"data":761},"How Push detects what others miss",[760],{"type":245},{},{"nodeType":248,"data":763,"content":764},{},[765],{"nodeType":241,"value":766,"marks":767,"data":768},"That's where Push's visibility and expertise intersect. Running inside the browser, Push sees DOM structure, script behavior, how credential forms are constructed, and how authentication is being relayed. Phishing attacks leave consistent behavioral fingerprints at this level regardless of what domain they're hosted on, which kit family they belong to, or whether the page was hand-coded or vibe-coded in minutes. Push catches attacks built on infrastructure that's never appeared on any blocklist, because it isn't looking at the infrastructure. It's looking at what the page is doing.",[],{},{"nodeType":435,"data":770,"content":771},{},[772],{"nodeType":241,"value":773,"marks":774,"data":776},"Where the detection layers divide",[775],{"type":245},{},{"nodeType":248,"data":778,"content":779},{},[780],{"nodeType":241,"value":781,"marks":782,"data":783},"ClickFix illustrates how the layers split. Push identifies the page behavior delivering the lure and analyzes the clipboard payload before the user runs it — two detection points, both inside the browser, both before anything reaches the endpoint. EDR's window opens after execution. Push and EDR are watching the same attack from opposite ends of the kill chain.",[],{},{"nodeType":435,"data":785,"content":786},{},[787],{"nodeType":241,"value":788,"marks":789,"data":791},"Keeping pace with AI-accelerated attacks",[790],{"type":245},{},{"nodeType":248,"data":793,"content":794},{},[795],{"nodeType":241,"value":796,"marks":797,"data":798},"That detection model has to keep pace with an attack surface that's evolving at machine speed. Attackers are using AI to vibe-code phishing kits, generate convincing cloned pages, and rotate infrastructure faster than any human team can track.",[],{},{"nodeType":248,"data":800,"content":801},{},[802,806,814,818,823],{"nodeType":241,"value":803,"marks":804,"data":805},"Push matches that pace with an ",[],{},{"nodeType":284,"data":807,"content":809},{"uri":808},"https://pushsecurity.com/blog/can-ai-replace-a-threat-researcher-what-we-learned-building-an-agentic-threat-hunting-pipeline/",[810],{"nodeType":241,"value":811,"marks":812,"data":813},"agentic threat hunting pipeline",[],{},{"nodeType":241,"value":815,"marks":816,"data":817},": autonomous agents hunt continuously across browser telemetry from over ",[],{},{"nodeType":241,"value":819,"marks":820,"data":822},"3 million browsers worldwide",[821],{"type":245},{},{"nodeType":241,"value":824,"marks":825,"data":826},", develop hypotheses, analyze traces, and write detection rules without waiting for human initiation. Push's in-house threat researchers feed the agents the context they need — years of accumulated knowledge about how browser-based attacks actually work. The agents operationalize that expertise at a scale and speed no human team could sustain alone.",[],{},{"nodeType":361,"data":828,"content":832},{"target":829},{"sys":830},{"id":831,"type":366,"linkType":367},"27crXZtdoKOl08wDzLFnBO",[],{"nodeType":318,"data":834,"content":835},{},[],{"nodeType":237,"data":837,"content":838},{},[839],{"nodeType":241,"value":840,"marks":841,"data":843},"Two layers that fit together",[842],{"type":245},{},{"nodeType":248,"data":845,"content":846},{},[847],{"nodeType":241,"value":848,"marks":849,"data":850},"Browser detection and endpoint detection cover different surfaces. Together they close the gap.",[],{},{"nodeType":435,"data":852,"content":853},{},[854],{"nodeType":241,"value":855,"marks":856,"data":858},"Response at the speed of the attack",[857],{"type":245},{},{"nodeType":248,"data":860,"content":861},{},[862],{"nodeType":241,"value":863,"marks":864,"data":865},"Push doesn't just detect — the detection comes with response built in. Phishing pages are blocked before credentials are submitted. Malicious clipboard payloads are intercepted before the user can run them. Suspicious OAuth consent grants are flagged or blocked in real time, before the authorization completes. These aren't after-the-fact alerts that require an analyst to act; they're inline controls that operate at the speed of the attack.",[],{},{"nodeType":248,"data":867,"content":868},{},[869],{"nodeType":241,"value":870,"marks":871,"data":872},"For purely browser-based attacks like AiTM phishing, device code phishing, and OAuth consent abuse, Push is both the detection and the response layer. For ClickFix, the coverage divides: Push catches the delivery and the clipboard payload, and if the user runs it and something lands on the OS, EDR picks up what happens next.",[],{},{"nodeType":435,"data":874,"content":875},{},[876],{"nodeType":241,"value":877,"marks":878,"data":880},"The telemetry bridge",[879],{"type":245},{},{"nodeType":248,"data":882,"content":883},{},[884],{"nodeType":241,"value":885,"marks":886,"data":887},"The integration with endpoint tooling is straightforward. Push feeds browser telemetry into the same SIEM and XDR workflows endpoint data already flows into.",[],{},{"nodeType":248,"data":889,"content":890},{},[891],{"nodeType":241,"value":892,"marks":893,"data":894},"EDR tells you what happened on the host. Push tells you what happened in the session before the host was involved — which login page loaded, how it behaved, whether a session token left the organization. That's the causal link most investigation timelines are missing: the bridge between \"a user visited a URL\" and \"credentials were submitted to a phishing page that proxied authentication and captured the session token.\"",[],{},{"nodeType":248,"data":896,"content":897},{},[898],{"nodeType":241,"value":899,"marks":900,"data":901},"Without browser-layer telemetry, that chain of events is invisible — the EDR sees normal endpoint processes and the SIEM sees a successful login. An alert from either layer is more useful with context from the other, and the range of problems you can solve from inside the browser extends well beyond threat detection.",[],{},{"nodeType":435,"data":903,"content":904},{},[905],{"nodeType":241,"value":906,"marks":907,"data":909},"Deployment without disruption",[908],{"type":245},{},{"nodeType":248,"data":911,"content":912},{},[913],{"nodeType":241,"value":914,"marks":915,"data":916},"Operationally, adding the browser layer doesn't mean adding complexity. Push deploys as a browser extension — no network changes, no TLS inspection, no browser replacement, and no impact on page load times or browsing performance.",[],{},{"nodeType":248,"data":918,"content":919},{},[920],{"nodeType":241,"value":921,"marks":922,"data":923},"Unlike approaches that route traffic through a proxy or render pages remotely, Push operates natively inside the browser session, which means there's no latency penalty and no disruption to how employees work. ",[],{},{"nodeType":361,"data":925,"content":929},{"target":926},{"sys":927},{"id":928,"type":366,"linkType":367},"3w1g0UvGN28HBOTxeZlIfc",[],{"nodeType":318,"data":931,"content":932},{},[],{"nodeType":237,"data":934,"content":935},{},[936],{"nodeType":241,"value":937,"marks":938,"data":940},"A quick check on your coverage",[939],{"type":245},{},{"nodeType":248,"data":942,"content":943},{},[944],{"nodeType":241,"value":945,"marks":946,"data":947},"If you're running EDR and assume the browser is covered, these are worth thinking through. ",[],{},{"nodeType":949,"data":950,"content":951},"unordered-list",{},[952,975,997,1007],{"nodeType":953,"data":954,"content":955},"list-item",{},[956],{"nodeType":248,"data":957,"content":958},{},[959,963,971],{"nodeType":241,"value":960,"marks":961,"data":962},"Can you identify which browser extensions across your fleet have the ",[],{},{"nodeType":284,"data":964,"content":966},{"uri":965},"https://pushsecurity.com/blog/why-browser-extension-risk-scoring-wont-predict-your-next-breach/",[967],{"nodeType":241,"value":968,"marks":969,"data":970},"permissions needed for account takeover",[],{},{"nodeType":241,"value":972,"marks":973,"data":974},"? ",[],{},{"nodeType":953,"data":976,"content":977},{},[978],{"nodeType":248,"data":979,"content":980},{},[981,985,993],{"nodeType":241,"value":982,"marks":983,"data":984},"Would anything stop a ",[],{},{"nodeType":284,"data":986,"content":988},{"uri":987},"https://pushsecurity.com/blog/introducing-malicious-copy-paste-detection/",[989],{"nodeType":241,"value":990,"marks":991,"data":992},"ClickFix payload",[],{},{"nodeType":241,"value":994,"marks":995,"data":996}," before your user ran it? ",[],{},{"nodeType":953,"data":998,"content":999},{},[1000],{"nodeType":248,"data":1001,"content":1002},{},[1003],{"nodeType":241,"value":1004,"marks":1005,"data":1006},"Do you have visibility into every account your employees have created outside of SSO, and whether those accounts are protected by MFA or using weak, breached, or reused passwords? ",[],{},{"nodeType":953,"data":1008,"content":1009},{},[1010],{"nodeType":248,"data":1011,"content":1012},{},[1013],{"nodeType":241,"value":1014,"marks":1015,"data":1016},"When a session token gets stolen, do you have any signal when the attacker starts using it?",[],{},{"nodeType":248,"data":1018,"content":1019},{},[1020],{"nodeType":241,"value":1021,"marks":1022,"data":1024},"Push surfaces answers to all of them — across every browser session.",[1023],{"type":245},{},{"nodeType":248,"data":1026,"content":1027},{},[1028,1032,1041],{"nodeType":241,"value":1029,"marks":1030,"data":1031},"Defenders secured the endpoint. Attackers took note, and they've had the browser to themselves ever since. The attacker tooling that followed was built for an environment where the endpoint is watched and the session layer isn't. That's been a reasonable assumption for the better part of a decade. Endpoint vendors are starting to move toward the browser, but there's a case for ",[],{},{"nodeType":284,"data":1033,"content":1035},{"uri":1034},"https://pushsecurity.com/blog/the-case-for-best-of-breed-browser-security/",[1036],{"nodeType":241,"value":1037,"marks":1038,"data":1040},"purpose-built browser security",[1039],{"type":292},{},{"nodeType":241,"value":1042,"marks":1043,"data":1044}," rather than bolted-on features from platforms designed for a different layer. The endpoint is covered. The browser is where the work is now.",[],{},{"nodeType":318,"data":1046,"content":1047},{},[],{"nodeType":248,"data":1049,"content":1050},{},[1051,1055,1063],{"nodeType":241,"value":1052,"marks":1053,"data":1054},"Push Security is the most powerful AI-native security tool in the browser. Think EDR, but for the browser — high-fidelity telemetry and real-time control across every session, on every device, with no browser migration required. ",[],{},{"nodeType":284,"data":1056,"content":1058},{"uri":1057},"https://pushsecurity.com/book-demo/",[1059],{"nodeType":241,"value":1060,"marks":1061,"data":1062},"Book a live demo to learn more",[],{},{"nodeType":241,"value":1064,"marks":1065,"data":1066},".",[],{},{"entries":1068},{"hyperlink":1069,"inline":1070,"block":1071},[],[],[1072,1081,1089,1109,1135],{"sys":1073,"__typename":1074,"title":1075,"caption":1076,"layoutMode":62,"file":1077},{"id":365},"Image","Pyramid of Pain for internet-based attacks","The Pyramid of Pain reworked for internet-based attacks.",{"url":1078,"width":1079,"height":1080},"https://images.ctfassets.net/y1cdw1ablpvd/2KJMvUn55yStIIB5jIcy0n/c64a1d128567ed1189821b8160f81fe7/image6.png",1999,1149,{"sys":1082,"__typename":1083,"type":1084,"ctaText":1085,"buttonLabel":1086,"buttonColour":1087,"buttonUrl":1088},{"id":578},"CtaWidget","Custom","Read our browser attack techniques report for more information on these attack techniques and how attackers are leveraging them in browser-native breaches that don't touch the endpoint detection surface.","Download now (no gates!)","sunny orange","https://pushsecurity.com/thank-you/browser-attacks-report",{"sys":1090,"__typename":1091,"content":1092,"name":1108,"title":62},{"id":712},"InsightTextBlockComponent",{"json":1093},{"nodeType":233,"data":1094,"content":1095},{},[1096],{"nodeType":248,"data":1097,"content":1098},{},[1099,1103],{"nodeType":241,"value":1100,"marks":1101,"data":1102},"Push was built for the browser from the start, for exactly these attacks. The detection engine runs inside the session. The response actions operate at the session layer, blocking phishing pages, intercepting malicious clipboard payloads, and warning on suspicious OAuth consent grants, because that's where the attack is happening. ",[],{},{"nodeType":241,"value":1104,"marks":1105,"data":1107},"That's not a philosophical matter. It determines what you can catch and how fast you can stop it.",[1106],{"type":245},{},"EDR blog IB1",{"sys":1110,"__typename":1091,"content":1111,"name":1134,"title":62},{"id":831},{"json":1112},{"nodeType":233,"data":1113,"content":1114},{},[1115],{"nodeType":248,"data":1116,"content":1117},{},[1118,1122,1130],{"nodeType":241,"value":1119,"marks":1120,"data":1121},"Since deploying the pipeline, we've 3x'ed our detection output (but with ",[],{},{"nodeType":284,"data":1123,"content":1125},{"uri":1124},"https://pushsecurity.com/blog/the-pyramid-of-pain-in-the-ai-era/",[1126],{"nodeType":241,"value":1127,"marks":1128,"data":1129},"broad technique-level detections, not just IoC noise",[],{},{"nodeType":241,"value":1131,"marks":1132,"data":1133},"). New detections move from discovery to customer protection in minutes rather than the days or weeks a manual process required.",[],{},"EDR blog IB2",{"sys":1136,"__typename":1091,"content":1137,"name":1148,"title":62},{"id":928},{"json":1138},{"nodeType":233,"data":1139,"content":1140},{},[1141],{"nodeType":248,"data":1142,"content":1143},{},[1144],{"nodeType":241,"value":1145,"marks":1146,"data":1147},"Push has been deployed to 100,000 users in under an hour during normal business hours with zero downtime, and it sits alongside whatever endpoint and network tooling is already in place.",[],{},"EDR blog IB3","json",{},"How attackers get around endpoint security controls like EDR","2026-06-02T00:00:00.000Z",{"items":1154},[1155,2103,2636],{"__typename":1156,"sys":1157,"publishedDate":1152,"content":1159,"title":2083,"synopsis":2084,"hashTags":62,"slug":2085,"tagsCollection":2086,"authorsCollection":2096},"BlogPosts",{"id":1158},"I5SoVIYsYVgutpLIzZRpC",{"json":1160},{"nodeType":233,"data":1161,"content":1162},{},[1163,1170,1177,1198,1205,1212,1215,1223,1230,1237,1260,1267,1274,1280,1283,1291,1298,1304,1311,1319,1351,1370,1376,1384,1391,1397,1417,1425,1432,1464,1470,1485,1488,1496,1503,1509,1525,1532,1539,1551,1571,1578,1585,1593,1600,1620,1626,1633,1639,1645,1648,1656,1663,1670,1733,1740,1747,1754,1761,1777,1784,1791,1798,1805,1812,1819,1826,1833,1840,1847,1854,1861,1868,1871,1879,1886,1898,1905,1912,1919,1926,2049,2055,2061,2064],{"nodeType":248,"data":1164,"content":1165},{},[1166],{"nodeType":241,"value":1167,"marks":1168,"data":1169},"When is a fork not a fork? When it's a browser security platform built to solve both problems of the AI era.",[],{},{"nodeType":248,"data":1171,"content":1172},{},[1173],{"nodeType":241,"value":1174,"marks":1175,"data":1176},"Many security leaders are rightly worried about two big problems in the age of AI: AI-enabled attacks targeting their employees via the browser; and employees introducing the risk of data loss through their use of AI tools.",[],{},{"nodeType":248,"data":1178,"content":1179},{},[1180,1185,1189,1194],{"nodeType":241,"value":1181,"marks":1182,"data":1184},"For security teams researching browser-based solutions to these challenges, the decision at first looks like a fork in the road: ",[1183],{"type":245},{},{"nodeType":241,"value":1186,"marks":1187,"data":1188},"Choose a solution that's purpose-built to detect and respond to modern browser-based attacks like AI-enabled phish kits, ClickFix and other *Fix-style attacks, malicious browser extensions, device code phishing, and others; ",[],{},{"nodeType":241,"value":1190,"marks":1191,"data":1193},"or",[1192],{"type":690},{},{"nodeType":241,"value":1195,"marks":1196,"data":1197}," select an AI governance tool to enforce sensible policies for sensitive data in the browser.",[],{},{"nodeType":248,"data":1199,"content":1200},{},[1201],{"nodeType":241,"value":1202,"marks":1203,"data":1204},"Push solves both of these problems. One platform, one SKU.",[],{},{"nodeType":248,"data":1206,"content":1207},{},[1208],{"nodeType":241,"value":1209,"marks":1210,"data":1211},"In this article, we'll take a look at the two big AI security and data governance problems that security teams are facing and outline how Push solves them in a single solution. We’ll cover what questions to ask as you evaluate browser security solutions, and describe Push's focus on providing foundational telemetry, detections, and controls that allow you to answer the question “What actually happened here?” not just “What policy was violated?”",[],{},{"nodeType":318,"data":1213,"content":1214},{},[],{"nodeType":237,"data":1216,"content":1217},{},[1218],{"nodeType":241,"value":1219,"marks":1220,"data":1222},"The AI risks every security team is now responsible for",[1221],{"type":245},{},{"nodeType":248,"data":1224,"content":1225},{},[1226],{"nodeType":241,"value":1227,"marks":1228,"data":1229},"AI is an amplifier, for adversaries and for your employees. Whatever they could do before, they can now do faster, more powerfully, and at scale.",[],{},{"nodeType":248,"data":1231,"content":1232},{},[1233],{"nodeType":241,"value":1234,"marks":1235,"data":1236},"The two risks that every security team now must manage: ",[],{},{"nodeType":949,"data":1238,"content":1239},{},[1240,1250],{"nodeType":953,"data":1241,"content":1242},{},[1243],{"nodeType":248,"data":1244,"content":1245},{},[1246],{"nodeType":241,"value":1247,"marks":1248,"data":1249},"AI is making browser-based attacks faster, cheaper, and harder to detect.",[],{},{"nodeType":953,"data":1251,"content":1252},{},[1253],{"nodeType":248,"data":1254,"content":1255},{},[1256],{"nodeType":241,"value":1257,"marks":1258,"data":1259},"Employee AI adoption is creating data exposure faster than security teams can respond.",[],{},{"nodeType":248,"data":1261,"content":1262},{},[1263],{"nodeType":241,"value":1264,"marks":1265,"data":1266},"Both of these challenges intersect in the same place: The browser. It's the place where adversaries target employees with modern attacks designed to accomplish account takeover and data exfiltration. It's also the place where workers discover and use new AI-enabled apps and introduce risk into the business in the form of data loss, shadow apps, risky browser extensions, and shadow integrations.",[],{},{"nodeType":248,"data":1268,"content":1269},{},[1270],{"nodeType":241,"value":1271,"marks":1272,"data":1273},"To address both problems, security teams need visibility and control in the browser.",[],{},{"nodeType":361,"data":1275,"content":1279},{"target":1276},{"sys":1277},{"id":1278,"type":366,"linkType":367},"1U2Hmn4XrFpdcxyjxY3aCc",[],{"nodeType":318,"data":1281,"content":1282},{},[],{"nodeType":237,"data":1284,"content":1285},{},[1286],{"nodeType":241,"value":1287,"marks":1288,"data":1290},"How AI is transforming attacks",[1289],{"type":245},{},{"nodeType":248,"data":1292,"content":1293},{},[1294],{"nodeType":241,"value":1295,"marks":1296,"data":1297},"On the adversary side of the equation, adversaries are using AI tooling to rapidly iterate on new attack types or new iterations of existing browser-based TTPs that target employees to achieve account or endpoint compromise — usually with the end goal of harvesting valuable corporate identities in order to exfiltrate data or hold it for ransom.",[],{},{"nodeType":361,"data":1299,"content":1303},{"target":1300},{"sys":1301},{"id":1302,"type":366,"linkType":367},"G8xv1seFz1wJnY5HpfV6z",[],{"nodeType":248,"data":1305,"content":1306},{},[1307],{"nodeType":241,"value":1308,"marks":1309,"data":1310},"AI is changing attacks in three key ways.",[],{},{"nodeType":435,"data":1312,"content":1313},{},[1314],{"nodeType":241,"value":1315,"marks":1316,"data":1318},"AI has supercharged the iteration and evolution of adversary tools and techniques",[1317],{"type":245},{},{"nodeType":248,"data":1320,"content":1321},{},[1322,1326,1335,1339,1347],{"nodeType":241,"value":1323,"marks":1324,"data":1325},"Attackers are using the same AI capabilities as any other engineer who wants to multiply their output. That translates to an array of new attack techniques: multiple increasingly sophisticated variations of the ",[],{},{"nodeType":284,"data":1327,"content":1329},{"uri":1328},"https://pushsecurity.com/blog/consentfix-v3-analyzing-a-new-toolkit/",[1330],{"nodeType":241,"value":1331,"marks":1332,"data":1334},"ClickFix-style attacks",[1333],{"type":292},{},{"nodeType":241,"value":1336,"marks":1337,"data":1338}," that use social engineering techniques to get users to unknowingly install malware via malicious scripts; as well as creative ",[],{},{"nodeType":284,"data":1340,"content":1341},{"uri":502},[1342],{"nodeType":241,"value":1343,"marks":1344,"data":1346},"exploitation of device codes",[1345],{"type":292},{},{"nodeType":241,"value":1348,"marks":1349,"data":1350},", a legitimate authentication mechanism, that allows attackers to phish access post-authentication.",[],{},{"nodeType":248,"data":1352,"content":1353},{},[1354,1358,1366],{"nodeType":241,"value":1355,"marks":1356,"data":1357},"Device code phishing in particular demonstrates the rapid growth of new techniques, with early documented appearances of the TTP occurring in 2024, and by early the next year, the method had been packaged as a PhaaS offering with GPT-enhanced spear-phishing and customized landing pages. The ",[],{},{"nodeType":284,"data":1359,"content":1361},{"uri":1360},"https://www.huntress.com/blog/device-code-phishing-ai-mfa-bypass",[1362],{"nodeType":241,"value":1363,"marks":1364,"data":1365},"campaign",[],{},{"nodeType":241,"value":1367,"marks":1368,"data":1369}," targeted more than 340 organizations across five countries in March 2026, using personalized AI-generated lures at a scale that would have been impractical to produce manually.",[],{},{"nodeType":361,"data":1371,"content":1375},{"target":1372},{"sys":1373},{"id":1374,"type":366,"linkType":367},"eNUpU2GtGOcXRrHBKHnLN",[],{"nodeType":435,"data":1377,"content":1378},{},[1379],{"nodeType":241,"value":1380,"marks":1381,"data":1383},"Infrastructure-based detections are increasingly degraded by AI-enabled approaches",[1382],{"type":245},{},{"nodeType":248,"data":1385,"content":1386},{},[1387],{"nodeType":241,"value":1388,"marks":1389,"data":1390},"AI has also collapsed the cost and time it takes to build convincing phishing infrastructure: Attackers can vibecode a convincing phishing page in minutes, burn the domain, and regenerate another one before any blocklist updates. ",[],{},{"nodeType":361,"data":1392,"content":1396},{"target":1393},{"sys":1394},{"id":1395,"type":366,"linkType":367},"2obvOhMWjy64h94tEIbx04",[],{"nodeType":248,"data":1398,"content":1399},{},[1400,1404,1413],{"nodeType":241,"value":1401,"marks":1402,"data":1403},"The impact on IOC-based detections that rely on infrastructure elements is severe: When elements constantly change, every phishing attack is essentially a zero-day. Complicating the picture further is the increasing use of legitimate cloud platforms like ",[],{},{"nodeType":284,"data":1405,"content":1407},{"uri":1406},"https://www.huntress.com/blog/railway-paas-m365-token-replay-campaign",[1408],{"nodeType":241,"value":1409,"marks":1410,"data":1412},"Railway",[1411],{"type":292},{},{"nodeType":241,"value":1414,"marks":1415,"data":1416},", Cloudflare Workers, and Vercel, which attackers use to host and dynamically rotate attack infrastructure.",[],{},{"nodeType":435,"data":1418,"content":1419},{},[1420],{"nodeType":241,"value":1421,"marks":1422,"data":1424},"AI is making it easier to build and run omni-channel campaigns",[1423],{"type":245},{},{"nodeType":248,"data":1426,"content":1427},{},[1428],{"nodeType":241,"value":1429,"marks":1430,"data":1431},"Push researchers have written extensively over the last year about malvertising campaigns that serve malicious pages to users via search engine results, enticing them to visit sites designed to steal credentials or deliver malware. ",[],{},{"nodeType":248,"data":1433,"content":1434},{},[1435,1439,1448,1452,1460],{"nodeType":241,"value":1436,"marks":1437,"data":1438},"We've tracked ",[],{},{"nodeType":284,"data":1440,"content":1442},{"uri":1441},"https://pushsecurity.com/blog/cyber-criminal-ecosystem-analysis/",[1443],{"nodeType":241,"value":1444,"marks":1445,"data":1447},"sustained campaigns",[1446],{"type":292},{},{"nodeType":241,"value":1449,"marks":1450,"data":1451}," impersonating Onfido, TradingView, Ahrefs, Semrush, and others. These campaigns are part of a self-reinforcing criminal ecosystem: Malvertising campaigns paid for by stolen ad accounts, with credential theft that funds the next round of credential theft. And the recent ",[],{},{"nodeType":284,"data":1453,"content":1455},{"uri":1454},"https://pushsecurity.com/blog/llmshare-malvertising-campaign/",[1456],{"nodeType":241,"value":1457,"marks":1458,"data":1459},"LLMShare",[],{},{"nodeType":241,"value":1461,"marks":1462,"data":1463}," campaign identified by Push shows how attackers are combining their abuse of AI tools of AI-assisted phishing page creation with malvertising, helping them to spin up lookalike pages quickly and cheaply to serve as convincing lures.",[],{},{"nodeType":361,"data":1465,"content":1469},{"target":1466},{"sys":1467},{"id":1468,"type":366,"linkType":367},"2Gwj25KBjClQ5u8uiEYuYR",[],{"nodeType":248,"data":1471,"content":1472},{},[1473,1477,1482],{"nodeType":241,"value":1474,"marks":1475,"data":1476},"These are just a few examples of how phishing has moved beyond the inbox, targeting users through malvertising, SEO poisoning, and social media DMs. Over the last year, Push researchers found that ",[],{},{"nodeType":241,"value":1478,"marks":1479,"data":1481},"1 in 3 payloads intercepted by the platform were sent outside of email",[1480],{"type":245},{},{"nodeType":241,"value":1064,"marks":1483,"data":1484},[],{},{"nodeType":318,"data":1486,"content":1487},{},[],{"nodeType":237,"data":1489,"content":1490},{},[1491],{"nodeType":241,"value":1492,"marks":1493,"data":1495},"How AI is creating risky employee behaviors ",[1494],{"type":245},{},{"nodeType":248,"data":1497,"content":1498},{},[1499],{"nodeType":241,"value":1500,"marks":1501,"data":1502},"Meanwhile, on the employee side of the equation, there are three other key concerns that security teams should be paying attention to when it comes to the risks associated with AI use.",[],{},{"nodeType":361,"data":1504,"content":1508},{"target":1505},{"sys":1506},{"id":1507,"type":366,"linkType":367},"2hsKQ9DEspflhmtR0bE7QY",[],{"nodeType":435,"data":1510,"content":1511},{},[1512,1517,1520],{"nodeType":241,"value":1513,"marks":1514,"data":1516},"Data leaving the business via shadow AI",[1515],{"type":245},{},{"nodeType":241,"value":348,"marks":1518,"data":1519},[],{},{"nodeType":241,"value":1521,"marks":1522,"data":1524},"and AI extensions",[1523],{"type":245},{},{"nodeType":248,"data":1526,"content":1527},{},[1528],{"nodeType":241,"value":1529,"marks":1530,"data":1531},"Employees are signing up to AI tools directly, beyond the bounds of procurement or security review. That means security teams can't see sensitive data going into LLMs — clipboard pastes of API keys, file uploads to coding assistants, customer data in uploaded spreadsheets, etc.",[],{},{"nodeType":248,"data":1533,"content":1534},{},[1535],{"nodeType":241,"value":1536,"marks":1537,"data":1538},"Most teams also don't have visibility of AI browser extensions, another avenue for data to leave the business. Extensions are also an attack surface in their own right, as previously benign extensions can be compromised by threat actors through account takeover of the extension developer.",[],{},{"nodeType":435,"data":1540,"content":1541},{},[1542,1547],{"nodeType":241,"value":1543,"marks":1544,"data":1546},"Employees using personal accounts on corporate AI app tenants",[1545],{"type":245},{},{"nodeType":241,"value":1548,"marks":1549,"data":1550}," ",[],{},{"nodeType":248,"data":1552,"content":1553},{},[1554,1558,1567],{"nodeType":241,"value":1555,"marks":1556,"data":1557},"The 2026 ",[],{},{"nodeType":284,"data":1559,"content":1561},{"uri":1560},"https://www.verizon.com/business/resources/reports/dbir/",[1562],{"nodeType":241,"value":1563,"marks":1564,"data":1566},"Verizon DBIR",[1565],{"type":292},{},{"nodeType":241,"value":1568,"marks":1569,"data":1570}," found that 67% of GenAI users on corporate devices are using non-corporate accounts, and our own data shows that 38% of file uploads to AI tools are made from shadow accounts rather than approved organizational ones.",[],{},{"nodeType":248,"data":1572,"content":1573},{},[1574],{"nodeType":241,"value":1575,"marks":1576,"data":1577},"That means a large number of employees in most organizations are using AI apps with personal accounts, outside of organizational data governance, retention policies, access controls, or basic security oversight. ",[],{},{"nodeType":248,"data":1579,"content":1580},{},[1581],{"nodeType":241,"value":1582,"marks":1583,"data":1584},"The compounding risk is that personal accounts are typically protected by weaker passwords, inconsistent MFA, and credential reuse from other personal services — meaning a compromise of the personal account could give an attacker access to corporate data and tools.",[],{},{"nodeType":435,"data":1586,"content":1587},{},[1588],{"nodeType":241,"value":1589,"marks":1590,"data":1592},"Shadow integrations between AI tools and corporate systems",[1591],{"type":245},{},{"nodeType":248,"data":1594,"content":1595},{},[1596],{"nodeType":241,"value":1597,"marks":1598,"data":1599},"App-to-app connections accomplished through OAuth are also proliferating faster than most teams can observe and review them. For the average organization, Push sees 17 unique AI app OAuth integrations connected just to Microsoft and Google corporate tenants.",[],{},{"nodeType":248,"data":1601,"content":1602},{},[1603,1607,1616],{"nodeType":241,"value":1604,"marks":1605,"data":1606},"The ",[],{},{"nodeType":284,"data":1608,"content":1610},{"uri":1609},"https://pushsecurity.com/blog/unpacking-the-vercel-breach/",[1611],{"nodeType":241,"value":1612,"marks":1613,"data":1615},"recent Vercel breach",[1614],{"type":292},{},{"nodeType":241,"value":1617,"marks":1618,"data":1619}," illustrates the risks of even a single OAuth connection from a compromised third-party AI SaaS provider. This isn't really a new AI threat so much as a shadow SaaS problem that's accelerating alongside AI adoption, given that AI apps are specifically designed to pull data from one system, analyze it in another, and present it in a third — with MCP connections now creating the same kind of persistent, permissioned access through an authentication protocol (OAuth) that most organizations have no process to review.",[],{},{"nodeType":361,"data":1621,"content":1625},{"target":1622},{"sys":1623},{"id":1624,"type":366,"linkType":367},"1t2jn4fLxMlH0adMyQqkXk",[],{"nodeType":248,"data":1627,"content":1628},{},[1629],{"nodeType":241,"value":1630,"marks":1631,"data":1632},"This is the same web of OAuth-connected apps that is being exposed at scale through AI tool integrations. For many organizations, AI tools are now the hub of modern activity that orchestrates and automates across the mesh of cloud apps, which adds a useful perspective on what's changed. ",[],{},{"nodeType":361,"data":1634,"content":1638},{"target":1635},{"sys":1636},{"id":1637,"type":366,"linkType":367},"6cRnPkGdwWXRWcct6LfMzo",[],{"nodeType":361,"data":1640,"content":1644},{"target":1641},{"sys":1642},{"id":1643,"type":366,"linkType":367},"5WQZNpnPETWeys1VqubVW",[],{"nodeType":318,"data":1646,"content":1647},{},[],{"nodeType":237,"data":1649,"content":1650},{},[1651],{"nodeType":241,"value":1652,"marks":1653,"data":1655},"What to ask when evaluating browser-based AI visibility and control solutions",[1654],{"type":245},{},{"nodeType":248,"data":1657,"content":1658},{},[1659],{"nodeType":241,"value":1660,"marks":1661,"data":1662},"When you're evaluating AI visibility and control platforms that operate in the browser, there are two lines of questioning that can be useful to unpack.",[],{},{"nodeType":248,"data":1664,"content":1665},{},[1666],{"nodeType":241,"value":1667,"marks":1668,"data":1669},"The first is the tactical basics: What use cases does the product cover, and how quickly will you see value? In this category, you'll likely be looking for:",[],{},{"nodeType":949,"data":1671,"content":1672},{},[1673,1688,1703,1718],{"nodeType":953,"data":1674,"content":1675},{},[1676],{"nodeType":248,"data":1677,"content":1678},{},[1679,1684],{"nodeType":241,"value":1680,"marks":1681,"data":1683},"Depth of visibility:",[1682],{"type":245},{},{"nodeType":241,"value":1685,"marks":1686,"data":1687}," Can the solution observe both corporate and personal account usage of AI apps? Does the solution work with all major browsers, including emerging AI browsers? Does the solution automatically classify AI apps and automatically discover shadow AI?",[],{},{"nodeType":953,"data":1689,"content":1690},{},[1691],{"nodeType":248,"data":1692,"content":1693},{},[1694,1699],{"nodeType":241,"value":1695,"marks":1696,"data":1698},"Granularity of controls:",[1697],{"type":245},{},{"nodeType":241,"value":1700,"marks":1701,"data":1702}," Does the solution support visibility and control over clipboard interactions, allowing you to identify sensitive data strings like personal access tokens (PATs) or API keys? Does the solution allow you to set multiple enforcement modes (monitor, warn, block) and carve out exceptions for tools, teams and individuals where necessary? ",[],{},{"nodeType":953,"data":1704,"content":1705},{},[1706],{"nodeType":248,"data":1707,"content":1708},{},[1709,1714],{"nodeType":241,"value":1710,"marks":1711,"data":1713},"Ease of deployment:",[1712],{"type":245},{},{"nodeType":241,"value":1715,"marks":1716,"data":1717}," How is the solution deployed? Browser extension-based solutions like Push can be deployed at scale in an hour. Solutions that require an endpoint agent or a complete browser replacement will be a heavier lift.",[],{},{"nodeType":953,"data":1719,"content":1720},{},[1721],{"nodeType":248,"data":1722,"content":1723},{},[1724,1729],{"nodeType":241,"value":1725,"marks":1726,"data":1728},"Scope of coverage:",[1727],{"type":245},{},{"nodeType":241,"value":1730,"marks":1731,"data":1732}," Does the solution only enforce policy around AI usage, or does it also prevent AI-enabled attacks in the browser? ",[],{},{"nodeType":248,"data":1734,"content":1735},{},[1736],{"nodeType":241,"value":1737,"marks":1738,"data":1739},"The second set of questions is more about the underlying architectural choices a product has made, and how those translate into actionable intelligence for security teams — or where there may be blind spots. In this category, you will want to ask:",[],{},{"nodeType":435,"data":1741,"content":1742},{},[1743],{"nodeType":241,"value":1744,"marks":1745,"data":1746},"Does the tool capture AI interactions that didn’t trigger a policy violation — or only the ones it blocked?",[],{},{"nodeType":248,"data":1748,"content":1749},{},[1750],{"nodeType":241,"value":1751,"marks":1752,"data":1753},"This is the most useful diagnostic if you're focused on understanding the wider security meaning and impact of an AI interaction, not just whether it violated a policy. ",[],{},{"nodeType":248,"data":1755,"content":1756},{},[1757],{"nodeType":241,"value":1758,"marks":1759,"data":1760},"Enforcement-first tools record what they stopped: blocked uploads, attempted usage of unapproved apps, flagged file names, etc. ",[],{},{"nodeType":248,"data":1762,"content":1763},{},[1764,1768,1773],{"nodeType":241,"value":1765,"marks":1766,"data":1767},"That's useful for compliance reporting but incomplete for security investigation, because ",[],{},{"nodeType":241,"value":1769,"marks":1770,"data":1772},"the most significant events are often the ones that looked normal at the time",[1771],{"type":245},{},{"nodeType":241,"value":1774,"marks":1775,"data":1776},": A user whose behavior shifted gradually over weeks before a resignation. An approved AI browser extension that updates its permissions, putting it in risky territory. An OAuth consent grant that was technically permitted but shouldn't have been.",[],{},{"nodeType":248,"data":1778,"content":1779},{},[1780],{"nodeType":241,"value":1781,"marks":1782,"data":1783},"Ask whether the tool can collect user behavior telemetry, file upload and download activity, and AI usage logs for permitted events — not just policy violations — and whether that telemetry can be forwarded to your SIEM. ",[],{},{"nodeType":248,"data":1785,"content":1786},{},[1787],{"nodeType":241,"value":1788,"marks":1789,"data":1790},"One approach gives you an investigation tool. The other gives you compliance alerts without deeper context.",[],{},{"nodeType":435,"data":1792,"content":1793},{},[1794],{"nodeType":241,"value":1795,"marks":1796,"data":1797},"When an AI agent requests OAuth permissions to access your organization's data, does the tool capture the consent flow — what scopes were requested on which app, which user initiated the consent, and what was the outcome?",[],{},{"nodeType":248,"data":1799,"content":1800},{},[1801],{"nodeType":241,"value":1802,"marks":1803,"data":1804},"Most enforcement-first tools treat OAuth as a binary: approved app or blocked app. That was a reasonable model when OAuth grants were primarily app-to-app integrations managed by IT. It isn't sufficient for agentic AI.",[],{},{"nodeType":248,"data":1806,"content":1807},{},[1808],{"nodeType":241,"value":1809,"marks":1810,"data":1811},"AI agents request OAuth permissions to access organizational data on behalf of users. These are user-initiated consent grants that happen inside browser sessions, often with broad scopes, and frequently without security team awareness. The right tool needs to capture the consent event itself: what permissions were requested, what scopes were granted, who approved them, and what application received them. ",[],{},{"nodeType":248,"data":1813,"content":1814},{},[1815],{"nodeType":241,"value":1816,"marks":1817,"data":1818},"Ask whether the tool monitors OAuth consent flows across authorization servers, whether it can warn or block consent grants in real time based on policy, and whether that coverage extends to AI-enabled apps and MCP connections.",[],{},{"nodeType":435,"data":1820,"content":1821},{},[1822],{"nodeType":241,"value":1823,"marks":1824,"data":1825},"When a new browser attack technique emerges that no tool has a signature for, how long does it take the platform to detect it — and can you show a specific example?",[],{},{"nodeType":248,"data":1827,"content":1828},{},[1829],{"nodeType":241,"value":1830,"marks":1831,"data":1832},"Attackers are rotating infrastructure in hours and using AI to generate new lures and phishing pages at scale. A detection model built on blocklists, reputation feeds, and known-bad indicators is architecturally behind any novel technique because by the time the indicator appears on a feed, the attacker has already moved on.",[],{},{"nodeType":248,"data":1834,"content":1835},{},[1836],{"nodeType":241,"value":1837,"marks":1838,"data":1839},"Ask vendors to show you a specific detection that fired on a novel technique before the infrastructure appeared on any threat feed.",[],{},{"nodeType":435,"data":1841,"content":1842},{},[1843],{"nodeType":241,"value":1844,"marks":1845,"data":1846},"What browser telemetry reaches your SIEM — just alerts, or the underlying session data that makes those alerts investigable?",[],{},{"nodeType":248,"data":1848,"content":1849},{},[1850],{"nodeType":241,"value":1851,"marks":1852,"data":1853},"Ask to see a sample SIEM event from a real detection. Many browser security tools integrate with SIEMs, but the depth of what they forward varies a lot. ",[],{},{"nodeType":248,"data":1855,"content":1856},{},[1857],{"nodeType":241,"value":1858,"marks":1859,"data":1860},"Some send alert metadata that captures policy violations, timestamps, and involved users. Others forward a broader set of telemetry for deeper context — credential reuse, app logins, newly installed extensions, detected phishing kits, file uploads, clipboard activity, OAuth consent flows, file downloads, etc. ",[],{},{"nodeType":248,"data":1862,"content":1863},{},[1864],{"nodeType":241,"value":1865,"marks":1866,"data":1867},"The difference determines whether your SOC team can easily correlate signals from the browser-based tool with other layers of their stack and begin an investigation from the SIEM event itself — or whether they need to pivot back into the vendor's console for the actual evidence.",[],{},{"nodeType":318,"data":1869,"content":1870},{},[],{"nodeType":237,"data":1872,"content":1873},{},[1874],{"nodeType":241,"value":1875,"marks":1876,"data":1878},"AI visibility and control is a feature of the right browser security platform, not a separate purchase",[1877],{"type":245},{},{"nodeType":248,"data":1880,"content":1881},{},[1882],{"nodeType":241,"value":1883,"marks":1884,"data":1885},"Ultimately, the choice of browser platform for solving the two big problems of the AI era comes down to whether you need broader attack coverage and telemetry context in order to secure your organization, or whether a policy-based approach is enough. ",[],{},{"nodeType":248,"data":1887,"content":1888},{},[1889,1893],{"nodeType":241,"value":1890,"marks":1891,"data":1892},"Push treats the challenges of stopping AI-enabled attacks and providing visibility and control over AI usage as features that extend naturally from the platform's underlying architectural model: Rich browser-layer telemetry in ",[],{},{"nodeType":241,"value":1894,"marks":1895,"data":1897},"a single tool that helps security teams answer the question “What actually happened here?” not just “What policy was violated?”",[1896],{"type":245},{},{"nodeType":248,"data":1899,"content":1900},{},[1901],{"nodeType":241,"value":1902,"marks":1903,"data":1904},"This unified architecture matters because the AI control problem and the browser threat detection problem share a root cause: Security-relevant activity is happening inside browser sessions that most tools can't see. ",[],{},{"nodeType":248,"data":1906,"content":1907},{},[1908],{"nodeType":241,"value":1909,"marks":1910,"data":1911},"A standalone AI governance tool can tell you which AI apps are in use and whether employees violated a usage policy. It can't tell you whether the OAuth grant an AI agent just received was part of a broader pattern that includes credential entry on an unfamiliar domain, a clipboard paste from an internal document, and a login to a shadow SaaS app — all in the same session, all visible in the same telemetry stream. ",[],{},{"nodeType":248,"data":1913,"content":1914},{},[1915],{"nodeType":241,"value":1916,"marks":1917,"data":1918},"Separating AI governance from browser security means maintaining two tools that each only see half the picture. ",[],{},{"nodeType":435,"data":1920,"content":1921},{},[1922],{"nodeType":241,"value":1923,"marks":1924,"data":1925},"How Push can help",[],{},{"nodeType":949,"data":1927,"content":1928},{},[1929,1952,1974,1996,2006,2016,2026],{"nodeType":953,"data":1930,"content":1931},{},[1932],{"nodeType":248,"data":1933,"content":1934},{},[1935,1939,1948],{"nodeType":241,"value":1936,"marks":1937,"data":1938},"Block emerging ",[],{},{"nodeType":284,"data":1940,"content":1942},{"uri":1941},"https://pushsecurity.com/blog/introducing-the-browser-and-identity-attacks-matrix/",[1943],{"nodeType":241,"value":1944,"marks":1945,"data":1947},"browser-based attack techniques",[1946],{"type":292},{},{"nodeType":241,"value":1949,"marks":1950,"data":1951},", including AI-enabled phishing and quickly evolving *Fix-style attacks.",[],{},{"nodeType":953,"data":1953,"content":1954},{},[1955],{"nodeType":248,"data":1956,"content":1957},{},[1958,1962,1970],{"nodeType":241,"value":1959,"marks":1960,"data":1961},"Benefit from Push's ",[],{},{"nodeType":284,"data":1963,"content":1964},{"uri":808},[1965],{"nodeType":241,"value":1966,"marks":1967,"data":1969},"agentic detection pipeline",[1968],{"type":292},{},{"nodeType":241,"value":1971,"marks":1972,"data":1973},", which continuously hunts across customer environments to identify emerging threats and ship new detections.",[],{},{"nodeType":953,"data":1975,"content":1976},{},[1977],{"nodeType":248,"data":1978,"content":1979},{},[1980,1983,1992],{"nodeType":241,"value":29,"marks":1981,"data":1982},[],{},{"nodeType":284,"data":1984,"content":1986},{"uri":1985},"https://pushsecurity.com/help/audience/engineering/rest-v1",[1987],{"nodeType":241,"value":1988,"marks":1989,"data":1991},"Stream telemetry",[1990],{"type":292},{},{"nodeType":241,"value":1993,"marks":1994,"data":1995}," to your SIEM for a wide variety of events, including attack detections; newly installed browser extensions or newly adopted apps; updates to extension permissions; file uploads and downloads; clipboard pastes; app logins; credential reuse; OAuth consents; and more.",[],{},{"nodeType":953,"data":1997,"content":1998},{},[1999],{"nodeType":248,"data":2000,"content":2001},{},[2002],{"nodeType":241,"value":2003,"marks":2004,"data":2005},"Block file uploads and downloads.",[],{},{"nodeType":953,"data":2007,"content":2008},{},[2009],{"nodeType":248,"data":2010,"content":2011},{},[2012],{"nodeType":241,"value":2013,"marks":2014,"data":2015},"Block clipboard pastes of sensitive data, with regex-based patterns you can define.",[],{},{"nodeType":953,"data":2017,"content":2018},{},[2019],{"nodeType":248,"data":2020,"content":2021},{},[2022],{"nodeType":241,"value":2023,"marks":2024,"data":2025},"Monitor for or block unauthorized MCP connections.",[],{},{"nodeType":953,"data":2027,"content":2028},{},[2029],{"nodeType":248,"data":2030,"content":2031},{},[2032,2036,2045],{"nodeType":241,"value":2033,"marks":2034,"data":2035},"Write your own ",[],{},{"nodeType":284,"data":2037,"content":2039},{"uri":2038},"https://pushsecurity.com/help/audience/engineering/resources/custom-detections",[2040],{"nodeType":241,"value":2041,"marks":2042,"data":2044},"custom YAML rules",[2043],{"type":292},{},{"nodeType":241,"value":2046,"marks":2047,"data":2048}," targeting specific elements of the page DOM, web requests and responses, HTTP headers such as cookies, and a lot more.",[],{},{"nodeType":248,"data":2050,"content":2051},{},[2052],{"nodeType":241,"value":29,"marks":2053,"data":2054},[],{},{"nodeType":361,"data":2056,"content":2060},{"target":2057},{"sys":2058},{"id":2059,"type":366,"linkType":367},"7AwQv7bLbARq6mdAgv7uGq",[],{"nodeType":318,"data":2062,"content":2063},{},[],{"nodeType":248,"data":2065,"content":2066},{},[2067,2071,2080],{"nodeType":241,"value":2068,"marks":2069,"data":2070},"If you'd like to learn more about Push, ",[],{},{"nodeType":284,"data":2072,"content":2074},{"uri":2073},"https://pushsecurity.com/demo",[2075],{"nodeType":241,"value":2076,"marks":2077,"data":2079},"book a live demo",[2078],{"type":292},{},{"nodeType":241,"value":1064,"marks":2081,"data":2082},[],{},"Why you can't control AI without being in the browser","Why the right browser security tool makes a separate AI visibility and control purchase unnecessary — and how to decide what you actually need.","why-you-cant-control-ai-without-being-in-the-browser",{"items":2087},[2088,2092],{"sys":2089,"name":2091},{"id":2090},"3pjES4THCIfSAwhGdNwBcy","Browser security",{"sys":2093,"name":2095},{"id":2094},"1gZi8NrRy2v9OqPV7C4dwD","Risk management",{"items":2097},[2098],{"fullName":2099,"firstName":2100,"jobTitle":228,"profilePicture":2101},"Kelly Davenport","Kelly",{"url":2102},"https://images.ctfassets.net/y1cdw1ablpvd/1hi8bEuVfn5sF57LivAq6d/9a3b82426c697d765e2e450e33a18424/kelly_profile_pic.jpeg",{"__typename":1156,"sys":2104,"publishedDate":2106,"content":2107,"title":2617,"synopsis":2618,"hashTags":62,"slug":2619,"tagsCollection":2620,"authorsCollection":2628},{"id":2105},"2MWicW07sNEBp59wxYtAiC","2026-05-11T00:00:00.000Z",{"json":2108},{"nodeType":233,"data":2109,"content":2110},{},[2111,2119,2150,2156,2163,2182,2197,2200,2208,2223,2242,2267,2273,2289,2320,2326,2332,2348,2351,2359,2366,2374,2392,2408,2416,2441,2448,2456,2486,2493,2501,2508,2514,2517,2525,2532,2540,2546,2549,2557,2564,2571,2578,2590,2593,2599],{"nodeType":237,"data":2112,"content":2113},{},[2114],{"nodeType":241,"value":2115,"marks":2116,"data":2118},"The quantification problem nobody talks about",[2117],{"type":245},{},{"nodeType":248,"data":2120,"content":2121},{},[2122,2126,2134,2138,2146],{"nodeType":241,"value":2123,"marks":2124,"data":2125},"I was recently teaching ",[],{},{"nodeType":284,"data":2127,"content":2129},{"uri":2128},"https://www.sans.org/cyber-security-courses/cybersecurity-leaders/",[2130],{"nodeType":241,"value":2131,"marks":2132,"data":2133},"SANS LDR551",[],{},{"nodeType":241,"value":2135,"marks":2136,"data":2137},", where we cover some of the flawed approaches used in risk measurement and prioritization — for example, presenting ordinal data in a risk matrix as ratio data, implying that the matrix represents quantitative analysis when it’s more of a best guess. We then look at modeling using ",[],{},{"nodeType":284,"data":2139,"content":2141},{"uri":2140},"https://en.wikipedia.org/wiki/Loss_exceedance_curve",[2142],{"nodeType":241,"value":2143,"marks":2144,"data":2145},"Loss Exceedance Curves",[],{},{"nodeType":241,"value":2147,"marks":2148,"data":2149}," as a more accurate, if much more difficult, approach to quantitative risk assessment.",[],{},{"nodeType":361,"data":2151,"content":2155},{"target":2152},{"sys":2153},{"id":2154,"type":366,"linkType":367},"4S1wJUm6E1qvyZzwrl2DL",[],{"nodeType":248,"data":2157,"content":2158},{},[2159],{"nodeType":241,"value":2160,"marks":2161,"data":2162},"The only problem is, we rarely have the time or the data to construct such models. Ask a CISO how they measure risk for credential compromise and other account takeover attacks, and the answer will probably include one or more of the following: a risk assessment, a whiteboard, and a room full of smart people making educated guesses about attack frequency and control strength. ",[],{},{"nodeType":248,"data":2164,"content":2165},{},[2166,2170,2178],{"nodeType":241,"value":2167,"marks":2168,"data":2169},"That isn't a criticism — for most risk scenarios, expert elicitation is the best (and most convenient) available method. Breach cost data is sparse, threat actor behavior is unpredictable, and internal incident history is (ideally!) a limited sample. Quantitative risk frameworks like ",[],{},{"nodeType":284,"data":2171,"content":2173},{"uri":2172},"https://www.fairinstitute.org/",[2174],{"nodeType":241,"value":2175,"marks":2176,"data":2177},"FAIR",[],{},{"nodeType":241,"value":2179,"marks":2180,"data":2181}," give structure to that uncertainty, but they can't conjure data that just doesn't exist.",[],{},{"nodeType":248,"data":2183,"content":2184},{},[2185,2189,2194],{"nodeType":241,"value":2186,"marks":2187,"data":2188},"The results are usually estimates with wide confidence intervals and loss distributions that appear precise, but are hard to defend to a CFO or a board. Finance leaders have seen Monte Carlo simulations before; the capable ones will challenge the quality of the outputs if they doubt the quality of the inputs. ",[],{},{"nodeType":241,"value":2190,"marks":2191,"data":2193},"But with the right telemetry, we can get both",[2192],{"type":245},{},{"nodeType":241,"value":1064,"marks":2195,"data":2196},[],{},{"nodeType":318,"data":2198,"content":2199},{},[],{"nodeType":237,"data":2201,"content":2202},{},[2203],{"nodeType":241,"value":2204,"marks":2205,"data":2207},"Why the identity attack surface is uniquely measurable",[2206],{"type":245},{},{"nodeType":248,"data":2209,"content":2210},{},[2211,2215,2220],{"nodeType":241,"value":2212,"marks":2213,"data":2214},"We've written extensively about the shift to identity as a primary attack vector — and the evidence continues to stack up. Credential phishing, device code phishing, ClickFix, adversary-in-the-middle attacks, session hijacking, and SaaS account compromise now account for the majority of breach entry points in most enterprise environments. But the silver lining here is that this shift has created something valuable for risk quantification: ",[],{},{"nodeType":241,"value":2216,"marks":2217,"data":2219},"a highly observable threat surface",[2218],{"type":690},{},{"nodeType":241,"value":1064,"marks":2221,"data":2222},[],{},{"nodeType":248,"data":2224,"content":2225},{},[2226,2230,2238],{"nodeType":241,"value":2227,"marks":2228,"data":2229},"Identity attacks execute ",[],{},{"nodeType":284,"data":2231,"content":2232},{"uri":1941},[2233],{"nodeType":241,"value":2234,"marks":2235,"data":2237},"in the browser",[2236],{"type":292},{},{"nodeType":241,"value":2239,"marks":2240,"data":2241},". They leave traces in authentication flows, login behaviors, OAuth integrations, extension activity, and SaaS access patterns — all of which are captured in real time by the Push extension. Unlike network or endpoint attacks, where the signal is often binary and retroactive, browser-based identity threats generate continuous, high-frequency telemetry that maps directly onto the inputs that drive quantitative risk models.",[],{},{"nodeType":248,"data":2243,"content":2244},{},[2245,2249,2254,2258,2263],{"nodeType":241,"value":2246,"marks":2247,"data":2248},"This telemetry directly informs the hardest inputs in any quantitative risk model. One is ",[],{},{"nodeType":241,"value":2250,"marks":2251,"data":2253},"Threat Event Frequency (TEF)",[2252],{"type":245},{},{"nodeType":241,"value":2255,"marks":2256,"data":2257},": how often a threat agent acts against an asset in a given period. For identity risks, this can be answered in how many credential phishing attempts reached your users across all delivery channels (social media, email, malvertising, etc.), or how frequently your users authorize malicious or compromised SaaS apps. Browser-level telemetry can answer these questions with ",[],{},{"nodeType":241,"value":2259,"marks":2260,"data":2262},"observed",[2261],{"type":690},{},{"nodeType":241,"value":2264,"marks":2265,"data":2266}," data rather than industry lookups and general benchmarks. ",[],{},{"nodeType":361,"data":2268,"content":2272},{"target":2269},{"sys":2270},{"id":2271,"type":366,"linkType":367},"EvjT68MCWW7nz5q86xe8S",[],{"nodeType":248,"data":2274,"content":2275},{},[2276,2280,2285],{"nodeType":241,"value":2277,"marks":2278,"data":2279},"The other input to risk modeling that's difficult to express in concrete terms is ",[],{},{"nodeType":241,"value":2281,"marks":2282,"data":2284},"vulnerability",[2283],{"type":245},{},{"nodeType":241,"value":2286,"marks":2287,"data":2288},": the probability a threat becomes a loss event or, more specifically, how likely it is that your controls will fail. ",[],{},{"nodeType":248,"data":2290,"content":2291},{},[2292,2296,2304,2308,2316],{"nodeType":241,"value":2293,"marks":2294,"data":2295},"This is where browser telemetry gets especially concrete. ",[],{},{"nodeType":284,"data":2297,"content":2299},{"uri":2298},"https://pushsecurity.com/blog/how-many-vulnerable-identities-do-you-have/",[2300],{"nodeType":241,"value":2301,"marks":2302,"data":2303},"Analysis of login telemetry across Push-monitored environments",[],{},{"nodeType":241,"value":2305,"marks":2306,"data":2307}," shows that 1 in 4 logins are still password-only (not SSO), 2 in 5 are not protected by MFA, and 1 in 5 use a weak, breached, or reused password. Many of these logins occur outside the visibility of a central IdP platform like Microsoft, Google or Okta — the result of downstream ",[],{},{"nodeType":284,"data":2309,"content":2311},{"uri":2310},"https://pushsecurity.com/blog/ghost-logins-when-forgotten-identities-come-back-to-haunt-you/",[2312],{"nodeType":241,"value":2313,"marks":2314,"data":2315},"ghost logins",[],{},{"nodeType":241,"value":2317,"marks":2318,"data":2319},". ",[],{},{"nodeType":361,"data":2321,"content":2325},{"target":2322},{"sys":2323},{"id":2324,"type":366,"linkType":367},"5GctExdVGjHRwKifiP00Fp",[],{"nodeType":361,"data":2327,"content":2331},{"target":2328},{"sys":2329},{"id":2330,"type":366,"linkType":367},"2mWToHCJcuB9FMwxxzd67F",[],{"nodeType":248,"data":2333,"content":2334},{},[2335,2339,2344],{"nodeType":241,"value":2336,"marks":2337,"data":2338},"In a FAIR-based model, TEF and vulnerability together determine ",[],{},{"nodeType":241,"value":2340,"marks":2341,"data":2343},"loss event frequency",[2342],{"type":245},{},{"nodeType":241,"value":2345,"marks":2346,"data":2347},": the foundational driver of the entire risk calculation. Using telemetry from your own environment as the basis for these calculations makes them far more accurate, and more likely to stand up to scrutiny.",[],{},{"nodeType":318,"data":2349,"content":2350},{},[],{"nodeType":237,"data":2352,"content":2353},{},[2354],{"nodeType":241,"value":2355,"marks":2356,"data":2358},"The attack surface is bigger than most models assume",[2357],{"type":245},{},{"nodeType":248,"data":2360,"content":2361},{},[2362],{"nodeType":241,"value":2363,"marks":2364,"data":2365},"One of the consistent failures in identity risk modeling is the tendency to model risks defenders can see, and leave the rest off the balance sheet. These omissions create a systematic understatement of exposure that browser-based telemetry can offset.",[],{},{"nodeType":435,"data":2367,"content":2368},{},[2369],{"nodeType":241,"value":2370,"marks":2371,"data":2373},"Shadow AI and OAuth sprawl",[2372],{"type":245},{},{"nodeType":248,"data":2375,"content":2376},{},[2377,2380,2388],{"nodeType":241,"value":29,"marks":2378,"data":2379},[],{},{"nodeType":284,"data":2381,"content":2382},{"uri":1609},[2383],{"nodeType":241,"value":2384,"marks":2385,"data":2387},"The Vercel breach in April 2026",[2386],{"type":292},{},{"nodeType":241,"value":2389,"marks":2390,"data":2391}," was the result of an OAuth connection to a third-party AI SaaS tool a developer connected into the organization's Google Workspace tenant (without admin approval). When the AI vendor was compromised, the attacker leveraged stored OAuth tokens to access downstream accounts, ultimately reaching internal dashboards, API keys, and source code. ",[],{},{"nodeType":248,"data":2393,"content":2394},{},[2395,2399,2404],{"nodeType":241,"value":2396,"marks":2397,"data":2398},"Push telemetry across customer environments shows an average of ",[],{},{"nodeType":241,"value":2400,"marks":2401,"data":2403},"17 unique AI app integrations per organization in Microsoft and Google alone",[2402],{"type":245},{},{"nodeType":241,"value":2405,"marks":2406,"data":2407},", most of which security teams would describe as unapproved. These generally don't appear in a conventional risk model that isn't looking for them.",[],{},{"nodeType":435,"data":2409,"content":2410},{},[2411],{"nodeType":241,"value":2412,"marks":2413,"data":2415},"Browser extensions",[2414],{"type":245},{},{"nodeType":248,"data":2417,"content":2418},{},[2419,2423,2432,2437],{"nodeType":241,"value":29,"marks":2420,"data":2422},[2421],{"type":245},{},{"nodeType":284,"data":2424,"content":2425},{"uri":965},[2426],{"nodeType":241,"value":2427,"marks":2428,"data":2431},"Analysis of 20,000 unique extensions deployed across Push customer environments",[2429,2430],{"type":292},{"type":245},{},{"nodeType":241,"value":2433,"marks":2434,"data":2436}," found that 46.76% have the permission combinations required for account takeover without user interaction. ",[2435],{"type":245},{},{"nodeType":241,"value":2438,"marks":2439,"data":2440},"The extensions carrying these permissions aren't flagged by risk scoring systems because the same permissions are used by ad blockers, password managers, and translation tools (the downside of relying on tools that rely on dubious scoring to assess extensions, but I digress). ",[],{},{"nodeType":248,"data":2442,"content":2443},{},[2444],{"nodeType":241,"value":2445,"marks":2446,"data":2447},"What matters for risk quantification isn't the permission set or an arbitrary score assigned by a vendor; it's whether the monitoring exists to detect when a previously-clean extension changes ownership, escalates permissions, or behaves anomalously. Without that monitoring, the exposure is real but unquantified.",[],{},{"nodeType":435,"data":2449,"content":2450},{},[2451],{"nodeType":241,"value":2452,"marks":2453,"data":2455},"ClickFix and non-email delivery channels",[2454],{"type":245},{},{"nodeType":248,"data":2457,"content":2458},{},[2459,2463,2471,2475,2482],{"nodeType":241,"value":2460,"marks":2461,"data":2462},"ClickFix — where a malicious page silently writes a PowerShell or mshta command into the victim's clipboard and instructs them to paste it — was ",[],{},{"nodeType":284,"data":2464,"content":2466},{"uri":2465},"https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/msc/documents/presentations/CSR/Microsoft-Digital-Defense-Report-2025.pdf",[2467],{"nodeType":241,"value":2468,"marks":2469,"data":2470},"the most common initial access vector observed by Microsoft in 2025",[],{},{"nodeType":241,"value":2472,"marks":2473,"data":2474},", and CrowdStrike reported a",[],{},{"nodeType":284,"data":2476,"content":2477},{"uri":306},[2478],{"nodeType":241,"value":2479,"marks":2480,"data":2481}," 563% increase in fake CAPTCHA lures",[],{},{"nodeType":241,"value":2483,"marks":2484,"data":2485}," (one of the most common ClickFix styles in which the user has to \"verify they're human\" by running a command on their machine). ",[],{},{"nodeType":248,"data":2487,"content":2488},{},[2489],{"nodeType":241,"value":2490,"marks":2491,"data":2492},"What makes this particularly relevant for risk quantification is the delivery channel: 4 in 5 ClickFix payloads intercepted by Push arrive via search engines, not email. A risk model that estimates threat event frequency from email-based phishing telemetry alone is structurally blind to an entire category of attack that has become one of the most prevalent initial access methods in the landscape.",[],{},{"nodeType":435,"data":2494,"content":2495},{},[2496],{"nodeType":241,"value":2497,"marks":2498,"data":2500},"Authorization attacks",[2499],{"type":245},{},{"nodeType":248,"data":2502,"content":2503},{},[2504],{"nodeType":241,"value":2505,"marks":2506,"data":2507},"Device code phishing and OAuth consent abuse represent a slightly separate category of identity attack that most risk models don't account for because they operate after the authentication flow has already completed — meaning password strength, MFA coverage, and SSO adoption are irrelevant to whether the attack succeeds. ",[],{},{"nodeType":361,"data":2509,"content":2513},{"target":2510},{"sys":2511},{"id":2512,"type":366,"linkType":367},"7qtHmxCzBm5664jD6HsCwN",[],{"nodeType":318,"data":2515,"content":2516},{},[],{"nodeType":237,"data":2518,"content":2519},{},[2520],{"nodeType":241,"value":2521,"marks":2522,"data":2524},"The key lesson for CISOs",[2523],{"type":245},{},{"nodeType":248,"data":2526,"content":2527},{},[2528],{"nodeType":241,"value":2529,"marks":2530,"data":2531},"A risk model that measures identity vulnerability purely in terms of authentication hygiene at the IdP layer — how many accounts have MFA, how many use SSO — will correctly quantify one dimension of exposure while completely missing another that is growing faster and is structurally immune to the controls being measured.",[],{},{"nodeType":248,"data":2533,"content":2534},{},[2535],{"nodeType":241,"value":2536,"marks":2537,"data":2539},"For a CISO building a risk model, these aren't edge cases. They represent a real attack surface that doesn't show up in models built on conventional network, endpoint, and cloud telemetry. We aren't just talking about better inputs to risk modeling — we're talking about entirely new risk scenarios that aren't being modeled at all, supported by live data.",[2538],{"type":245},{},{"nodeType":361,"data":2541,"content":2545},{"target":2542},{"sys":2543},{"id":2544,"type":366,"linkType":367},"2ObEcO1gqz8lrOLCZzfpNw",[],{"nodeType":318,"data":2547,"content":2548},{},[],{"nodeType":435,"data":2550,"content":2551},{},[2552],{"nodeType":241,"value":2553,"marks":2554,"data":2556},"Browser telemetry makes a CISO's life easier",[2555],{"type":245},{},{"nodeType":248,"data":2558,"content":2559},{},[2560],{"nodeType":241,"value":2561,"marks":2562,"data":2563},"Browser-based telemetry changes the conversation a CISO can have with a CFO or board. Instead of \"industry benchmarks suggest our expected annual loss from account compromise is somewhere in this range,\" the answer is, \"We can see how often these attacks are attempted against our users, and we can measure what percentage of our accounts have the controls in place to stop them,\" or \"We know how many shadow AI apps our users self-provision and share data with each month.\" ",[],{},{"nodeType":248,"data":2565,"content":2566},{},[2567],{"nodeType":241,"value":2568,"marks":2569,"data":2570},"Identity risk is only a piece of the quantification problem. Loss magnitude, regulatory exposure, and reputational impact are still extremely hard to estimate regardless of how good your frequency inputs are. ",[],{},{"nodeType":248,"data":2572,"content":2573},{},[2574],{"nodeType":241,"value":2575,"marks":2576,"data":2577},"But the identity attack surface is one of the few areas in security where measurement is genuinely achievable right now, and the gap between what most organizations are modeling and what's actually observable is significant. Shadow SaaS integrations, unapproved AI connections, browser extensions with excessive privileges — these are enumerable risks that don't appear in models built on network, endpoint, and cloud access telemetry alone. ",[],{},{"nodeType":248,"data":2579,"content":2580},{},[2581,2586],{"nodeType":241,"value":2582,"marks":2583,"data":2585},"The lesson for CISOs serious about quantitative risk management is this: the frameworks exist, the talent is available, and the bottleneck is almost always data quality. ",[2584],{"type":245},{},{"nodeType":241,"value":2587,"marks":2588,"data":2589},"Browser telemetry is a good example of the kind of high-fidelity, environment-specific measurement that closes that gap.",[],{},{"nodeType":318,"data":2591,"content":2592},{},[],{"nodeType":248,"data":2594,"content":2595},{},[2596],{"nodeType":241,"value":1052,"marks":2597,"data":2598},[],{},{"nodeType":248,"data":2600,"content":2601},{},[2602,2606,2613],{"nodeType":241,"value":2603,"marks":2604,"data":2605},"Security teams use Push to detect and stop advanced browser-based attacks like AiTM phishing, ClickFix, and session hijacking; gain visibility and control over AI tool usage across their workforce; harden identities by surfacing credential reuse, SSO gaps, and shadow IT; and support data loss and insider investigations with browser-layer telemetry that other tools can't see. ",[],{},{"nodeType":284,"data":2607,"content":2608},{"uri":1057},[2609],{"nodeType":241,"value":2610,"marks":2611,"data":2612},"Book a live demo",[],{},{"nodeType":241,"value":2614,"marks":2615,"data":2616}," to learn more.",[],{},"The CISO's data problem (and how browser telemetry can help)","How CISOs can use browser telemetry to support cyber risk quantification in areas where traditional data points fall short. ","the-cisos-data-problem-and-how-browser-telemetry-can-help",{"items":2621},[2622,2624],{"sys":2623,"name":2095},{"id":2094},{"sys":2625,"name":2627},{"id":2626},"4ksQNCFeBf8H4QIORqpRLw","Detection & response",{"items":2629},[2630],{"fullName":2631,"firstName":2632,"jobTitle":2633,"profilePicture":2634},"Mark Orlando","Mark","Field CTO",{"url":2635},"https://images.ctfassets.net/y1cdw1ablpvd/592PMwIQQFaa24k5SKBEKF/a33090d0ad95d1e3081f5d16a46ba826/image__68_.png",{"__typename":1156,"sys":2637,"publishedDate":2639,"content":2640,"title":3395,"synopsis":3396,"hashTags":62,"slug":3397,"tagsCollection":3398,"authorsCollection":3406},{"id":2638},"5RDOpmzJolwT1hk0fNIxzf","2026-06-01T00:00:00.000Z",{"json":2641},{"nodeType":233,"data":2642,"content":2643},{},[2644,2662,2668,2675,2682,2685,2693,2711,2730,2737,2742,2749,2755,2762,2770,2777,2795,2824,2830,2836,2844,2851,2869,2899,2931,2938,2944,2952,2959,2970,2977,3016,3022,3062,3101,3107,3110,3118,3125,3131,3138,3145,3151,3158,3165,3193,3196,3204,3211,3219,3226,3233,3252,3259,3265,3272,3280,3287,3304,3311,3330,3333,3341,3348,3355,3362,3365,3372,3379],{"nodeType":248,"data":2645,"content":2646},{},[2647,2651,2658],{"nodeType":241,"value":2648,"marks":2649,"data":2650},"Back in 2024, we wrote about ",[],{},{"nodeType":284,"data":2652,"content":2653},{"uri":345},[2654],{"nodeType":241,"value":2655,"marks":2656,"data":2657},"how the Pyramid of Pain shapes Push's detection philosophy",[],{},{"nodeType":241,"value":2659,"marks":2660,"data":2661}," — detections targeting indicators that are easy for attackers to change deliver diminishing returns, while detections targeting attacker techniques impose a cost that's hard to absorb. Two years on, every force that made IoC-based detection fragile has intensified.",[],{},{"nodeType":361,"data":2663,"content":2667},{"target":2664},{"sys":2665},{"id":2666,"type":366,"linkType":367},"1iuLYxwI8T1wDUIFSom0G0",[],{"nodeType":248,"data":2669,"content":2670},{},[2671],{"nodeType":241,"value":2672,"marks":2673,"data":2674},"AI hasn't introduced a new problem so much as it's compressed the timelines on an existing one — attackers can generate infrastructure, iterate on tooling, and industrialize newly discovered techniques faster than before. The bottom layers of the Pyramid are collapsing under the weight of machine-speed operations, and the middle layers are starting to buckle too.",[],{},{"nodeType":248,"data":2676,"content":2677},{},[2678],{"nodeType":241,"value":2679,"marks":2680,"data":2681},"These changes mean that technique-level detection is more important than ever. In this article, we’ll dig into how the Pyramid is changing, and what this means for our detection philosophy at Push (TL;DR — it reinforces the path we’re already on: building detections at the top of the Pyramid by harnessing browser visibility). ",[],{},{"nodeType":318,"data":2683,"content":2684},{},[],{"nodeType":237,"data":2686,"content":2687},{},[2688],{"nodeType":241,"value":2689,"marks":2690,"data":2692},"The bottom of the Pyramid was already crumbling",[2691],{"type":245},{},{"nodeType":248,"data":2694,"content":2695},{},[2696,2700,2707],{"nodeType":241,"value":2697,"marks":2698,"data":2699},"The case against indicator-based detection didn't need AI to be compelling. ",[],{},{"nodeType":284,"data":2701,"content":2703},{"uri":2702},"https://www.spamhaus.org/",[2704],{"nodeType":241,"value":618,"marks":2705,"data":2706},[],{},{"nodeType":241,"value":2708,"marks":2709,"data":2710},", with just 6.5% surviving past 15 days — by the time a domain makes it onto a blocklist, the campaign has moved on.",[],{},{"nodeType":248,"data":2712,"content":2713},{},[2714,2718,2726],{"nodeType":241,"value":2715,"marks":2716,"data":2717},"We've ",[],{},{"nodeType":284,"data":2719,"content":2721},{"uri":2720},"https://pushsecurity.com/blog/why-most-phishing-attacks-feel-like-a-zero-day/",[2722],{"nodeType":241,"value":2723,"marks":2724,"data":2725},"written before",[],{},{"nodeType":241,"value":2727,"marks":2728,"data":2729}," about how this makes every phishing attack effectively a zero-day for organizations relying on known-bad detection. The phishing kit's behavior — its page structure, script signatures, malicious payload mechanics — is the only detection target that outlasts a single campaign.",[],{},{"nodeType":248,"data":2731,"content":2732},{},[2733],{"nodeType":241,"value":2734,"marks":2735,"data":2736},"When we blogged about the Pyramid of Pain for modern attacks that happen predominantly over the internet, with minimal (or zero) endpoint contact, it first looked like this: ",[],{},{"nodeType":361,"data":2738,"content":2741},{"target":2739},{"sys":2740},{"id":365,"type":366,"linkType":367},[],{"nodeType":248,"data":2743,"content":2744},{},[2745],{"nodeType":241,"value":2746,"marks":2747,"data":2748},"Now, it looks more like this:",[],{},{"nodeType":361,"data":2750,"content":2754},{"target":2751},{"sys":2752},{"id":2753,"type":366,"linkType":367},"mfhP4WToOQkrHnVkXU0tX",[],{"nodeType":248,"data":2756,"content":2757},{},[2758],{"nodeType":241,"value":2759,"marks":2760,"data":2761},"Let’s explore why. ",[],{},{"nodeType":435,"data":2763,"content":2764},{},[2765],{"nodeType":241,"value":2766,"marks":2767,"data":2769},"AI is accelerating phishing rotation and delivery",[2768],{"type":245},{},{"nodeType":248,"data":2771,"content":2772},{},[2773],{"nodeType":241,"value":2774,"marks":2775,"data":2776},"Attackers are harnessing AI at every stage, speeding up the process of creating, rotating, and replacing phishing infrastructure at every level, as well as capitalizing on AI adoption itself to enhance their lures. The operational signature is more domains, shorter lifespans, more variation, and fewer of the reuse patterns that blocklists depend on.",[],{},{"nodeType":248,"data":2778,"content":2779},{},[2780,2784,2791],{"nodeType":241,"value":2781,"marks":2782,"data":2783},"Attackers can ",[],{},{"nodeType":284,"data":2785,"content":2786},{"uri":808},[2787],{"nodeType":241,"value":2788,"marks":2789,"data":2790},"vibe-code entire phishing pages in minutes",[],{},{"nodeType":241,"value":2792,"marks":2793,"data":2794}," — not just cloning legitimate login pages but vibe-cloning them, feeding an AI a screenshot and having it rebuild a convincing frontend with a completely unique backend. ",[],{},{"nodeType":248,"data":2796,"content":2797},{},[2798,2802,2810,2814,2820],{"nodeType":241,"value":2799,"marks":2800,"data":2801},"We've seen attackers clone free SaaS tools like background removers and PDF converters, then inject phishing components or ClickFix payloads into what looks like a functional utility. We’ve even seen attackers distributing malware using AI-generated pages shared using ",[],{},{"nodeType":284,"data":2803,"content":2804},{"uri":1454},[2805],{"nodeType":241,"value":2806,"marks":2807,"data":2809},"LLM tool sharing functionality",[2808],{"type":292},{},{"nodeType":241,"value":2811,"marks":2812,"data":2813},", resulting in phishing delivery pages hosted on real claude.ai and chatgpt.com. And legitimate cloud platforms like ",[],{},{"nodeType":284,"data":2815,"content":2816},{"uri":1406},[2817],{"nodeType":241,"value":1409,"marks":2818,"data":2819},[],{},{"nodeType":241,"value":2821,"marks":2822,"data":2823},", Cloudflare Workers, and Vercel host and dynamically rotate attack infrastructure, so the domains feeding into blocklists often belong to reputable services that can't simply be blocked. ",[],{},{"nodeType":361,"data":2825,"content":2829},{"target":2826},{"sys":2827},{"id":2828,"type":366,"linkType":367},"5yoLmqysyQazfzLITCUTfc",[],{"nodeType":361,"data":2831,"content":2835},{"target":2832},{"sys":2833},{"id":2834,"type":366,"linkType":367},"5XK5qZMQU19xlA8L2T5y0Z",[],{"nodeType":435,"data":2837,"content":2838},{},[2839],{"nodeType":241,"value":2840,"marks":2841,"data":2843},"The kit ecosystem is fragmenting faster than anyone can track",[2842],{"type":245},{},{"nodeType":248,"data":2845,"content":2846},{},[2847],{"nodeType":241,"value":2848,"marks":2849,"data":2850},"What we see across our install base is a huge and growing variation in phishing kits — new kits, derivative kits of known platforms, derivatives of those derivatives — appearing on a weekly basis.",[],{},{"nodeType":248,"data":2852,"content":2853},{},[2854,2858,2865],{"nodeType":241,"value":2855,"marks":2856,"data":2857},"As we reported in our ",[],{},{"nodeType":284,"data":2859,"content":2860},{"uri":1088},[2861],{"nodeType":241,"value":2862,"marks":2863,"data":2864},"Browser Attacks Report",[],{},{"nodeType":241,"value":2866,"marks":2867,"data":2868},", the most common AiTM kits we detected over the last year were Tycoon 2FA (59% of detections), followed by Sneaky 2FA, FlowerStorm, Evilginx (nominally a red team tool, but widely abused by attackers), NakedPages, Gabagool, and dozens more — but those established names are just the visible layer.",[],{},{"nodeType":248,"data":2870,"content":2871},{},[2872,2876,2884,2888,2895],{"nodeType":241,"value":2873,"marks":2874,"data":2875},"Code is forked, modified, and redeployed across kits in a pattern that ",[],{},{"nodeType":284,"data":2877,"content":2879},{"uri":2878},"https://blog.barracuda.com/2026/04/16/threat-spotlight-tycoon-2fa-scattered-everywhere",[2880],{"nodeType":241,"value":2881,"marks":2882,"data":2883},"resembles open-source development",[],{},{"nodeType":241,"value":2885,"marks":2886,"data":2887}," more than traditional criminal enterprise, and the rate at which new variants appear is accelerating. The ",[],{},{"nodeType":284,"data":2889,"content":2890},{"uri":502},[2891],{"nodeType":241,"value":2892,"marks":2893,"data":2894},"Venom kit",[],{},{"nodeType":241,"value":2896,"marks":2897,"data":2898}," reuses Sneaky 2FA's AiTM infrastructure but carries different branding and adds device code phishing — whether it's the same developers, stolen code, or a deliberate fork is unclear.",[],{},{"nodeType":248,"data":2900,"content":2901},{},[2902,2906,2914,2918,2927],{"nodeType":241,"value":2903,"marks":2904,"data":2905},"Tycoon 2FA illustrates the scale of the evolution. The kit evolves continuously, addingnew capabilities, new evasion techniques, and hybridizing with other platforms. Even when Sekoia and Microsoft seized 330+ Tycoon domains in March 2026, the techniques it popularized were already embedded across competitors, and the slack was taken up by rival platforms within days. And in any case, Tycoon was back to ",[],{},{"nodeType":284,"data":2907,"content":2909},{"uri":2908},"https://www.crowdstrike.com/en-us/blog/tycoon2fa-phishing-as-a-service-platform-persists-following-takedown/",[2910],{"nodeType":241,"value":2911,"marks":2912,"data":2913},"normal levels of operation",[],{},{"nodeType":241,"value":2915,"marks":2916,"data":2917}," shortly after. It has also been observed ",[],{},{"nodeType":284,"data":2919,"content":2921},{"uri":2920},"https://www.okta.com/en-nl/blog/threat-intelligence/tycoon_2fa_phishing_actors_scatter/",[2922],{"nodeType":241,"value":2923,"marks":2924,"data":2926},"pivoting to add new device code phishing capabilities",[2925],{"type":292},{},{"nodeType":241,"value":2928,"marks":2929,"data":2930}," (more on that below). ",[],{},{"nodeType":248,"data":2932,"content":2933},{},[2934],{"nodeType":241,"value":2935,"marks":2936,"data":2937},"Tear one down and there are many more to take its place — and meanwhile the original is already evolving into something new.",[],{},{"nodeType":361,"data":2939,"content":2943},{"target":2940},{"sys":2941},{"id":2942,"type":366,"linkType":367},"3UDzUCCizPJhXp3SsoZuSK",[],{"nodeType":435,"data":2945,"content":2946},{},[2947],{"nodeType":241,"value":2948,"marks":2949,"data":2951},"New techniques are being industrialized faster than ever",[2950],{"type":245},{},{"nodeType":248,"data":2953,"content":2954},{},[2955],{"nodeType":241,"value":2956,"marks":2957,"data":2958},"As well as the fragmentation of existing kits, we’re seeing new techniques added at an accelerating rate. ",[],{},{"nodeType":248,"data":2960,"content":2961},{},[2962,2966],{"nodeType":241,"value":490,"marks":2963,"data":2965},[2964],{"type":245},{},{"nodeType":241,"value":2967,"marks":2968,"data":2969}," is the clearest case study. From early nation state adoption in 2024, it took until 2026 for criminal adoption to really take off, but the take-up this year is unprecedented. The EvilTokens kit packaged device code phishing into a PhaaS offering with GPT-powered spear-phishing and adaptive landing pages, hitting 340+ organizations across five countries in March 2026. ",[],{},{"nodeType":248,"data":2971,"content":2972},{},[2973],{"nodeType":241,"value":2974,"marks":2975,"data":2976},"Now, device code functionality is now a core phish kit component. We’re tracking 18+ kits with device code phishing capabilities and a 37.5x increase in device code phishing detections this year alone, with the technique moving from state-sponsored exclusivity to something any PhaaS customer can rent.",[],{},{"nodeType":248,"data":2978,"content":2979},{},[2980,2984,2992,2996,3001,3005,3013],{"nodeType":241,"value":2981,"marks":2982,"data":2983},"Similarly, when we ",[],{},{"nodeType":284,"data":2985,"content":2987},{"uri":2986},"https://pushsecurity.com/blog/we-infiltrated-a-criminal-phishing-panel/",[2988],{"nodeType":241,"value":2989,"marks":2990,"data":2991},"infiltrated Doko's Panel",[],{},{"nodeType":241,"value":2993,"marks":2994,"data":2995}," — a ",[],{},{"nodeType":241,"value":2997,"marks":2998,"data":3000},"real-time vishing and AiTM platform",[2999],{"type":245},{},{"nodeType":241,"value":3002,"marks":3003,"data":3004}," used by ShinyHunters and affiliated groups — the codebase was full of LLM-generated artifacts. Multiple groups were using the templated vishing panel and spinning up their own variants, but the AI-generated indicators persisted throughout. This approach to real-time vishing + browser payload has been a ",[],{},{"nodeType":284,"data":3006,"content":3007},{"uri":552},[3008],{"nodeType":241,"value":3009,"marks":3010,"data":3012},"mainstay of the Com affiliates like ShinyHunters this year",[3011],{"type":292},{},{"nodeType":241,"value":2317,"marks":3014,"data":3015},[],{},{"nodeType":361,"data":3017,"content":3021},{"target":3018},{"sys":3019},{"id":3020,"type":366,"linkType":367},"01mOiserRBXraawXwQyJNm",[],{"nodeType":248,"data":3023,"content":3024},{},[3025,3029,3033,3037,3046,3050,3058],{"nodeType":241,"value":3026,"marks":3027,"data":3028},"The broader ",[],{},{"nodeType":241,"value":515,"marks":3030,"data":3032},[3031],{"type":245},{},{"nodeType":241,"value":3034,"marks":3035,"data":3036}," family shows the same acceleration: First reported in early 2024 and adopted by four nation-state groups within a single quarter. Fast forward and ",[],{},{"nodeType":284,"data":3038,"content":3040},{"uri":3039},"https://www.crowdstrike.com/en-us/global-threat-report/",[3041],{"nodeType":241,"value":3042,"marks":3043,"data":3045},"CrowdStrike's data",[3044],{"type":292},{},{"nodeType":241,"value":3047,"marks":3048,"data":3049}," shows a 563% increase in fake CAPTCHA incidents (one of the more common ClickFix lure types), while ",[],{},{"nodeType":284,"data":3051,"content":3052},{"uri":2465},[3053],{"nodeType":241,"value":3054,"marks":3055,"data":3057},"Microsoft reported",[3056],{"type":292},{},{"nodeType":241,"value":3059,"marks":3060,"data":3061}," it as making up 47% of observed attacks according to their Digital Defense Report.",[],{},{"nodeType":248,"data":3063,"content":3064},{},[3065,3069,3074,3078,3086,3090,3097],{"nodeType":241,"value":3066,"marks":3067,"data":3068},"And ",[],{},{"nodeType":241,"value":3070,"marks":3071,"data":3073},"ConsentFix",[3072],{"type":245},{},{"nodeType":241,"value":3075,"marks":3076,"data":3077}," — a combination of ClickFix and OAuth consent phishing techniques — suggests the next compression is already underway. Push researchers ",[],{},{"nodeType":284,"data":3079,"content":3081},{"uri":3080},"https://pushsecurity.com/blog/consentfix/",[3082],{"nodeType":241,"value":3083,"marks":3084,"data":3085},"discovered the technique",[],{},{"nodeType":241,"value":3087,"marks":3088,"data":3089}," in December 2025 — a browser-native ClickFix variant hijacking OAuth consent grants via Azure CLI's localhost redirect. It was later confirmed to be tied to APT29. By January 2026, a ",[],{},{"nodeType":284,"data":3091,"content":3092},{"uri":1328},[3093],{"nodeType":241,"value":3094,"marks":3095,"data":3096},"criminal ConsentFix v3 toolkit",[],{},{"nodeType":241,"value":3098,"marks":3099,"data":3100}," had appeared on the XSS forum with Cloudflare Workers, ZoomInfo targeting, and automated exfiltration via Pipedream.",[],{},{"nodeType":361,"data":3102,"content":3106},{"target":3103},{"sys":3104},{"id":3105,"type":366,"linkType":367},"41FMif4T0y1maflzonWgL8",[],{"nodeType":318,"data":3108,"content":3109},{},[],{"nodeType":237,"data":3111,"content":3112},{},[3113],{"nodeType":241,"value":3114,"marks":3115,"data":3117},"Why technique-level detection is the only layer that holds",[3116],{"type":245},{},{"nodeType":248,"data":3119,"content":3120},{},[3121],{"nodeType":241,"value":3122,"marks":3123,"data":3124},"The middle of the Pyramid — tool signatures and artifacts — used to offer much more durable detection than infrastructure indicators. Fingerprinting a specific phishing kit by its JavaScript structure or HTML patterns provided a detection target that survived across dozens or hundreds of campaigns, even as the underlying domains rotated. Tool level detections are still better, but not by quite the same margin.",[],{},{"nodeType":361,"data":3126,"content":3130},{"target":3127},{"sys":3128},{"id":3129,"type":366,"linkType":367},"5pxaYdCIFiFKLPhRaPoldX",[],{"nodeType":248,"data":3132,"content":3133},{},[3134],{"nodeType":241,"value":3135,"marks":3136,"data":3137},"When the kit landscape was dominated by a handful of platforms, you could write signatures for Tycoon, Sneaky2FA, EvilProxy, and so on, and cover the lion's share of attacks. With the ecosystem now producing new variants and entirely new kits on a weekly basis, detecting by kit fingerprint starts to look uncomfortably similar to detecting by domain.",[],{},{"nodeType":248,"data":3139,"content":3140},{},[3141],{"nodeType":241,"value":3142,"marks":3143,"data":3144},"But many of these proliferating kits do share behavioral patterns at a deeper level than their code signatures. For example, every device code phishing kit implements fundamentally the same flow: present a lure, generate a device code via the OAuth Device Authorization endpoint, get the user to enter it on the legitimate authorization page, and poll for the resulting tokens. The frontends vary, the infrastructure varies, but the behavioral pattern doesn't.",[],{},{"nodeType":361,"data":3146,"content":3150},{"target":3147},{"sys":3148},{"id":3149,"type":366,"linkType":367},"FyyHayQtsJTwoB1kluMOl",[],{"nodeType":248,"data":3152,"content":3153},{},[3154],{"nodeType":241,"value":3155,"marks":3156,"data":3157},"Genuinely new attack techniques still require human creativity — an attacker has to identify a gap in how a legitimate protocol or feature can be subverted. That kind of innovation hasn't been automated. But the window to discover a technique, build a detection, and then deploy it before it is adopted by criminals at scale is compressing with each generation.",[],{},{"nodeType":248,"data":3159,"content":3160},{},[3161],{"nodeType":241,"value":3162,"marks":3163,"data":3164},"Organizations that detect at the technique level and deploy before commoditization have a structural advantage that increases over time. Waiting for indicators — even tool-level indicators — means chasing a curve that's accelerating away from you. This is the challenge we grapple with every day as we strive for the most resilient detections possible. ",[],{},{"nodeType":3166,"data":3167,"content":3168},"blockquote",{},[3169],{"nodeType":248,"data":3170,"content":3171},{},[3172,3176,3184,3188],{"nodeType":241,"value":3173,"marks":3174,"data":3175},"As our CPO Jacques Louw put it on ",[],{},{"nodeType":284,"data":3177,"content":3179},{"uri":3178},"https://risky.biz/RBNEWSSI128/",[3180],{"nodeType":241,"value":3181,"marks":3182,"data":3183},"Risky Business",[],{},{"nodeType":241,"value":3185,"marks":3186,"data":3187},": ",[],{},{"nodeType":241,"value":3189,"marks":3190,"data":3192},"\"There's no list of bad domains anywhere in the product. It's a crutch — a false cheat code that stops you from doing the detection in the way that actually is resilient, because the next time you see it, it will be on a different domain.\"",[3191],{"type":690},{},{"nodeType":318,"data":3194,"content":3195},{},[],{"nodeType":237,"data":3197,"content":3198},{},[3199],{"nodeType":241,"value":3200,"marks":3201,"data":3203},"What it takes to detect at the top of the Pyramid",[3202],{"type":245},{},{"nodeType":248,"data":3205,"content":3206},{},[3207],{"nodeType":241,"value":3208,"marks":3209,"data":3210},"If technique-level detection is the only layer that holds, two things have to be true about your detection capability: You need the right vantage point, and you need the research velocity to stay ahead.",[],{},{"nodeType":435,"data":3212,"content":3213},{},[3214],{"nodeType":241,"value":3215,"marks":3216,"data":3218},"You need the right vantage point",[3217],{"type":245},{},{"nodeType":248,"data":3220,"content":3221},{},[3222],{"nodeType":241,"value":3223,"marks":3224,"data":3225},"Technique-level behaviors in browser-based identity attacks — how a phishing page orchestrates credential entry, how a device code flow presents its authorization prompt, how a ClickFix variant manipulates the clipboard — are visible in the browser session and nowhere else.",[],{},{"nodeType":248,"data":3227,"content":3228},{},[3229],{"nodeType":241,"value":3230,"marks":3231,"data":3232},"Network proxies see encrypted traffic and can attempt to reconstruct page behavior from metadata, but DOM manipulation, user interaction sequences, and script execution aren't visible from that vantage point. Email gateways see the delivery mechanism (or nothing at all in the increasing number of social media and search engine based attacks) but not the payload.",[],{},{"nodeType":248,"data":3234,"content":3235},{},[3236,3240,3248],{"nodeType":241,"value":3237,"marks":3238,"data":3239},"As we disclosed in our ",[],{},{"nodeType":284,"data":3241,"content":3242},{"uri":1088},[3243],{"nodeType":241,"value":3244,"marks":3245,"data":3247},"browser attacks report",[3246],{"type":292},{},{"nodeType":241,"value":3249,"marks":3250,"data":3251},", 95% of in-browser attacks we detect use some form of bot protection, often combined with conditional loading techniques like referrer and browser checks, reliably defeating automated analysis techniques. ",[],{},{"nodeType":248,"data":3253,"content":3254},{},[3255],{"nodeType":241,"value":3256,"marks":3257,"data":3258},"Behavioral detection at the technique level requires observing what happens on the page at the moment the user interacts with it — analyzing pages, not links. When you see the entire browsing flow — ad click, redirect chain, page render, credential prompt — an attack stands out immediately. Without that context, any detection system is forced to fill in gaps, and the gaps are where attacks hide.",[],{},{"nodeType":361,"data":3260,"content":3264},{"target":3261},{"sys":3262},{"id":3263,"type":366,"linkType":367},"4804g6u4POUDpL42bzP0EY",[],{"nodeType":248,"data":3266,"content":3267},{},[3268],{"nodeType":241,"value":3269,"marks":3270,"data":3271},"Push sits inside the browser session, observing this in real time. Its detections target the behavioral mechanics of techniques rather than the surface characteristics of individual kits or infrastructure.",[],{},{"nodeType":435,"data":3273,"content":3274},{},[3275],{"nodeType":241,"value":3276,"marks":3277,"data":3279},"You need the research expertise",[3278],{"type":245},{},{"nodeType":248,"data":3281,"content":3282},{},[3283],{"nodeType":241,"value":3284,"marks":3285,"data":3286},"When the window between technique discovery and industrialized exploitation is measured in weeks rather than years, the detection pipeline needs to operate on that same compressed timescale.",[],{},{"nodeType":248,"data":3288,"content":3289},{},[3290,3294,3300],{"nodeType":241,"value":3291,"marks":3292,"data":3293},"This is where our ",[],{},{"nodeType":284,"data":3295,"content":3296},{"uri":808},[3297],{"nodeType":241,"value":811,"marks":3298,"data":3299},[],{},{"nodeType":241,"value":3301,"marks":3302,"data":3303}," fits. It's tripled our monthly detection output — not by generating bigger blocklists, but by scaling the process of discovering behavioral patterns across the telemetry generated by 3+ million browser deployments.",[],{},{"nodeType":248,"data":3305,"content":3306},{},[3307],{"nodeType":241,"value":3308,"marks":3309,"data":3310},"The detections it produces are technique-class by design, targeting how attacks work rather than the infrastructure or specific tool that implements them. The goal is curation, not accumulation — hundreds of high-fidelity behavioral detections rather than the billions of signatures and domain entries that traditional approaches require.",[],{},{"nodeType":248,"data":3312,"content":3313},{},[3314,3318,3326],{"nodeType":241,"value":3315,"marks":3316,"data":3317},"When we detected the first in-the-wild ",[],{},{"nodeType":284,"data":3319,"content":3321},{"uri":3320},"https://pushsecurity.com/blog/installfix/",[3322],{"nodeType":241,"value":3323,"marks":3324,"data":3325},"InstallFix attack",[],{},{"nodeType":241,"value":3327,"marks":3328,"data":3329}," through the pipeline — a user had searched for NotebookLM, clicked a paid Google ad, and was redirected to a fake page with a WebAssembly C2 connector — the detection shipped to all customers within minutes. It didn't depend on knowing the domain, the ad creative, or the specific kit. It depended on recognizing the technique itself.",[],{},{"nodeType":318,"data":3331,"content":3332},{},[],{"nodeType":237,"data":3334,"content":3335},{},[3336],{"nodeType":241,"value":3337,"marks":3338,"data":3340},"Technique-level detection is now the only option",[3339],{"type":245},{},{"nodeType":248,"data":3342,"content":3343},{},[3344],{"nodeType":241,"value":3345,"marks":3346,"data":3347},"As a framework for detection durability, the Pyramid of Pain is more relevant than ever. ",[],{},{"nodeType":248,"data":3349,"content":3350},{},[3351],{"nodeType":241,"value":3352,"marks":3353,"data":3354},"AI has made infrastructure indicators essentially disposable. The tools tier is compressing as criminal vendors vibe-code, fork, and clone tooling at machine speed. Technique-level detection is the layer that holds long-term to be able to proactively detect and block net-new attacks and the kits that power them. ",[],{},{"nodeType":248,"data":3356,"content":3357},{},[3358],{"nodeType":241,"value":3359,"marks":3360,"data":3361},"Novel attack techniques still require human creativity to discover, and detections built around how those techniques work can survive infrastructure rotation, tool proliferation, and kit fragmentation. Defending that layer requires a vantage point inside the browser session and a research pipeline fast enough to stay ahead of the accelerating path from discovery to industrialization.",[],{},{"nodeType":318,"data":3363,"content":3364},{},[],{"nodeType":248,"data":3366,"content":3367},{},[3368],{"nodeType":241,"value":3369,"marks":3370,"data":3371},"Push Security is the most powerful AI-native security tool in the browser. Think EDR, but for the browser — high-fidelity telemetry and real-time control across every session, on every device, with no browser migration required.",[],{},{"nodeType":248,"data":3373,"content":3374},{},[3375],{"nodeType":241,"value":3376,"marks":3377,"data":3378},"Security teams use Push to detect and stop advanced browser-based attacks like AiTM phishing, ClickFix, and session hijacking; gain visibility and control over AI tool usage across their workforce; harden identities by surfacing credential reuse, SSO gaps, and shadow IT; and support data loss and insider investigations with browser-layer telemetry that other tools can't see.",[],{},{"nodeType":248,"data":3380,"content":3381},{},[3382,3385,3392],{"nodeType":241,"value":29,"marks":3383,"data":3384},[],{},{"nodeType":284,"data":3386,"content":3387},{"uri":2073},[3388],{"nodeType":241,"value":2610,"marks":3389,"data":3391},[3390],{"type":292},{},{"nodeType":241,"value":2614,"marks":3393,"data":3394},[],{},"The Pyramid of Pain in the AI era: Why technique-level detection matters more than ever","AI is accelerating the collapse of indicator-based threat detection. Here's why you need technique-level detection to stay ahead.","the-pyramid-of-pain-in-the-ai-era",{"items":3399},[3400,3402],{"sys":3401,"name":2627},{"id":2626},{"sys":3403,"name":3405},{"id":3404},"6A5RXS31ZQx3PwryGb1IMy","Browser-based attacks",{"items":3407},[3408],{"fullName":3409,"firstName":3410,"jobTitle":3411,"profilePicture":3412},"Dan Green","Dan","Threat Research",{"url":3413},"https://images.ctfassets.net/y1cdw1ablpvd/7jik1VhFgA3kgzXBXTm2Vw/fcd8c171da644903d0827eafcfbcaad0/Dan_Headshot_2025.png","why-modern-browser-attacks-evade-edr","blog/why-modern-browser-attacks-evade-edr",{"json":3417},{"data":3418,"content":3419,"nodeType":233},{},[3420],{"data":3421,"content":3422,"nodeType":248},{},[3423],{"data":3424,"marks":3425,"value":3426,"nodeType":241},{},[],"This article explains why the gap between what EDR sees and what happens inside the browser is exactly where attackers have built their playbook, and what it takes to close it.","This article explains the gap between what EDR sees and what happens inside the browser, and what it takes to close it.",{"id":3429,"publishedAt":3430},"3qMmscyEh3T1Mbf8qXQHmd","2026-06-02T07:22:24.510Z",{"items":3432},[3433,3435],{"sys":3434,"name":3405},{"id":3404},{"sys":3436,"name":2091},{"id":2090},"dXpqWHzncRxYbUvRpLZRU8aZWd9eDQe8b5mL4X2mgjQ",1780385374609]