[{"data":1,"prerenderedAt":17006},["ShallowReactive",2],{"application-flags":3,"navbar":7,"always-visible-banner":36,"navbar-about-highlight":100,"navbar-resource-highlight":174,"use-case-page":218,"fa-icon-regular-faFishingRod":1240,"fa-icon-regular-faPuzzlePiece":1244,"fa-icon-regular-faUserSecret":1246,"fa-icon-regular-faRadar":1248,"fa-icon-regular-faLaptopCode":1250,"fa-icon-regular-faSatelliteDish":1252,"fa-icon-regular-faShieldCheck":1254,"fa-icon-regular-faBrainCircuit":1256,"events-pages-/events/flight-deck-gartner":1258,"latestResourcesBlogPosts":1459,"push-partner":15892,"/events/flight-deck-gartner-form":16188},[4],{"name":5,"enabled":6},"maintenanceMode",false,[8],{"createdDate":9,"id":10,"name":11,"modelId":12,"published":13,"query":14,"data":15,"variations":20,"lastUpdated":21,"firstPublished":22,"testRatio":23,"createdBy":24,"lastUpdatedBy":25,"folders":26,"meta":27,"rev":35},1742208588866,"1c7a4e423bf54ac1a328bb4063459ef2","Banner","1c6207a5f24948ab82d4a0b17f251193","published",[],{"type":16,"url":17,"text":18,"link":19},"web-banner","https://pushsecurity.com/resources/browser-attacks-report","Get our latest report analyzing browser attack techniques in 2026",{},{},1774258294825,1742208637545,1,"CydmZnOWU1XuAaLhEDCoYNM4Z8W2","jKjF9r5jcvXU8tzZEfFQm31Iyvr2",[],{"kind":28,"lastPreviewUrl":29,"breakpoints":30,"hasAutosaves":34},"data","",{"xsmall":31,"small":32,"medium":33},320,640,768,true,"qx4p9x8ryap",{"createdDate":37,"id":38,"name":39,"modelId":40,"published":13,"stageModifiedSincePublish":6,"query":41,"data":42,"variations":89,"lastUpdated":90,"firstPublished":91,"testRatio":23,"createdBy":92,"lastUpdatedBy":93,"folders":94,"meta":95,"rev":99},1774965361051,"fd266d0172cc47429be7ad10f48c99ad","always visible banner","0678d178ec8b41efb8a23c09dba7874d",[],{"url":29,"ctaText":43,"text":44,"blocks":45,"state":85},"ewrererw","testrfesssssssssss",[46,73],{"@type":47,"@version":48,"id":49,"component":50,"responsiveStyles":63},"@builder.io/sdk:Element",2,"builder-ca12c06a52de41d7b8743da53118cd38",{"name":51,"tag":51,"options":52,"isRSC":62},"TopBannerContent",{"text":53,"ctaText":54,"url":55,"mainText":56,"cta":59},"New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks","Save Your Spot","https://pushsecurity.com/webinar/state-of-browser-security",{"content":57,"fontSize":58},"\u003Cp>Is your stack covered? 51 browser & identity attacks, mapped.\u003C/p>","text-base",{"content":60,"fontSize":58,"url":61},"\u003Cp>\u003Cstrong style=\"font-weight:700;\">See the matrix →\u003C/strong>\u003C/p>\n","https://pushsecurity.com/resources/browser-identity-attacks-matrix/",null,{"large":64},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"marginTop":70,"marginBottom":70,"fontSize":71,"fontWeight":72},"flex","column","relative","0","border-box",".56rem","1.125rem","700",{"id":74,"@type":47,"tagName":75,"properties":76,"responsiveStyles":80},"builder-pixel-3wqv5d338nw","img",{"src":77,"aria-hidden":78,"alt":29,"role":79,"width":68,"height":68},"https://cdn.builder.io/api/v1/pixel?apiKey=f3a1111ff5be48cdbb123cd9f5795a05","true","presentation",{"large":81},{"height":68,"width":68,"display":82,"opacity":68,"overflow":83,"pointerEvents":84},"block","hidden","none",{"deviceSize":86,"location":87},"large",{"path":29,"query":88},{},{},1778612252607,1774968080803,"ST0tXQM8slWpFrmioqKHmENB2qe2","ax7YYfD0OCeqT1Vxxv1G4FUbqVr1",[],{"kind":96,"hasLinks":6,"breakpoints":97,"lastPreviewUrl":98,"hasAutosaves":6},"component",{"xsmall":31,"small":32,"medium":33},"https://pushsecurity.com/?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests%2CmergePullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=always-visible-banner&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.always-visible-banner=fd266d0172cc47429be7ad10f48c99ad&builder.overrides.fd266d0172cc47429be7ad10f48c99ad=fd266d0172cc47429be7ad10f48c99ad&builder.options.locale=Default","co9za8t752",[101,137],{"createdDate":102,"id":103,"name":104,"modelId":105,"published":13,"stageModifiedSincePublish":6,"query":106,"data":107,"variations":130,"lastUpdated":131,"firstPublished":132,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":133,"meta":134,"rev":136},1776247359804,"9136a8f18b3b4a6ba29b8653a99372b1","testimonial-inductive-automation","20d9eaa352304613b3d1a794b400703d",[],{"link":108,"type":109,"testimonialLink":110,"testimonial":111},{},"testimonial","/customer-stories/inductive-automation",{"@type":112,"id":113,"model":109,"value":114},"@builder.io/core:Reference","f028f2b685bb47cd8bf9e82a26dd5a79",{"query":115,"folders":116,"createdDate":117,"id":113,"name":118,"modelId":119,"published":13,"data":120,"variations":124,"lastUpdated":125,"firstPublished":126,"testRatio":23,"createdBy":92,"lastUpdatedBy":92,"meta":127,"rev":129},[],[],1735823466309,"We found Push to be more accurate when compared to competitors and the browser agent offered features that others couldn’t match.","42035571a56940ac98bff4544aa79aa5",{"author":121,"jobTitle":122,"quote":118,"image":123},"Jason Waits","\u003Cp>CISO at Inductive Automation\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Ff04c0c0689ce4a89ac0f0708d78c0a07",{},1735910703862,1735823501152,{"kind":28,"lastPreviewUrl":29,"breakpoints":128,"hasAutosaves":34},{"small":32,"medium":33},"20k0wxiqt3zh",{},1776247404986,1776247404973,[],{"breakpoints":135,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},"eyzqtt92j6",{"createdDate":138,"id":139,"name":140,"modelId":105,"published":13,"meta":141,"stageModifiedSincePublish":6,"query":143,"data":144,"variations":170,"lastUpdated":171,"firstPublished":172,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":173,"rev":136},1776255761419,"05a9322735fc427db12e2740e4302300","Report: 2026 Browser Attack Techniques",{"breakpoints":142,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},[],{"testimonial":145,"link":164,"type":167,"title":140,"description":168,"image":169},{"@type":112,"id":146,"model":109,"value":147},"192acbb1f9ca4cac918c0ec435a8bae3",{"query":148,"folders":149,"createdDate":150,"id":146,"name":151,"modelId":119,"published":13,"data":152,"variations":158,"lastUpdated":159,"firstPublished":160,"testRatio":23,"createdBy":92,"lastUpdatedBy":24,"meta":161,"rev":163},[],[],1728981467463,"Push does for identity what CrowdStrike did for the endpoint",{"video":153,"jobTitle":154,"author":155,"qoute":29,"quote":156,"image":157},"https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8b30e8ca50064058bbaef0f3c6164575%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=8b30e8ca50064058bbaef0f3c6164575&alt=media&optimized=true","\u003Cp>Deputy CISO at Microsoft\u003C/p>\u003Cp>Former LinkedIn, Slack, Palantir\u003C/p>","Geoff Belknap","Push does for identity what CrowdStrike did for the endpoint.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F748f0ad0a5064a00a13f4721fcc8dea1",{},1742902158597,1728981782923,{"kind":28,"lastPreviewUrl":29,"breakpoints":162,"hasAutosaves":34},{"small":32,"medium":33},"9itmog8hrr",{"text":165,"url":166},"Download now","/resources/browser-attacks-report","resource","Learn about the latest techniques being used in the wild.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b4a5ebf81d64e8c9d7fc35f6c96c4a9",{},1776255810913,1776255810900,[],[175,197],{"createdDate":176,"id":177,"name":140,"modelId":178,"published":13,"meta":179,"stageModifiedSincePublish":6,"query":181,"data":182,"variations":192,"lastUpdated":193,"firstPublished":194,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":195,"rev":196},1776256900280,"1f429607996e4e5fae8fe3f9b9610e55","4829faa81e7c4ee8bd2d000e160e8d3c",{"breakpoints":180,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},[],{"testimonial":183,"link":191,"type":167,"title":140,"description":168,"image":169},{"@type":112,"id":146,"model":109,"value":184},{"query":185,"folders":186,"createdDate":150,"id":146,"name":151,"modelId":119,"published":13,"data":187,"variations":188,"lastUpdated":159,"firstPublished":160,"testRatio":23,"createdBy":92,"lastUpdatedBy":24,"meta":189,"rev":163},[],[],{"video":153,"jobTitle":154,"author":155,"qoute":29,"quote":156,"image":157},{},{"kind":28,"lastPreviewUrl":29,"breakpoints":190,"hasAutosaves":34},{"small":32,"medium":33},{"text":165,"url":166},{},1776256937553,1776256937540,[],"bvr0vc1n7t",{"createdDate":198,"id":199,"name":200,"modelId":178,"published":13,"stageModifiedSincePublish":6,"query":201,"data":202,"variations":212,"lastUpdated":213,"firstPublished":214,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":215,"meta":216,"rev":196},1776256949234,"ce043785b71b4ece98eac811ecf4ba10","inductive-automation",[],{"link":203,"type":109,"testimonial":204,"testimonialLink":110},{},{"@type":112,"id":113,"model":109,"value":205},{"query":206,"folders":207,"createdDate":117,"id":113,"name":118,"modelId":119,"published":13,"data":208,"variations":209,"lastUpdated":125,"firstPublished":126,"testRatio":23,"createdBy":92,"lastUpdatedBy":92,"meta":210,"rev":129},[],[],{"author":121,"jobTitle":122,"quote":118,"image":123},{},{"kind":28,"lastPreviewUrl":29,"breakpoints":211,"hasAutosaves":34},{"small":32,"medium":33},{},1776256974140,1776256974130,[],{"breakpoints":217,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},[219,403,522,641,759,879,999,1119],{"createdDate":220,"id":221,"name":222,"modelId":223,"published":13,"stageModifiedSincePublish":6,"query":224,"data":230,"variations":391,"lastUpdated":392,"firstPublished":393,"testRatio":23,"screenshot":394,"createdBy":92,"lastUpdatedBy":395,"folders":396,"meta":397,"rev":402},1744829487099,"387451215c314dd5bd654668cdc1a197","Zero-day phishing","cca4143377554c5a9163cc203a8ed2ba",[225],{"@type":226,"property":227,"operator":228,"value":229},"@builder.io/core:Query","urlPath","is","/uc/zero-day-phishing-protection",{"inputs":231,"customFonts":232,"seoTitle":280,"title":280,"tsCode":29,"seoDescription":281,"fontAwesomeIcon":282,"jsCode":29,"blocks":283,"url":229,"state":388},[],[233],{"family":234,"kind":235,"version":236,"lastModified":237,"files":238,"category":257,"menu":258,"subsets":259,"variants":262},"DM Sans","webfonts#webfont","v14","2023-07-13",{"100":239,"200":240,"300":241,"500":242,"600":243,"700":244,"800":245,"900":246,"800italic":247,"900italic":248,"700italic":249,"100italic":250,"italic":251,"regular":252,"200italic":253,"500italic":254,"300italic":255,"600italic":256},"https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAop1hTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAIpxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwA_JxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAkJxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAfJthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwARZthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAIpthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAC5thTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8JCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8gCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat9uCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-JDG3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-JDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8JDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-7DW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat_XDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat9XCm3zRmYJpso5.ttf","sans-serif","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxRT23z.ttf",[260,261],"latin","latin-ext",[263,264,265,266,267,268,72,269,270,271,272,273,274,275,276,277,278,279],"100","200","300","regular","500","600","800","900","100italic","200italic","300italic","italic","500italic","600italic","700italic","800italic","900italic","Zero-day phishing protection","Detect phishing TTPs directly in the browser and stop credential theft.","faFishingRod",[284,383],{"@type":47,"@version":48,"tagName":285,"id":286,"children":287},"div","builder-76c6b8d1499346c7bc1fd56ae4e93638",[288,305,313,320,332,347,358,369,375],{"@type":47,"@version":48,"layerName":289,"id":290,"component":291,"responsiveStyles":302},"UseCaseHero","builder-5228fe062bef4a40a91e43f1112832fa",{"name":289,"options":292,"isRSC":62},{"title":280,"description":293,"points":294,"video":301},"\u003Cp>Push detects phishing as it happens. Autonomous agents hunt for new phishing techniques, identify kit signatures, and deploy detections within minutes of a new attack being analyzed. From cloned login pages to AiTM credential harvesting, Push sees what traditional filters miss and stops threats before they escalate.\u003C/p>",[295,297,299],{"item":296},"Detect phishing that bypasses traditional filters, including AiTM, SSO password theft, and fake login pages",{"item":298},"Stop never-before-seen attacks with AI-native behavioral and on-page analysis inside the browser",{"item":300},"Investigate faster with unified browser, user, and page context","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F40433ceeb4f94b43a82e039a0f4fd411%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=40433ceeb4f94b43a82e039a0f4fd411&alt=media&optimized=true",{"large":303},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"backgroundColor":304},"transparent",{"@type":47,"@version":48,"id":306,"component":307,"responsiveStyles":310},"builder-96634044407e491299e291ed64669e39",{"name":308,"options":309,"isRSC":62},"TrustedBy",{"AllPartners":34,"backgroundTransparent":6},{"large":311},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"backgroundColor":312},"#000",{"@type":47,"@version":48,"id":314,"component":315,"responsiveStyles":318},"builder-2c3768f930534557bb8978e32b6a6a0f",{"name":316,"options":317,"isRSC":62},"Diagonal",{"darkMode":34},{"large":319},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"layerName":321,"id":322,"component":323,"responsiveStyles":330},"TextImageBlockVertical","builder-7c3c1c2840424db2ad2ccbfaf382dd64",{"name":321,"tag":321,"options":324,"isRSC":62},{"darkMode":6,"maxWidth":325,"maxTextWidth":326,"title":327,"description":328,"animatedTitle":29,"image":329,"reverse":6,"descriptionPaddingHorizontal":62},1200,800,"\u003Ch2>Why stop at the inbox?\u003C/h2>","\u003Cp>Phishing attacks have evolved. Whether attackers lure users with QR codes, instant messages, or OAuth consent screens, the outcome is the same: it plays out in the browser. Push gives you real-time detection for in-browser threats, stopping phishing and consent-based attacks before they lead to compromise\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7fdcac241f0e4a049166d7076858adeb",{"large":331},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":333,"component":334,"responsiveStyles":342},"builder-41c978b3669749cf947e622b4e79e4d7",{"name":335,"options":336,"isRSC":62},"TextImageBlockHorizontal",{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":338,"title":339,"description":340,"reverse":34,"image":341},600,100,"\u003Cp>Detect phishing at the edge\u003C/p>","\u003Cp>Push uses industry-first telemetry to detect phishing based on behavior, not static indicators. Autonomous agents analyze how phishing pages behave and how users interact with them, uncovering fake logins, credential theft, and phishing kits the moment they load in the browser.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F9df3d180c97b4e61af142af2ccd68721",{"large":343},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"fontFamily":344,"paddingTop":345,"marginTop":346},"DM Sans, sans-serif","20px","0px",{"@type":47,"@version":48,"id":348,"component":349,"responsiveStyles":355},"builder-d2a7bc941feb43cdb898bc116b203cf9",{"name":335,"options":350,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":351,"title":352,"description":353,"reverse":6,"image":354},120,"\u003Ch2>Go beyond blocklists and IOCs\u003C/h2>","\u003Cp>Push goes beyond URLs and easy-to-change indicators. It reads the full phishing playbook like script behavior, session hijacks, DOM changes, user inputs, then connects the dots in real time. This gives your team a complete picture of how the phishing attempt worked, not just an alert.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fabfd58db169b433e96d3f1261797156e",{"large":356},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"paddingTop":357},"36px",{"@type":47,"@version":48,"layerName":335,"id":359,"component":360,"responsiveStyles":366},"builder-42c32198083f4880acb37c5cb76934da",{"name":335,"options":361,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":362,"title":363,"description":364,"reverse":34,"image":365},140,"\u003Ch2>Enhance your phishing response\u003C/h2>","\u003Cp>When phishing enters your environment, speed matters. Push gives you instant access to the telemetry that counts like session data, user behavior, and page activity, so you can investigate fast, trigger in-browser prompts, or forward alerts to your SIEM or SOAR for response. All in real time, right from the browser.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fbb195aec46904056b85e8688629e558e",{"large":367},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"paddingTop":368},"47px",{"@type":47,"@version":48,"id":370,"component":371,"responsiveStyles":373},"builder-9a95b9cbc4854421a92ef7b90f6c7adb",{"name":316,"options":372,"isRSC":62},{"darkMode":6},{"large":374},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":376,"component":377,"responsiveStyles":381},"builder-0afa17a9f25c4661a90f314d5578aa18",{"name":378,"tag":378,"options":379,"isRSC":62},"LatestResources",{"sectionHeading":29,"customClass":380},"bg-black",{"large":382},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"id":384,"@type":47,"tagName":75,"properties":385,"responsiveStyles":386},"builder-pixel-kbuxdqkbbli",{"src":77,"aria-hidden":78,"alt":29,"role":79,"width":68,"height":68},{"large":387},{"height":68,"width":68,"display":82,"opacity":68,"overflow":83,"pointerEvents":84},{"deviceSize":86,"location":389},{"path":29,"query":390},{},{},1776275046831,1745499158657,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fff60c30a8442489c8ed7e0af9599d14f","kYgMv6WsbvfmlOUYqR2SFwGzw6e2",[],{"lastPreviewUrl":398,"winningTest":62,"breakpoints":399,"kind":400,"hasLinks":6,"originalContentId":401,"hasAutosaves":6},"https://pushsecurity.com/uc/zero-day-phishing-protection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=387451215c314dd5bd654668cdc1a197&builder.overrides.387451215c314dd5bd654668cdc1a197=387451215c314dd5bd654668cdc1a197&builder.overrides.use-case-page:/uc/zero-day-phishing-protection=387451215c314dd5bd654668cdc1a197&builder.options.locale=Default",{"xsmall":31,"small":32,"medium":33},"page","2daa5670b8504fc7ba4700633e8bd921","56vpqt68a5e",{"createdDate":404,"id":405,"name":406,"modelId":223,"published":13,"stageModifiedSincePublish":6,"query":407,"data":410,"variations":514,"lastUpdated":515,"firstPublished":516,"testRatio":23,"screenshot":517,"createdBy":92,"lastUpdatedBy":395,"folders":518,"meta":519,"rev":402},1756833377777,"54f8256648f54d439303734b1e69221b","Browser extension security",[408],{"@type":226,"property":227,"operator":228,"value":409},"/uc/browser-extension-security",{"seoDescription":411,"jsCode":29,"fontAwesomeIcon":412,"tsCode":29,"title":406,"seoTitle":406,"customFonts":413,"inputs":418,"blocks":419,"url":409,"state":511},"Shine a light on risky browser extensions.","faPuzzlePiece",[414],{"kind":235,"family":234,"version":236,"files":415,"category":257,"lastModified":237,"subsets":416,"variants":417,"menu":258},{"100":239,"200":240,"300":241,"500":242,"600":243,"700":244,"800":245,"900":246,"100italic":250,"italic":251,"regular":252,"900italic":248,"800italic":247,"700italic":249,"200italic":253,"300italic":255,"500italic":254,"600italic":256},[260,261],[263,264,265,266,267,268,72,269,270,271,272,273,274,275,276,277,278,279],[],[420,506],{"@type":47,"@version":48,"tagName":285,"id":421,"meta":422,"children":423},"builder-71d0648c1d2f4ede8d0d0b5b28b7b94c",{"previousId":286},[424,440,447,454,463,473,483,493,500],{"@type":47,"@version":48,"id":425,"meta":426,"component":427,"responsiveStyles":438},"builder-ff325b4b8fad4edea53f38865947e854",{"previousId":290},{"name":289,"options":428,"isRSC":62},{"title":406,"description":429,"points":430,"video":437},"\u003Cp>Browser extensions introduce new code, new permissions, and new potential for risk. Many include AI features, and most go completely unnoticed. Push gives you full visibility into every extension used across your workforce, across major browsers, so you can uncover shadow IT, assess risky permissions, and block unsafe tools before they lead to compromise.\u003C/p>",[431,433,435],{"item":432},"Discover every browser extension in use",{"item":434},"Spot risky or unsanctioned behavior",{"item":436},"Make informed decisions on extension policy","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fc538aad95d7f403aa3c3551af72f67c0?alt=media&token=1411fa6d-2eac-4e6c-94bf-ea117da12d67&apiKey=f3a1111ff5be48cdbb123cd9f5795a05",{"large":439},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"backgroundColor":304},{"@type":47,"@version":48,"id":441,"meta":442,"component":443,"responsiveStyles":445},"builder-fb89d128c64e47cf9cbb11d90fc24523",{"previousId":306},{"name":308,"options":444,"isRSC":62},{"AllPartners":34,"backgroundTransparent":6},{"large":446},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"backgroundColor":312},{"@type":47,"@version":48,"id":448,"meta":449,"component":450,"responsiveStyles":452},"builder-54388d35126c4d0096eeebaf8c4448cd",{"previousId":314},{"name":316,"options":451,"isRSC":62},{"darkMode":34},{"large":453},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"layerName":321,"id":455,"component":456,"responsiveStyles":461},"builder-3c8fa6785dd6466abf52a2470d66d85a",{"name":321,"tag":321,"options":457,"isRSC":62},{"darkMode":6,"maxWidth":325,"maxTextWidth":326,"title":458,"description":459,"image":460,"reverse":6},"\u003Ch2>Take control of browser extensions\u003C/h2>","\u003Cp>Attackers are increasingly using malicious browser extensions to gain access to data processed and stored in the browser. And the problem is, most security teams have no visibility into what extensions are being used. Push changes that. With browser-native telemetry, the Push extension continuously inventories browser extensions across your environment, flags the risky ones, and gives you intelligence to act. \u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F0a004f16a6874f4c8fdf14344acc9fec",{"large":462},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":464,"meta":465,"component":466,"responsiveStyles":471},"builder-93738f98109a4009affb349afd7bb182",{"previousId":333},{"name":335,"options":467,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":338,"title":468,"description":469,"reverse":34,"image":470},"\u003Ch2>Discover every extension in use\u003C/h2>","\u003Cp>Push gives you structured, searchable data about every extension in your environment, so you’re not just seeing what’s there, but also understanding how it got there, what it can do, and who it affects. It’s the kind of granular insight that’s nearly impossible to get from traditional tools, and it lays the groundwork for better policy decisions and faster investigations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F0e5727ca99474f14b1b7916bf6bbb782",{"large":472},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"fontFamily":344,"paddingTop":345,"marginTop":346},{"@type":47,"@version":48,"id":474,"meta":475,"component":476,"responsiveStyles":481},"builder-83393acb12ee4fdd840839185b51edb4",{"previousId":348},{"name":335,"options":477,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":351,"title":478,"description":479,"reverse":6,"image":480},"\u003Ch2>Spot risky or malicious extensions\u003C/h2>","\u003Cp>Push highlights extensions with dangerous permissions, broad access, or poor reputations. This includes AI extensions that request access far beyond what their stated purpose requires. You can quickly detect sideloaded, manually installed, or development-mode extensions that bypass normal controls. And because Push shows you who’s using them and where, you can respond precisely and effectively.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa104d58c8da34fbb8901f738fb21453b",{"large":482},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"paddingTop":357},{"@type":47,"@version":48,"layerName":335,"id":484,"meta":485,"component":486,"responsiveStyles":491},"builder-da98e3de949646d89c53a0d1c2784664",{"previousId":359},{"name":335,"options":487,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":362,"title":488,"description":489,"reverse":34,"image":490},"\u003Ch2>Accelerate security reviews\u003C/h2>","\u003Cp>Most teams have extension policies, they just don’t have the data to enforce them. Push reveals how each extension entered your environment, whether it was installed manually, sideloaded, or deployed in dev mode. You’ll see which users are running what, and where, so you can surface violations, investigate quickly, and respond with confidence.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F229f355be6f243b180f410d237a75bb3",{"large":492},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"paddingTop":368},{"@type":47,"@version":48,"id":494,"meta":495,"component":496,"responsiveStyles":498},"builder-1a689287d1a1418997d57db578a71105",{"previousId":370},{"name":316,"options":497,"isRSC":62},{"darkMode":6},{"large":499},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":501,"component":502,"responsiveStyles":504},"builder-feb4e75029f84c10b6498ef1f8f79128",{"name":378,"tag":378,"options":503,"isRSC":62},{"sectionHeading":29,"customClass":380},{"large":505},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"id":507,"@type":47,"tagName":75,"properties":508,"responsiveStyles":509},"builder-pixel-hbqxn52kr1s",{"src":77,"aria-hidden":78,"alt":29,"role":79,"width":68,"height":68},{"large":510},{"height":68,"width":68,"display":82,"opacity":68,"overflow":83,"pointerEvents":84},{"deviceSize":86,"location":512},{"path":29,"query":513},{},{},1776275365038,1757000441666,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8d496cf111644ee5afcc046b72d1ca5a",[],{"kind":400,"winningTest":62,"breakpoints":520,"lastPreviewUrl":521,"hasLinks":6,"originalContentId":221,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},"https://pushsecurity.com/uc/browser-extension-security?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=54f8256648f54d439303734b1e69221b&builder.overrides.54f8256648f54d439303734b1e69221b=54f8256648f54d439303734b1e69221b&builder.overrides.use-case-page:/uc/browser-extension-security=54f8256648f54d439303734b1e69221b&builder.options.locale=Default",{"createdDate":523,"id":524,"name":525,"modelId":223,"published":13,"query":526,"data":529,"variations":632,"lastUpdated":633,"firstPublished":634,"testRatio":23,"screenshot":635,"createdBy":92,"lastUpdatedBy":636,"folders":637,"meta":638,"rev":402},1744923509705,"94bebb7bb99d48629ad157e80cf4d81d","Account takeover detection",[527],{"@type":226,"property":227,"operator":228,"value":528},"/uc/account-takeover-detection",{"title":525,"customFonts":530,"jsCode":29,"seoTitle":525,"seoDescription":535,"fontAwesomeIcon":536,"tsCode":29,"blocks":537,"url":528,"state":629},[531],{"kind":235,"category":257,"variants":532,"menu":258,"files":533,"family":234,"subsets":534,"version":236,"lastModified":237},[263,264,265,266,267,268,72,269,270,271,272,273,274,275,276,277,278,279],{"100":239,"200":240,"300":241,"500":242,"600":243,"700":244,"800":245,"900":246,"300italic":255,"500italic":254,"800italic":247,"700italic":249,"italic":251,"900italic":248,"600italic":256,"200italic":253,"regular":252,"100italic":250},[260,261],"Stop ATO with stolen credential and compromised token detection.","faUserSecret",[538,624],{"@type":47,"@version":48,"tagName":285,"id":539,"meta":540,"children":541},"builder-e7913a774cae44c5a23d6081c5c30a52",{"previousId":286},[542,558,565,572,581,591,601,611,618],{"@type":47,"@version":48,"id":543,"meta":544,"component":545,"responsiveStyles":556},"builder-f1f1ab1601bc4c0f8c2a8aafd173675d",{"previousId":290},{"name":289,"options":546,"isRSC":62},{"title":525,"description":547,"points":548,"video":555},"\u003Cp>Attackers don’t need to phish, they just need a password that works. Push monitors for signs of credential-based attacks in real time, directly in the browser, catching account takeover attempts before the damage spreads. From ghost logins to credential stuffing, Push cuts off the paths attackers use to quietly slip in the back door.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[549,551,553],{"item":550},"Identify credential-based ATO as it unfolds",{"item":552},"Surface hijacked sessions and token misuse",{"item":554},"Strengthen authentication where your IdP can’t","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb4dd9db24bc9495b8a686b1b4d492016%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=b4dd9db24bc9495b8a686b1b4d492016&alt=media&optimized=true",{"large":557},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"backgroundColor":304},{"@type":47,"@version":48,"id":559,"meta":560,"component":561,"responsiveStyles":563},"builder-0bc0d1c78ece4994993c3a6427a4d533",{"previousId":306},{"name":308,"options":562,"isRSC":62},{"AllPartners":34,"backgroundTransparent":6},{"large":564},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"backgroundColor":312},{"@type":47,"@version":48,"id":566,"meta":567,"component":568,"responsiveStyles":570},"builder-e45de8f3768c4f16938dbf78e4e87524",{"previousId":314},{"name":316,"options":569,"isRSC":62},{"darkMode":34},{"large":571},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":573,"component":574,"responsiveStyles":579},"builder-c98e8bfd341146c1b67c02d5698ff093",{"name":321,"tag":321,"options":575,"isRSC":62},{"darkMode":6,"maxWidth":325,"maxTextWidth":326,"title":576,"description":577,"image":578,"reverse":6},"\u003Ch2>Assume less. See more.\u003C/h2>","\u003Cp>Most account takeovers don’t start with a breach, they start with a login. Whether it’s a reused password, a local account, or an outdated login flow, Push shows you how accounts are actually accessed day to day, not just how policies say they should be. That means no more blind spots around ghost logins, bypassed SSO, or stale access paths that quietly persist.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F18630ad2746d4eb7b7fcc0428b11a8f0",{"large":580},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":582,"meta":583,"component":584,"responsiveStyles":589},"builder-55c1fc38ddc04fd1a0d6a8e2fb819e00",{"previousId":333},{"name":335,"options":585,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":338,"title":586,"description":587,"reverse":34,"image":588},"\u003Ch2>Catch stolen credential use in real time\u003C/h2>","\u003Cp>Push monitors login activity directly in the browser to detect signs of credential-based attacks like leaked password use or suspicious login flows. By analyzing attacker TTPs instead of relying on known indicators, Push spots credential stuffing and account takeover attempts the moment they begin, not after they’ve succeeded.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F52b0123cac2c4dfdb1dc0af6adf9d603",{"large":590},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"fontFamily":344,"paddingTop":346,"marginTop":346},{"@type":47,"@version":48,"id":592,"meta":593,"component":594,"responsiveStyles":599},"builder-dfb31737b30948c6b95323655d571a50",{"previousId":348},{"name":335,"options":595,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":351,"title":596,"description":597,"reverse":6,"image":598},"\u003Ch2>Detect session hijacks and stealth access\u003C/h2>","\u003Cp>Attackers don’t always need a login screen, they often sidestep it entirely using stolen session tokens. Push detects when valid sessions are reused in unexpected ways, identifying hijacked sessions and stealth access attempts that traditional tools miss. Because we monitor directly in the browser, you see what’s happening inside active sessions in real time.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F94a6859a99e04d309ffe5841f3dbdf5c",{"large":600},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"paddingTop":357},{"@type":47,"@version":48,"layerName":335,"id":602,"meta":603,"component":604,"responsiveStyles":609},"builder-f7585b90eb974d03a7dc7eae5b58d227",{"previousId":359},{"name":335,"options":605,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":362,"title":606,"description":607,"reverse":34,"image":608},"\u003Ch2>Harden accounts before they’re compromised\u003C/h2>","\u003Cp>Push goes beyond alerts. It identifies apps that still allow local logins, even when SSO is configured, so you can remove weak access paths. Push also flags users without MFA, reused work credentials, or weak passwords, and prompts users in-browser to fix risky behaviors before they’re exploited.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F01c1b638f1b6497093a4f2b8ceddb5bb",{"large":610},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"paddingTop":368},{"@type":47,"@version":48,"id":612,"meta":613,"component":614,"responsiveStyles":616},"builder-ad81d1e3afec49a791214194eae09bdc",{"previousId":370},{"name":316,"options":615,"isRSC":62},{"darkMode":6},{"large":617},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":619,"component":620,"responsiveStyles":622},"builder-8dac1aa4b9d148628d92252bd8eff822",{"name":378,"tag":378,"options":621,"isRSC":62},{"sectionHeading":29,"customClass":380},{"large":623},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"id":625,"@type":47,"tagName":75,"properties":626,"responsiveStyles":627},"builder-pixel-y73c54ge6zi",{"src":77,"aria-hidden":78,"alt":29,"role":79,"width":68,"height":68},{"large":628},{"height":68,"width":68,"display":82,"opacity":68,"overflow":83,"pointerEvents":84},{"deviceSize":86,"location":630},{"path":29,"query":631},{},{},1770892814499,1745499162732,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F58b660fa94aa4b30b0faeb9b663ae41a","SfUPqW5tkibIPby49keNFMdHFTr1",[],{"lastPreviewUrl":639,"hasLinks":6,"originalContentId":221,"breakpoints":640,"winningTest":62,"kind":400,"hasAutosaves":34,"hasErrors":6},"https://pushsecurity.com/uc/account-takeover-detection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=94bebb7bb99d48629ad157e80cf4d81d&builder.overrides.94bebb7bb99d48629ad157e80cf4d81d=94bebb7bb99d48629ad157e80cf4d81d&builder.overrides.use-case-page:/uc/account-takeover-detection=94bebb7bb99d48629ad157e80cf4d81d&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":31,"small":32,"medium":33},{"createdDate":642,"id":643,"name":644,"modelId":223,"published":13,"query":645,"data":648,"variations":751,"lastUpdated":752,"firstPublished":753,"testRatio":23,"screenshot":754,"createdBy":92,"lastUpdatedBy":636,"folders":755,"meta":756,"rev":402},1745009370904,"23eb48fb56d3451cab77cb6ed140ee6d","Attack path hardening",[646],{"@type":226,"property":227,"operator":228,"value":647},"/uc/attack-path-hardening",{"tsCode":29,"seoDescription":649,"jsCode":29,"customFonts":650,"fontAwesomeIcon":655,"seoTitle":644,"title":644,"blocks":656,"url":647,"state":748},"Harden access paths with visibility,  detection, and guardrails.",[651],{"kind":235,"files":652,"version":236,"lastModified":237,"subsets":653,"menu":258,"category":257,"variants":654,"family":234},{"100":239,"200":240,"300":241,"500":242,"600":243,"700":244,"800":245,"900":246,"regular":252,"italic":251,"800italic":247,"500italic":254,"600italic":256,"200italic":253,"900italic":248,"700italic":249,"100italic":250,"300italic":255},[260,261],[263,264,265,266,267,268,72,269,270,271,272,273,274,275,276,277,278,279],"faRadar",[657,743],{"@type":47,"@version":48,"tagName":285,"id":658,"meta":659,"children":660},"builder-1d8553eddcaa44d7bba9e2f4ca13af2a",{"previousId":539},[661,677,684,691,700,710,720,730,737],{"@type":47,"@version":48,"id":662,"meta":663,"component":664,"responsiveStyles":675},"builder-84fe3d7c85a743cf8cef649aa974f1ef",{"previousId":543},{"name":289,"options":665,"isRSC":62},{"title":644,"description":666,"points":667,"video":674},"\u003Cp>Push continuously monitors your environment for exposed login paths, weak credentials, and missing protections like MFA. It detects the gaps attackers exploit and helps you close them before they’re used.\u003C/p>",[668,670,672],{"item":669},"Find weak spots like reused passwords, local logins, and missing MFA",{"item":671},"Monitor how users actually log in across apps, flows, and tools",{"item":673},"Enforce secure access with in-browser guardrails","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fdbdcf52892034f1bbddded77f753a343%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=dbdcf52892034f1bbddded77f753a343&alt=media&optimized=true",{"large":676},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"backgroundColor":304},{"@type":47,"@version":48,"id":678,"meta":679,"component":680,"responsiveStyles":682},"builder-b3f66f5b08054cc78a06fecfc3ae2337",{"previousId":559},{"name":308,"options":681,"isRSC":62},{"AllPartners":34,"backgroundTransparent":6},{"large":683},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"backgroundColor":312},{"@type":47,"@version":48,"id":685,"meta":686,"component":687,"responsiveStyles":689},"builder-4c73418b84be49ed85e6e13d2625c5a0",{"previousId":566},{"name":316,"options":688,"isRSC":62},{"darkMode":34},{"large":690},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":692,"component":693,"responsiveStyles":698},"builder-dec0246085e1485c803f7152b1922a81",{"name":321,"tag":321,"options":694,"isRSC":62},{"darkMode":6,"maxWidth":325,"maxTextWidth":326,"title":695,"description":696,"image":697,"reverse":6},"\u003Ch2>Find the gaps that lead to compromise\u003C/h2>","\u003Cp>Misconfigurations don’t show up in your config files, they show up in how users actually access apps. Push monitors real login behavior in the browser, surfacing risky patterns like local login access, duplicate accounts, or missing protections that leave doors wide open.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F309a59bba8d247a19476bb369397460e",{"large":699},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":701,"meta":702,"component":703,"responsiveStyles":708},"builder-ebf049a645604a249550996a88f8f3b6",{"previousId":582},{"name":335,"options":704,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":338,"title":705,"description":706,"reverse":34,"image":707},"\u003Ch2>See real login behavior\u003C/h2>","\u003Cp>Push watches authentication flows as they happen, giving you a live view of how users log in, which methods they choose, and where protections like MFA are missing. Plus, uncover every app and account in use, even shadow IT you didn’t know existed, without relying on stale config files or IdP assumptions. \u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb51f6b0357cc451b87a7a5016d984e5e",{"large":709},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"fontFamily":344,"paddingTop":345,"marginTop":346},{"@type":47,"@version":48,"id":711,"meta":712,"component":713,"responsiveStyles":718},"builder-431d175c59004669b0b2776b07d71737",{"previousId":592},{"name":335,"options":714,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":351,"title":715,"description":716,"reverse":6,"image":717},"\u003Ch2>Find and fix posture drift\u003C/h2>","\u003Cp>Security posture isn’t static. Push continuously monitors for issues like missing MFA or legacy login methods. When something falls out of policy, you know immediately with custom notifications so you can act before it turns into risk.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F324e39127dfc41e592b1183dfb39892d",{"large":719},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"paddingTop":357},{"@type":47,"@version":48,"layerName":335,"id":721,"meta":722,"component":723,"responsiveStyles":728},"builder-3dffdcbe0a484e2ca4c03f019b6d40ee",{"previousId":602},{"name":335,"options":724,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":362,"title":725,"description":726,"reverse":34,"image":727},"\u003Ch2>Guide users with in-browser guardrails\u003C/h2>","\u003Cp>Push doesn’t just surface problems, it helps you fix them. When users sign in without MFA, reuse a password, or use insecure credentials, Push prompts them directly in the browser to secure their access. It’s faster, more effective, and actually gets results.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fee8b75d13e45488aba55434a8b49ebb0",{"large":729},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"paddingTop":368},{"@type":47,"@version":48,"id":731,"meta":732,"component":733,"responsiveStyles":735},"builder-976bc222cd7647ff905f1e01cfedc453",{"previousId":612},{"name":316,"options":734,"isRSC":62},{"darkMode":6},{"large":736},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":738,"component":739,"responsiveStyles":741},"builder-8c47ec2fd0f74382bb3e6c870555632c",{"name":378,"tag":378,"options":740,"isRSC":62},{"sectionHeading":29,"customClass":380},{"large":742},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"id":744,"@type":47,"tagName":75,"properties":745,"responsiveStyles":746},"builder-pixel-gngc8jv6w58",{"src":77,"aria-hidden":78,"alt":29,"role":79,"width":68,"height":68},{"large":747},{"height":68,"width":68,"display":82,"opacity":68,"overflow":83,"pointerEvents":84},{"deviceSize":86,"location":749},{"path":29,"query":750},{},{},1770892844854,1745499166112,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6ca12bf728a045f1a31d40c0beb3bfe5",[],{"kind":400,"lastPreviewUrl":757,"breakpoints":758,"hasLinks":6,"originalContentId":524,"winningTest":62,"hasAutosaves":34},"https://pushsecurity.com/uc/attack-path-hardening?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=23eb48fb56d3451cab77cb6ed140ee6d&builder.overrides.23eb48fb56d3451cab77cb6ed140ee6d=23eb48fb56d3451cab77cb6ed140ee6d&builder.overrides.use-case-page:/uc/attack-path-hardening=23eb48fb56d3451cab77cb6ed140ee6d&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":31,"small":32,"medium":33},{"createdDate":760,"id":761,"name":762,"modelId":223,"published":13,"query":763,"data":766,"variations":871,"lastUpdated":872,"firstPublished":873,"testRatio":23,"screenshot":874,"createdBy":92,"lastUpdatedBy":636,"folders":875,"meta":876,"rev":402},1761675020232,"ea4f309d2ffe46c5aa97ebf0fda4e2e3","ClickFix Protection",[764],{"@type":226,"property":227,"operator":228,"value":765},"/uc/clickfix-protection",{"seoDescription":767,"fontAwesomeIcon":768,"customFonts":769,"seoTitle":774,"jsCode":29,"tsCode":29,"title":774,"blocks":775,"url":765,"state":868},"Block attacks that trick users into running malicious code.","faLaptopCode",[770],{"files":771,"subsets":772,"menu":258,"version":236,"kind":235,"family":234,"lastModified":237,"variants":773,"category":257},{"100":239,"200":240,"300":241,"500":242,"600":243,"700":244,"800":245,"900":246,"200italic":253,"800italic":247,"700italic":249,"600italic":256,"100italic":250,"italic":251,"regular":252,"300italic":255,"500italic":254,"900italic":248},[260,261],[263,264,265,266,267,268,72,269,270,271,272,273,274,275,276,277,278,279],"ClickFix protection",[776,863],{"@type":47,"@version":48,"tagName":285,"id":777,"meta":778,"children":779},"builder-d7eefdde0f2a4b2b9de3dcb2978fd6cb",{"previousId":658},[780,796,803,810,820,830,840,850,857],{"@type":47,"@version":48,"id":781,"meta":782,"component":783,"responsiveStyles":794},"builder-56e2c54bcce040a4af8b92ae03706c12",{"previousId":662},{"name":289,"options":784,"isRSC":62},{"title":774,"description":785,"points":786,"image":793},"\u003Cp>ClickFix attacks are one of the fastest-growing threats, tricking users into copying malicious code from a webpage and running it locally. This technique bypasses traditional EDR, email gateways, and network filters, leading directly to ransomware and data theft. Push stops this attack at the source, in the browser, by detecting and blocking the malicious behavior before the user can ever paste the code.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[787,789,791],{"item":788},"Detect ClickFix, FileFix, and fake CAPTCHA in the browser",{"item":790},"Block malicious copy-and-paste actions before code is executed",{"item":792},"See full telemetry into which users were targeted and what they saw","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b74af62889847ebb3927364485b0546",{"large":795},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"backgroundColor":304},{"@type":47,"@version":48,"id":797,"meta":798,"component":799,"responsiveStyles":801},"builder-05f9614d4e3e4dc88b3ee8658f54e10e",{"previousId":678},{"name":308,"options":800,"isRSC":62},{"AllPartners":34,"backgroundTransparent":6},{"large":802},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"backgroundColor":312},{"@type":47,"@version":48,"id":804,"meta":805,"component":806,"responsiveStyles":808},"builder-c4fb5179366243c1b6c32d368675cf47",{"previousId":685},{"name":316,"options":807,"isRSC":62},{"darkMode":34},{"large":809},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":811,"meta":812,"component":813,"responsiveStyles":818},"builder-261af50705fd445d8cca4a6ba20d5391",{"previousId":692},{"name":321,"tag":321,"options":814,"isRSC":62},{"darkMode":6,"maxWidth":325,"maxTextWidth":326,"title":815,"description":816,"reverse":6,"image":817},"\u003Ch2>Stop ClickFix-style attacks before they become a breach\u003C/h2>","\u003Cp>Traditional security tools are blind to malicious copy and paste attacks because the attack exploits a gap between the browser and the endpoint. EDR only sees the payload after it runs, and network tools see only part of the picture.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F98b2f7e08dec4eafaf8e24937605b8cf",{"large":819},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":821,"meta":822,"component":823,"responsiveStyles":828},"builder-7d21b8aab8064c40b1e5dd23c4749309",{"previousId":701},{"name":335,"options":824,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":338,"title":825,"description":826,"reverse":34,"image":827},"\u003Ch2>Discover lures at the source\u003C/h2>","\u003Cp>Push inspects page behavior to identify ClickFix attacks as they happen. By inspecting the page, its structure, and how the user interacts with it, Push can detect and block these in-browser threats in real time. This deep, TTP-based inspection spots the trap even on novel pages that are built to bypass traditional web filters and blocklists.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F665bf47e01544c75bf9ddafd3917927b",{"large":829},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"fontFamily":344,"paddingTop":345,"marginTop":346},{"@type":47,"@version":48,"id":831,"meta":832,"component":833,"responsiveStyles":838},"builder-fb91943adf6149259ed9e1e6566c9afe",{"previousId":711},{"name":335,"options":834,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":351,"title":835,"description":836,"reverse":6,"image":837},"\u003Ch2>Block the malicious action\u003C/h2>","\u003Cp>When Push detects a malicious script, it intercepts the user's action and blocks the code from being copied to the clipboard. The user is protected, the attack is stopped, and no malicious code ever reaches the endpoint. Unlike broad DLP tools, this action is surgical, targeting only malicious behavior without disrupting normal work.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F5ee68f81f1ac416685cbfe91298cf827",{"large":839},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"paddingTop":357},{"@type":47,"@version":48,"layerName":335,"id":841,"meta":842,"component":843,"responsiveStyles":848},"builder-bfac95fada864e5a8259b955b5b5f98b",{"previousId":721},{"name":335,"options":844,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":362,"title":845,"description":846,"reverse":34,"image":847},"\u003Ch2>Accelerate ClickFix investigations\u003C/h2>","\u003Cp>When an attack happens, knowing what the user saw or did is critical. Push provides rich browser session data for rapid investigation and containment. Security teams get detailed telemetry on which users were targeted, what lure they were served, and when the block occurred. This enables defenders to reconstruct what happened and respond quickly, even when other tools miss the activity entirely.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6cdf2a8aeddc4e9a9023cbf974e40239",{"large":849},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"paddingTop":368},{"@type":47,"@version":48,"id":851,"meta":852,"component":853,"responsiveStyles":855},"builder-136892e831684a6987f87d3be67c33d1",{"previousId":731},{"name":316,"options":854,"isRSC":62},{"darkMode":6},{"large":856},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":858,"component":859,"responsiveStyles":861},"builder-dec26b739f2f42beb5a73cfc6c675b60",{"name":378,"tag":378,"options":860,"isRSC":62},{"sectionHeading":29,"customClass":380},{"large":862},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"id":864,"@type":47,"tagName":75,"properties":865,"responsiveStyles":866},"builder-pixel-il9xatcz3ii",{"src":77,"aria-hidden":78,"alt":29,"role":79,"width":68,"height":68},{"large":867},{"height":68,"width":68,"display":82,"opacity":68,"overflow":83,"pointerEvents":84},{"deviceSize":86,"location":869},{"path":29,"query":870},{},{},1770892881888,1761847585203,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F375467b8bef34ed1a8a1cc5b8b67d75f",[],{"lastPreviewUrl":877,"originalContentId":643,"winningTest":62,"hasLinks":6,"kind":400,"breakpoints":878,"hasAutosaves":6},"https://pushsecurity.com/uc/clickfix-protection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.overrides.ea4f309d2ffe46c5aa97ebf0fda4e2e3=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.overrides.use-case-page:/uc/clickfix-protection=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":31,"small":32,"medium":33},{"createdDate":880,"id":881,"name":882,"modelId":223,"published":13,"query":883,"data":886,"variations":991,"lastUpdated":992,"firstPublished":993,"testRatio":23,"screenshot":994,"createdBy":92,"lastUpdatedBy":636,"folders":995,"meta":996,"rev":402},1745009743870,"a9d5556e77f84a37b5bd52310a7110c1","Incident response",[884],{"@type":226,"property":227,"operator":228,"value":885},"/uc/incident-response",{"seoDescription":887,"customFonts":888,"title":882,"jsCode":29,"fontAwesomeIcon":893,"seoTitle":894,"tsCode":29,"blocks":895,"url":885,"state":988},"Investigate and respond faster with unique browser telemetry.",[889],{"kind":235,"subsets":890,"menu":258,"variants":891,"category":257,"family":234,"version":236,"lastModified":237,"files":892},[260,261],[263,264,265,266,267,268,72,269,270,271,272,273,274,275,276,277,278,279],{"100":239,"200":240,"300":241,"500":242,"600":243,"700":244,"800":245,"900":246,"900italic":248,"600italic":256,"200italic":253,"300italic":255,"100italic":250,"700italic":249,"800italic":247,"regular":252,"italic":251,"500italic":254},"faSatelliteDish","Browser based incident response",[896,983],{"@type":47,"@version":48,"tagName":285,"id":897,"meta":898,"children":899},"builder-653c4aed737b4def88dc4cd2d695660a",{"previousId":658},[900,917,924,931,940,950,960,970,977],{"@type":47,"@version":48,"id":901,"meta":902,"component":903,"responsiveStyles":915},"builder-18190bd36518467d9154d27d7e945b9b",{"previousId":662},{"name":289,"options":904,"isRSC":62},{"title":905,"description":906,"points":907,"video":914},"Browser-based incident response","\u003Cp>Push gives you real-time visibility into what actually happened during a breach, right in the browser where the attack played out. From credential theft to session hijacking, Push captures high-fidelity telemetry so you can investigate quickly, contain confidently, and shut it down before it spreads.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[908,910,912],{"item":909},"Reconstruct what happened with real browser session context",{"item":911},"Investigate faster with real-world session context",{"item":913},"Trigger response actions automatically through your SIEM or SOAR","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fd00e39d3b6e346c296261d875cf55652%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=d00e39d3b6e346c296261d875cf55652&alt=media&optimized=true",{"large":916},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"backgroundColor":304},{"@type":47,"@version":48,"id":918,"meta":919,"component":920,"responsiveStyles":922},"builder-8a0a8ea63f5d48dd8a6726f2d49cf0ca",{"previousId":678},{"name":308,"options":921,"isRSC":62},{"AllPartners":34,"backgroundTransparent":6},{"large":923},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"backgroundColor":312},{"@type":47,"@version":48,"id":925,"meta":926,"component":927,"responsiveStyles":929},"builder-2df65c3f54334df2b26e7cb744886cdc",{"previousId":685},{"name":316,"options":928,"isRSC":62},{"darkMode":34},{"large":930},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":932,"component":933,"responsiveStyles":938},"builder-2c32c869efc2423ab69ef06b150e9f97",{"name":321,"tag":321,"options":934,"isRSC":62},{"darkMode":6,"maxWidth":325,"maxTextWidth":326,"title":935,"description":936,"image":937,"reverse":6},"\u003Ch2>See attacks unfold, not just their aftermath\u003C/h2>","\u003Cp>Attacks happen in the browser, not in logs. Push captures what traditional tools miss: what users clicked, what loaded, what was entered, and how attackers moved. That gives you real-world evidence, not just assumptions, when every second matters.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F36fc719bd1de4a38b916f4d25c81a26d",{"large":939},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":941,"meta":942,"component":943,"responsiveStyles":948},"builder-370e53c6016e432db01e9193a2ce90f6",{"previousId":701},{"name":335,"options":944,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":338,"title":945,"description":946,"reverse":34,"image":947},"\u003Ch2>Investigate faster with high-fidelity data\u003C/h2>","\u003Cp>Reconstructing an incident shouldn’t feel like guesswork. Push records detailed telemetry from inside the browser: page loads, credential inputs, DOM changes, session activity, user behavior. It’s structured, exportable, and ready to plug into your investigation workflows, so you can move fast without digging through proxy logs or relying on user reports.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa6adda040e684e67a8d68a55c5ce5f6d",{"large":949},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"fontFamily":344,"paddingTop":346,"marginTop":346},{"@type":47,"@version":48,"id":951,"meta":952,"component":953,"responsiveStyles":958},"builder-a7f3767a8d184bd08fb24520bf210e95",{"previousId":711},{"name":335,"options":954,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":351,"title":955,"description":956,"reverse":6,"image":957},"\u003Ch2>Contain and respond in real time\u003C/h2>","\u003Cp>When something looks off, Push doesn’t just alert you, it gives you options. Guide users with in-browser prompts. Terminate sessions. Trigger SOAR workflows. Enrich SIEM alerts. Push gives you the context and control to stop spread before it starts.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb3dedeed5aba4847a2c2d22e10d0ec12",{"large":959},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"paddingTop":357},{"@type":47,"@version":48,"layerName":335,"id":961,"meta":962,"component":963,"responsiveStyles":968},"builder-b92036ee0ece4b32acdbdcc7c377366b",{"previousId":721},{"name":335,"options":964,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":362,"title":965,"description":966,"reverse":34,"image":967},"\u003Ch2>Prevent the next one\u003C/h2>","\u003Cp>Push helps you respond fast, but it also helps you fix what went wrong. It surfaces misconfigurations and risky behaviors that made the attack possible in the first place, then guides users in-browser to remediate. One tool. Full loop. No loose ends.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fc1ecc2d5d3814b62b072fac01827ff96",{"large":969},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"paddingTop":368},{"@type":47,"@version":48,"id":971,"meta":972,"component":973,"responsiveStyles":975},"builder-5e8ae39655274de89da32ab573a2525a",{"previousId":731},{"name":316,"options":974,"isRSC":62},{"darkMode":6},{"large":976},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":978,"component":979,"responsiveStyles":981},"builder-dfd6850cfb4741d2b8a0c16c2780f00a",{"name":378,"tag":378,"options":980,"isRSC":62},{"sectionHeading":29,"customClass":380},{"large":982},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"id":984,"@type":47,"tagName":75,"properties":985,"responsiveStyles":986},"builder-pixel-29htaswdoi8",{"src":77,"aria-hidden":78,"alt":29,"role":79,"width":68,"height":68},{"large":987},{"height":68,"width":68,"display":82,"opacity":68,"overflow":83,"pointerEvents":84},{"deviceSize":86,"location":989},{"path":29,"query":990},{},{},1770892908052,1745427419274,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb07017bfd318431690a5bb35bda35b99",[],{"kind":400,"breakpoints":997,"originalContentId":643,"winningTest":62,"lastPreviewUrl":998,"hasLinks":6,"hasAutosaves":34,"hasErrors":6},{"xsmall":31,"small":32,"medium":33},"https://pushsecurity.com/uc/incident-response?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=a9d5556e77f84a37b5bd52310a7110c1&builder.overrides.a9d5556e77f84a37b5bd52310a7110c1=a9d5556e77f84a37b5bd52310a7110c1&builder.overrides.use-case-page:/uc/incident-response=a9d5556e77f84a37b5bd52310a7110c1&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"createdDate":1000,"id":1001,"name":1002,"modelId":223,"published":13,"query":1003,"data":1006,"variations":1111,"lastUpdated":1112,"firstPublished":1113,"testRatio":23,"screenshot":1114,"createdBy":92,"lastUpdatedBy":636,"folders":1115,"meta":1116,"rev":402},1746122471259,"5f118e24433d46ceb79f5099987156d7","Shadow SaaS",[1004],{"@type":226,"property":227,"operator":228,"value":1005},"/uc/shadow-saas",{"seoTitle":1007,"seoDescription":1008,"customFonts":1009,"fontAwesomeIcon":1014,"title":1015,"jsCode":29,"tsCode":29,"blocks":1016,"url":1005,"state":1108},"Find and secure shadow SaaS","See and control shadow SaaS in the browser.",[1010],{"kind":235,"variants":1011,"files":1012,"family":234,"version":236,"subsets":1013,"lastModified":237,"category":257,"menu":258},[263,264,265,266,267,268,72,269,270,271,272,273,274,275,276,277,278,279],{"100":239,"200":240,"300":241,"500":242,"600":243,"700":244,"800":245,"900":246,"300italic":255,"500italic":254,"regular":252,"900italic":248,"italic":251,"100italic":250,"200italic":253,"600italic":256,"700italic":249,"800italic":247},[260,261],"faShieldCheck","Secure shadow SaaS",[1017,1103],{"@type":47,"@version":48,"tagName":285,"id":1018,"meta":1019,"children":1020},"builder-04da805c4cd34652a2db452fcda52e1d",{"previousId":897},[1021,1037,1044,1051,1060,1070,1080,1090,1097],{"@type":47,"@version":48,"id":1022,"meta":1023,"component":1024,"responsiveStyles":1035},"builder-830d414faeaf41439142f9157e8288c8",{"previousId":901},{"name":289,"options":1025,"isRSC":62},{"title":1007,"description":1026,"points":1027,"video":1034},"\u003Cp>SaaS sprawl is one of today’s fastest-growing security blind spots because most tools monitor around the edges. Push sees it at the source, in the browser, revealing every app users access, flagging risky tools, and helping you shut down exposure before it leads to a breach. No guesswork. No nasty surprises. Just real-time visibility and control.\u003C/p>",[1028,1030,1032],{"item":1029},"Discover every SaaS app users access, managed or not",{"item":1031},"Spot accounts with weak security postures like missing MFA, unmanaged access, and no SSO",{"item":1033},"Control usage with in-browser prompts, blocks, and security guardrails","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F3e4eece318d04d6586e691d59d0741cf%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=3e4eece318d04d6586e691d59d0741cf&alt=media&optimized=true",{"large":1036},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"backgroundColor":304},{"@type":47,"@version":48,"id":1038,"meta":1039,"component":1040,"responsiveStyles":1042},"builder-cd7833f966cb4c7e8adf0d6c979414a6",{"previousId":918},{"name":308,"options":1041,"isRSC":62},{"AllPartners":34,"backgroundTransparent":6},{"large":1043},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"backgroundColor":312},{"@type":47,"@version":48,"id":1045,"meta":1046,"component":1047,"responsiveStyles":1049},"builder-49d720b45430454e8b08c526f267c19f",{"previousId":925},{"name":316,"options":1048,"isRSC":62},{"darkMode":34},{"large":1050},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":1052,"component":1053,"responsiveStyles":1058},"builder-3dde0bf6c8544e5e9ab41b18a9d68034",{"name":321,"tag":321,"options":1054,"isRSC":62},{"darkMode":6,"maxWidth":325,"maxTextWidth":326,"title":1055,"description":1056,"image":1057,"reverse":6},"\u003Ch2>Use your browser to curb Saas Sprawl\u003C/h2>","\u003Cp>Shadow SaaS isn’t hiding in your network, it’s in your browser. From AI tools to unsanctioned file-sharing sites, security risks live in the apps your users sign into every day. Push maps your organization's true SaaS footprint in real time, exposing apps and accounts with unmanaged access, poor authentication, or no security oversight.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb6811a214c7949b6bbe0b9a3bca62efd",{"large":1059},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":1061,"meta":1062,"component":1063,"responsiveStyles":1068},"builder-e2420451ccdc4f088d0a4904cff45935",{"previousId":941},{"name":335,"options":1064,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":338,"title":1065,"description":1066,"reverse":34,"image":1067},"\u003Ch2>Discover hidden SaaS usage\u003C/h2>","\u003Cp>Push captures live browser telemetry across every tab and session. Whether a user signs into a sanctioned app with a personal account or tries a new AI plugin, you’ll see it in real time, with no integrations or manual tagging.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe16e301f9af94665b95d98232a863d8a",{"large":1069},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"fontFamily":344,"paddingTop":346,"marginTop":346},{"@type":47,"@version":48,"id":1071,"meta":1072,"component":1073,"responsiveStyles":1078},"builder-b36de7fce7994beea9e58d94662e7166",{"previousId":951},{"name":335,"options":1074,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":351,"title":1075,"description":1076,"reverse":6,"image":1077},"\u003Ch2>Spot risky access and unsafe usage\u003C/h2>","\u003Cp>Discovery is just the beginning. Push flags apps with risky traits, no MFA, no SSO, known vulnerabilities, or broad access scopes. You’ll know which tools introduce real risk, and which users are exposed so you can act with precision.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6585f3c242da4d70ae3cb7d02f481bef",{"large":1079},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"paddingTop":357},{"@type":47,"@version":48,"layerName":335,"id":1081,"meta":1082,"component":1083,"responsiveStyles":1088},"builder-dc366b5134684fe7a508edf8913103ea",{"previousId":961},{"name":335,"options":1084,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":362,"title":1085,"description":1086,"reverse":34,"image":1087},"\u003Ch2>Close gaps before they grow\u003C/h2>","\u003Cp>Push turns insight into action. When risky SaaS use is detected, guide users to enable MFA, block high-risk apps, or apply in-browser guardrails automatically. All without deploying new infrastructure or managing dozens of integrations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe6d60b6d91414819bc6258a318f00557",{"large":1089},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"paddingTop":368},{"@type":47,"@version":48,"id":1091,"meta":1092,"component":1093,"responsiveStyles":1095},"builder-8708f6f0d8da4b3f9e17bf16cda70219",{"previousId":971},{"name":316,"options":1094,"isRSC":62},{"darkMode":6},{"large":1096},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":1098,"component":1099,"responsiveStyles":1101},"builder-8ff4b38d60534cf28cb523ab0f754875",{"name":378,"tag":378,"options":1100,"isRSC":62},{"sectionHeading":29,"customClass":380},{"large":1102},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"id":1104,"@type":47,"tagName":75,"properties":1105,"responsiveStyles":1106},"builder-pixel-w2mc896qcsj",{"src":77,"aria-hidden":78,"alt":29,"role":79,"width":68,"height":68},{"large":1107},{"height":68,"width":68,"display":82,"opacity":68,"overflow":83,"pointerEvents":84},{"deviceSize":86,"location":1109},{"path":29,"query":1110},{},{},1770892936802,1746714967208,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F01bfb2304521412fbd2e1a1180904d40",[],{"originalContentId":881,"winningTest":62,"lastPreviewUrl":1117,"breakpoints":1118,"kind":400,"hasLinks":6,"hasAutosaves":6},"https://pushsecurity.com/uc/shadow-saas?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=5f118e24433d46ceb79f5099987156d7&builder.overrides.5f118e24433d46ceb79f5099987156d7=5f118e24433d46ceb79f5099987156d7&builder.overrides.use-case-page:/uc/shadow-saas=5f118e24433d46ceb79f5099987156d7&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":31,"small":32,"medium":33},{"createdDate":1120,"id":1121,"name":1122,"modelId":223,"published":13,"stageModifiedSincePublish":6,"query":1123,"data":1126,"variations":1232,"lastUpdated":1233,"firstPublished":1234,"testRatio":23,"screenshot":1235,"createdBy":92,"lastUpdatedBy":395,"folders":1236,"meta":1237,"rev":402},1764707470172,"b62629ce2f3741158d961cd10fe74b31","Shadow AI",[1124],{"@type":226,"property":227,"operator":228,"value":1125},"/uc/shadow-ai",{"seoTitle":1127,"fontAwesomeIcon":1128,"title":1129,"seoDescription":1130,"customFonts":1131,"tsCode":29,"jsCode":29,"blocks":1136,"url":1125,"state":1229},"Secure AI native and AI enhanced apps. ","faBrainCircuit","Secure AI","See and control AI apps in the browser.",[1132],{"version":236,"files":1133,"kind":235,"family":234,"lastModified":237,"category":257,"variants":1134,"subsets":1135,"menu":258},{"100":239,"200":240,"300":241,"500":242,"600":243,"700":244,"800":245,"900":246,"700italic":249,"100italic":250,"600italic":256,"italic":251,"300italic":255,"200italic":253,"500italic":254,"800italic":247,"900italic":248,"regular":252},[263,264,265,266,267,268,72,269,270,271,272,273,274,275,276,277,278,279],[260,261],[1137,1224],{"@type":47,"@version":48,"tagName":285,"id":1138,"meta":1139,"children":1140},"builder-a6e5717a2c914d5695058e4ee201a05d",{"previousId":1018},[1141,1157,1164,1171,1181,1191,1201,1211,1218],{"@type":47,"@version":48,"id":1142,"meta":1143,"component":1144,"responsiveStyles":1155},"builder-3e0ed678683f4a0eb7aa00253cf263b2",{"previousId":1022},{"name":289,"options":1145,"isRSC":62},{"title":1129,"description":1146,"points":1147,"image":1154},"\u003Cp>Every AI interaction traverses the browser. Employees use GenAI tools, connect AI apps to corporate accounts, and run agentic workflows, often outside security oversight. Push gives security teams the visibility to see what AI is doing across their environment and the controls to intervene before sensitive data leaves or access gets abused.\u003C/p>",[1148,1150,1152],{"item":1149},"Discover every AI tool and agent active across your workforce",{"item":1151},"Detect sensitive data being submitted to AI apps",{"item":1153},"Enforce AI policy directly in the browser","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F33cf153d920f4e389f3650253577cff7",{"large":1156},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"backgroundColor":304},{"@type":47,"@version":48,"id":1158,"meta":1159,"component":1160,"responsiveStyles":1162},"builder-76968f8471d14893b8189d75b08fb426",{"previousId":1038},{"name":308,"options":1161,"isRSC":62},{"AllPartners":34,"backgroundTransparent":6},{"large":1163},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"backgroundColor":312},{"@type":47,"@version":48,"id":1165,"meta":1166,"component":1167,"responsiveStyles":1169},"builder-b55b9d4bc5a649d8839ce7f6c2043d95",{"previousId":1045},{"name":316,"options":1168,"isRSC":62},{"darkMode":34},{"large":1170},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":1172,"meta":1173,"component":1174,"responsiveStyles":1179},"builder-c3f38ef4d75d4989a29b5903175ed8a1",{"previousId":1052},{"name":321,"tag":321,"options":1175,"isRSC":62},{"darkMode":6,"maxWidth":325,"maxTextWidth":326,"title":1176,"description":1177,"image":1178,"reverse":6},"\u003Ch2>The browser is where AI lives\u003C/h2>","\u003Cp>AI activity doesn't happen at the network layer or the endpoint. It happens in the browser, where employees interact with AI tools, where agents execute tasks, and where sensitive data gets submitted to external services. Push captures live telemetry from inside the browser session, identifying every AI-native and AI-enhanced application in use. \u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F30b43bda6f1644c19478fb1efa20050c",{"large":1180},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":1182,"meta":1183,"component":1184,"responsiveStyles":1189},"builder-90ee9cb9afc44e7f885523715bf51a53",{"previousId":1061},{"name":335,"options":1185,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":338,"title":1186,"description":1187,"reverse":34,"image":1188},"\u003Ch2>Discover every AI tool users touch\u003C/h2>","\u003Cp>Most organisations are using far more AI than they've approved. Push identifies every AI-native and AI-enhanced application accessed across the workforce, which corporate identities are connected, and what new tools appear in the environment. Applications are categorized by risk and policy status so security teams can prioritize exposure before it becomes an incident.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F636e65ad0c4c43faa3e626c41e90d8a3",{"large":1190},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"fontFamily":344,"paddingTop":346,"marginTop":346},{"@type":47,"@version":48,"id":1192,"meta":1193,"component":1194,"responsiveStyles":1199},"builder-9e44539fa53c4d8e87406036c921fc46",{"previousId":1071},{"name":335,"options":1195,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":351,"title":1196,"description":1197,"reverse":6,"image":1198},"\u003Ch2>Prevent sensitive data from reaching the wrong AI tools\u003C/h2>","\u003Cp>Employees paste credentials, customer data, and internal documents into AI tools without realizing the risk. Push detects sensitive data interactions in the browser in real time, including file uploads, clipboard activity, and form submissions to unsanctioned or high-risk AI applications. Controls can be applied to warn users, require policy acknowledgment, or block the interaction entirely.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F011332d42dab4a299f25ab3847741ed9",{"large":1200},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"paddingTop":357},{"@type":47,"@version":48,"layerName":335,"id":1202,"meta":1203,"component":1204,"responsiveStyles":1209},"builder-44c1a891926f4bdeaaa37e90721fe6ac",{"previousId":1081},{"name":335,"options":1205,"isRSC":62},{"darkMode":6,"maxWidth":325,"imageMaxWidth":337,"textPaddingTop":362,"title":1206,"description":1207,"reverse":34,"image":1208},"\u003Ch2>Govern agentic AI permissions and activity\u003C/h2>","\u003Cp>AI agents operating in the browser can access applications, execute actions, and handle data on behalf of users, often with permissions that were never explicitly reviewed. Push surfaces agentic permissions and data flows so security teams can see what agents are doing, where they have access, and apply controls before that access is exploited or abused.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F71549a73d0b84f1c8cb151c05e493e8d",{"large":1210},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"paddingTop":368},{"@type":47,"@version":48,"id":1212,"meta":1213,"component":1214,"responsiveStyles":1216},"builder-dcc906f9cbe54dc68b3c672668e7a38f",{"previousId":1091},{"name":316,"options":1215,"isRSC":62},{"darkMode":6},{"large":1217},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":1219,"component":1220,"responsiveStyles":1222},"builder-d2d64780c31b4349bc75805b23a07e38",{"name":378,"tag":378,"options":1221,"isRSC":62},{"sectionHeading":29,"customClass":380},{"large":1223},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"id":1225,"@type":47,"tagName":75,"properties":1226,"responsiveStyles":1227},"builder-pixel-pdumg9mgucm",{"src":77,"aria-hidden":78,"alt":29,"role":79,"width":68,"height":68},{"large":1228},{"height":68,"width":68,"display":82,"opacity":68,"overflow":83,"pointerEvents":84},{"deviceSize":86,"location":1230},{"path":29,"query":1231},{},{},1778073860450,1764950077593,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F9b4d5666fc9e495a9a8de4258975cd9f",[],{"lastPreviewUrl":1238,"hasLinks":6,"originalContentId":1001,"winningTest":62,"breakpoints":1239,"kind":400,"hasAutosaves":6,"hasErrors":6},"https://pushsecurity.com/uc/shadow-ai?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=b62629ce2f3741158d961cd10fe74b31&builder.overrides.b62629ce2f3741158d961cd10fe74b31=b62629ce2f3741158d961cd10fe74b31&builder.overrides.use-case-page:/uc/shadow-ai=b62629ce2f3741158d961cd10fe74b31&builder.options.locale=Default",{"xsmall":31,"small":32,"medium":33},{"w":1241,"h":1242,"d":1243},448,512,"M280.4 48c-3.2 0-6.3 .5-9.3 1.4L206.6 69.2C136.1 90.9 88 156.1 88 229.8l0 42.9c22.7 3.8 40 23.6 40 47.3l0 144c0 26.5-21.5 48-48 48l-32 0c-26.5 0-48-21.5-48-48L0 320c0-23.8 17.3-43.5 40-47.3l0-42.9C40 135 101.8 51.2 192.5 23.4L256.9 3.5c7.6-2.3 15.5-3.5 23.4-3.5 44 0 79.6 35.7 79.6 79.6l0 56.4c0 13.3-10.7 24-24 24s-24-10.7-24-24l0-56.4C312 62.2 297.8 48 280.4 48zM48 320l0 144 32 0 0-144-32 0zm208 24c0-71.6 55.6-127.8 89-148.1 4.3-2.6 9.6-2.6 14 0 33.5 20.3 89 76.6 89 148.1 0 32-16 80-64 112l27.3 27.3c3 3 4.7 7.1 4.7 11.3l0 1.4c0 8.8-7.2 16-16 16l-96 0c-8.8 0-16-7.2-16-16l0-1.4c0-4.2 1.7-8.3 4.7-11.3L320 456c-48-32-64-80-64-112zm128-32a24 24 0 1 0 -48 0 24 24 0 1 0 48 0z",{"w":1242,"h":1242,"d":1245},"M201.1 57.3c-7 5.3-9.1 10.7-9.1 14.7 0 4.2 2.4 10.1 10.4 15.6 7.8 5.3 13.6 14.6 13.6 25.6 0 17-13.8 30.7-30.7 30.7L56 144c-4.4 0-8 3.6-8 8l0 52.5c7.4-2.9 15.5-4.5 24-4.5 43.1 0 72 39.4 72 80s-28.9 80-72 80c-8.5 0-16.6-1.6-24-4.5L48 456c0 4.4 3.6 8 8 8l100.5 0c-2.9-7.4-4.5-15.5-4.5-24 0-43.1 39.4-72 80-72s80 28.9 80 72c0 8.5-1.6 16.6-4.5 24l52.5 0c4.4 0 8-3.6 8-8l0-129.3c0-17 13.8-30.7 30.7-30.7 11.1 0 20.3 5.8 25.6 13.6 5.5 8 11.4 10.4 15.6 10.4 4 0 9.5-2.1 14.7-9.1s9.3-17.9 9.3-30.9-4-23.8-9.3-30.9-10.7-9.1-14.7-9.1c-4.2 0-10.1 2.4-15.6 10.4-5.3 7.8-14.6 13.6-25.6 13.6-17 0-30.7-13.8-30.7-30.7l0-81.3c0-4.4-3.6-8-8-8l-81.3 0c-17 0-30.7-13.8-30.7-30.7 0-11.1 5.8-20.3 13.6-25.6 8-5.5 10.4-11.4 10.4-15.6 0-4-2.1-9.5-9.1-14.7S245 48 232 48 208.2 52 201.1 57.3zM172.3 18.9C188.5 6.8 209.6 0 232 0S275.5 6.8 291.7 18.9 320 49.5 320 72c0 8.6-1.8 16.7-4.9 24L360 96c30.9 0 56 25.1 56 56l0 44.9c7.3-3.1 15.4-4.9 24-4.9 22.5 0 41 12.2 53.1 28.3s18.9 37.3 18.9 59.7-6.8 43.5-18.9 59.7-30.6 28.3-53.1 28.3c-8.6 0-16.7-1.8-24-4.9l0 92.9c0 30.9-25.1 56-56 56l-78.1 0c-18.7 0-33.9-15.2-33.9-33.9 0-10.1 4.5-18.5 9.9-24.2 4.2-4.3 6.1-9.2 6.1-13.9 0-9.9-10.7-24-32-24s-32 14.1-32 24c0 4.7 1.9 9.5 6.1 13.9 5.5 5.7 9.9 14.1 9.9 24.2 0 18.7-15.2 33.9-33.9 33.9L56 512c-30.9 0-56-25.1-56-56L0 329.9c0-18.7 15.2-33.9 33.9-33.9 10.1 0 18.5 4.5 24.2 9.9 4.3 4.2 9.2 6.1 13.9 6.1 9.9 0 24-10.7 24-32s-14.1-32-24-32c-4.7 0-9.5 1.9-13.9 6.1-5.7 5.5-14.1 9.9-24.2 9.9-18.7 0-33.9-15.2-33.9-33.9L0 152c0-30.9 25.1-56 56-56l92.9 0c-3.1-7.3-4.9-15.4-4.9-24 0-22.5 12.2-41 28.3-53.1z",{"w":1241,"h":1242,"d":1247},"M102.7 96c10.4-53.7 31.9-112 68.3-112 9.6 0 19 3.9 27.5 8.2 8.2 4.1 18.4 7.8 25.5 7.8s17.3-3.7 25.5-7.8c8.5-4.3 17.9-8.2 27.5-8.2 36.4 0 57.8 58.3 68.3 112L376 96c13.3 0 24 10.7 24 24s-10.7 24-24 24l-24 0 0 32c0 17-3.3 33.2-9.3 48l33.3 0c8.1 0 15.6 4 20 10.8s5.2 15.2 2.1 22.6l-31.5 74.2c48.9 31.2 81.4 86 81.4 148.5l0 8c0 13.3-10.7 24-24 24s-24-10.7-24-24l0-8c0-51.4-30.3-95.8-74.1-116.1-11.7-5.5-17-19.2-12-31.2l25.8-60.7-27.7 0c-1.1 0-2.1-.1-3.1-.2-22.6 20-52.3 32.2-84.9 32.2s-62.3-12.2-84.9-32.2c-1 .1-2.1 .2-3.1 .2l-27.7 0 25.8 60.7c5.1 11.9-.2 25.7-12 31.2-43.8 20.4-74.1 64.7-74.1 116.1l0 8c0 13.3-10.7 24-24 24S0 501.3 0 488l0-8c0-62.4 32.5-117.2 81.4-148.5L49.9 257.4c-3.2-7.4-2.4-15.9 2.1-22.6S63.9 224 72 224l33.3 0c-6-14.8-9.3-31-9.3-48l0-32-24 0c-13.3 0-24-10.7-24-24S58.7 96 72 96l30.7 0zm45.9 107c11.1 30.9 40.6 53 75.3 53s64.2-22.1 75.3-53c-5.7 3.2-12.3 5-19.3 5l-12.4 0c-16.5 0-31.1-10.6-36.3-26.2-2.3-7-12.2-7-14.5 0-5.2 15.6-19.9 26.2-36.3 26.2L168 208c-7 0-13.6-1.8-19.3-5zm44.8 133l61 0c9.7 0 17.5 7.8 17.5 17.5 0 4.2-1.5 8.2-4.2 11.4l-27.9 32.5 28.9 82.6c5.5 15.6-6.1 31.9-22.7 31.9l-44.3 0c-16.5 0-28.1-16.3-22.7-31.9l28.9-82.6-27.9-32.5c-2.7-3.2-4.2-7.2-4.2-11.4 0-9.7 7.8-17.5 17.5-17.5z",{"w":1242,"h":1242,"d":1249},"M304.8 173.3c-14.3-8.4-31-13.3-48.8-13.3-53 0-96 43-96 96s43 96 96 96 96-43 96-96l48 0c0 79.5-64.5 144-144 144s-144-64.5-144-144 64.5-144 144-144c31.1 0 59.9 9.9 83.4 26.6l45.7-45.7C349.7 64.8 304.8 48 256 48 141.1 48 48 141.1 48 256s93.1 208 208 208 208-93.1 208-208l48 0c0 141.4-114.6 256-256 256S0 397.4 0 256 114.6 0 256 0c62.1 0 118.9 22.1 163.3 58.8L463 15c9.4-9.4 24.6-9.4 33.9 0s9.4 24.6 0 33.9L273 273c-9.4 9.4-24.6 9.4-33.9 0s-9.4-24.6 0-33.9l65.7-65.7z",{"w":32,"h":1242,"d":1251},"M128 80l384 0c8.8 0 16 7.2 16 16l0 208 48 0 0-208c0-35.3-28.7-64-64-64L128 32C92.7 32 64 60.7 64 96l0 208 48 0 0-208c0-8.8 7.2-16 16-16zM52.8 400l534.4 0c-8.5 18.9-27.5 32-49.6 32l-435.2 0c-22.1 0-41.1-13.1-49.6-32zM25.6 352C11.5 352 0 363.5 0 377.6 0 434.2 45.8 480 102.4 480l435.2 0c56.6 0 102.4-45.8 102.4-102.4 0-14.1-11.5-25.6-25.6-25.6L25.6 352zM281 169c9.4-9.4 9.4-24.6 0-33.9s-24.6-9.4-33.9 0l-48 48c-9.4 9.4-9.4 24.6 0 33.9l48 48c9.4 9.4 24.6 9.4 33.9 0s9.4-24.6 0-33.9l-31-31 31-31zM393 135c-9.4-9.4-24.6-9.4-33.9 0s-9.4 24.6 0 33.9l31 31-31 31c-9.4 9.4-9.4 24.6 0 33.9s24.6 9.4 33.9 0l48-48c9.4-9.4 9.4-24.6 0-33.9l-48-48z",{"w":1242,"h":1242,"d":1253},"M232 0c-13.3 0-24 10.7-24 24s10.7 24 24 24c128.1 0 232 103.9 232 232 0 13.3 10.7 24 24 24s24-10.7 24-24C512 125.4 386.6 0 232 0zM48 256c0-23 3.7-45 10.5-65.6l263 263C301 460.3 279 464 256 464 141.1 464 48 370.9 48 256zM72.8 136.8c-14.1-14.1-37.6-12-46.5 5.8-16.9 34.2-26.4 72.6-26.4 113.3 0 141.4 114.6 256 256 256 40.7 0 79.2-9.5 113.3-26.4 17.9-8.8 19.9-32.4 5.8-46.5L241 305 281 265c9.4-9.4 9.4-24.6 0-33.9s-24.6-9.4-33.9 0L207 271 72.8 136.8zM208 120c0 13.3 10.7 24 24 24 75.1 0 136 60.9 136 136 0 13.3 10.7 24 24 24s24-10.7 24-24c0-101.6-82.4-184-184-184-13.3 0-24 10.7-24 24z",{"w":1242,"h":1242,"d":1255},"M256.1 0c4.6 0 9.2 1 13.3 2.9L457.8 82.8c22 9.3 38.4 31 38.3 57.2-.5 99.2-41.3 280.7-213.6 363.2-16.7 8-36.1 8-52.8 0-172.4-82.5-213.2-263.9-213.7-363.2-.1-26.2 16.3-47.9 38.3-57.2L242.7 2.9C246.8 1 251.4 0 256.1 0zM73.1 127c-5.9 2.5-9.1 7.7-9 12.7 .5 91.4 38.4 249.3 186.4 320.1 3.6 1.7 7.8 1.7 11.3 0 148-70.8 185.9-228.7 186.3-320.1 0-5-3.1-10.2-9-12.7l-183-77.6-183 77.6zm240.3 34.9c7.8-10.7 22.8-13.1 33.5-5.3 10.7 7.8 13.1 22.8 5.3 33.5L249.8 330.9c-4.2 5.7-10.7 9.3-17.8 9.8s-14-2.2-18.9-7.3l-46.4-48c-9.2-9.5-9-24.7 .6-33.9 9.5-9.2 24.7-8.9 33.9 .6l26.5 27.4 85.6-117.7z",{"w":1242,"h":1242,"d":1257},"M123 58.1c9.5-33.5 40.4-58.1 77-58.1 21.8 0 41.6 8.7 56 22.9 14.4-14.1 34.2-22.9 56-22.9 36.6 0 67.4 24.6 77 58.1 47.4 9.7 83 51.6 83 101.9 0 11.3-1.8 22.2-5.1 32.3 22.7 19.1 37.1 47.7 37.1 79.7 0 23.7-8 45.6-21.3 63.1 3.5 10.4 5.3 21.4 5.3 32.9 0 54-41.2 98.5-93.9 103.5-15.6 24.3-42.9 40.5-74.1 40.5-25.2 0-48-10.6-64-27.6-16 17-38.8 27.6-64 27.6-31.1 0-58.4-16.2-74.1-40.5-52.7-5.1-93.9-49.5-93.9-103.5 0-11.5 1.9-22.5 5.3-32.9-13.4-17.5-21.3-39.4-21.3-63.1 0-32 14.5-60.6 37.1-79.7-3.3-10.2-5.1-21.1-5.1-32.3 0-50.3 35.6-92.2 83-101.9zM200 48c-17.7 0-32 14.3-32 32 0 13.3-10.7 24-24 24-30.9 0-56 25.1-56 56 0 10.5 2.9 20.3 7.9 28.6 3.4 5.7 4.3 12.5 2.5 18.9s-6.2 11.7-12 14.7c-18 9.3-30.3 28.1-30.3 49.8 0 16.1 6.8 30.7 17.8 40.9 7.9 7.4 9.9 19.2 4.8 28.8-4.2 7.8-6.5 16.7-6.5 26.3 0 30.9 25.1 56 56 56 1.1 0 2.2 0 3.2-.1 10.3-.6 19.8 5.5 23.6 15 5.9 14.7 20.4 25.1 37.1 25.1 20.4 0 37.2-15.3 39.7-35 .1-.6 .2-1.3 .3-1.9l0-135.1-40 0c-6.6 0-12 5.4-12 12l0 4.4c16.5 7.6 28 24.3 28 43.6 0 26.5-21.5 48-48 48s-48-21.5-48-48c0-19.4 11.5-36.1 28-43.6l0-4.4c0-28.7 23.3-52 52-52l40 0 0-56-12.4 0c-7.6 16.5-24.3 28-43.6 28-26.5 0-48-21.5-48-48s21.5-48 48-48c19.4 0 36.1 11.5 43.6 28l12.4 0 0-76c0-17.7-14.3-32-32-32zm80 148l0 152 40 0c6.6 0 12-5.4 12-12l0-4.4c-16.5-7.6-28-24.3-28-43.6 0-26.5 21.5-48 48-48s48 21.5 48 48c0 19.4-11.5 36.1-28 43.6l0 4.4c0 28.7-23.3 52-52 52l-40 0 0 39.1c.1 .6 .2 1.2 .3 1.9 2.5 19.7 19.3 35 39.7 35 16.8 0 31.2-10.3 37.1-25.1 3.8-9.6 13.3-15.6 23.6-15 1.1 .1 2.2 .1 3.2 .1 30.9 0 56-25.1 56-56 0-9.5-2.4-18.5-6.5-26.3-5.1-9.6-3.1-21.4 4.8-28.8 11-10.2 17.8-24.8 17.8-40.9 0-21.6-12.2-40.4-30.3-49.8-5.9-3-10.2-8.4-12-14.7s-.9-13.2 2.5-18.9c5-8.4 7.9-18.1 7.9-28.6 0-30.9-25.1-56-56-56-13.3 0-24-10.7-24-24 0-17.7-14.3-32-32-32s-32 14.3-32 32l0 76 12.4 0c7.6-16.5 24.3-28 43.6-28 26.5 0 48 21.5 48 48s-21.5 48-48 48c-19.4 0-36.1-11.5-43.6-28L280 196zm56-36a16 16 0 1 0 0 32 16 16 0 1 0 0-32zm0 128a16 16 0 1 0 32 0 16 16 0 1 0 -32 0zM144 352a16 16 0 1 0 32 0 16 16 0 1 0 -32 0zm16-176a16 16 0 1 0 32 0 16 16 0 1 0 -32 0z",{"createdDate":1259,"id":1260,"name":1261,"modelId":1262,"published":13,"stageModifiedSincePublish":6,"query":1263,"data":1266,"variations":1448,"lastUpdated":1449,"firstPublished":1450,"testRatio":23,"screenshot":1451,"createdBy":92,"lastUpdatedBy":1452,"folders":1453,"meta":1454,"rev":1458},1777472274512,"b14096b958aa4f1ab3c66b84ce72f0bf","Flight Deck Happy Hour at Gartner","1c777f9969064926b1250dd130dcb0d2",[1264],{"@type":226,"property":227,"operator":228,"value":1265},"/events/flight-deck-gartner",{"date":1267,"image":1271,"title":1272,"seoDescription":1273,"button":1274,"textButton":1276,"seoTitle":1272,"themeId":6,"cardImage":1277,"ogImage":1277,"isPrivate":34,"inputs":1278,"description":1275,"blocks":1279,"url":1265,"state":1442},{"endEventDate":1268,"time":1269,"startEventDate":1270},1780448400000,"7:00 PM - 9:00 PM",1780441200000,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F79ed997e7457460fbfa4e22e97d052ef","After Hours at Flight Deck","After a long day on the conference floor, you deserve a break.    Come unwind with the teams from Dropzone AI, Pixee, Push Security, SpecterOps, and Sublime at The Flight Deck - an outdoor venue right on the waterfront at National Harbor.    Kick back, grab a drink, and enjoy the evening air. We'll have food and beverages for everyone, alcoholic and non-alcoholic, so come as you are and stay as long as you like.    And for a little extra magic - we're giving away tickets to ride the Capital Wheel, so you can take in a stunning nighttime view of National Harbor all lit up below. It's a sight worth seeing.",{"url":1275,"text":1275},"f","Test text","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fd196a2c962f04fb49867fb6938c96eaa",[],[1280,1290,1399,1407,1420,1437],{"@type":47,"@version":48,"id":1281,"meta":1282,"component":1284,"responsiveStyles":1288},"builder-e3de2c15cab04e188be7b9e370f3f426",{"previousId":1283},"builder-d9707d8a447248648353ea2be685a36a",{"name":1285,"options":1286,"isRSC":62},"Custom Code",{"code":1287,"scriptsClientOnly":6},"\u003Cstyle>\n      .trusted-image a img {\n      width: 30vw !important;\n      max-width: 400px;\n      min-width: 140px;\n      height: auto !important;\n      }\n\n      .top-banner {\n        opacity: 0;\n      }\n      .bg-\\[radial-gradient\\(50\\%_50\\%_at_50\\%_50\\%\\,\\#182835_0\\%\\,\\#000\\)\\] {\n        display: none;\n      }\n\n    .builder-6d498db95bae4f4191f604500a0b3ba1.builder-block button {Display: none;}\n\n    .builder-6d498db95bae4f4191f604500a0b3ba1.builder-block svg {display: none;}\n\n    .builder-6d498db95bae4f4191f604500a0b3ba1.builder-block .absolute.top-0.left-0.w-full.h-full {\n      margin-top: -3px;\n    }\n\n    @media (min-width:1318px) {\n      .flex.flex-row.flex-wrap.items-center.gap-x-8.sm\\:gap-x-10.gap-y-4.min-h-\\[40px\\].justify-center.md\\:justify-start div:nth-of-type(2) img {\n      margin-right: 2rem;\n      }\n    }\n\n    @media (min-width:768px) {\n      .flex.flex-row.flex-wrap.items-center.gap-x-8.sm\\:gap-x-10.gap-y-4.min-h-\\[40px\\].justify-center.md\\:justify-start div:nth-of-type(2) img {\n      height: 100px !important;\n      width: 176px !important;\n      }\n    }\n\n    @media (max-width: 768px) {\n    .flex.flex-row.flex-wrap.items-center.gap-x-8.sm\\:gap-x-10.gap-y-4.min-h-\\[40px\\].justify-center.md\\:justify-start div:nth-of-type(2) img {\n      min-width: 80px !important;\n      min-height: 36px !important;\n      max-width: 100px;\n      max-height: 80px;\n      }\n    }\n \n\n\u003C/style>\n\u003Cscript>\n  function dismissBanner() {\n    const btn = document.querySelector('[aria-label=\"Dismiss banner\"]');\n    if (btn) btn.click();\n  }\n\n  if (document.readyState === 'loading') {\n    document.addEventListener('DOMContentLoaded', dismissBanner);\n  } else {\n    // DOM already loaded (e.g. script injected late)\n    dismissBanner();\n  }\n\u003C/script>\n",{"large":1289},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":1291,"meta":1292,"component":1294,"children":1297,"responsiveStyles":1395},"builder-8b9d390642de48199a4b3f67172965bb",{"previousId":1293},"builder-127de1b0797e435ea8a3145e4829d0be",{"name":1295,"options":1296,"isRSC":62},"Core:Section",{"maxWidth":325,"lazyLoad":6},[1298],{"@type":47,"@version":48,"id":1299,"class":1300,"meta":1301,"component":1303,"responsiveStyles":1391},"builder-646bc14913784ec19bc15c26bd821221","hero-blocks",{"previousId":1302},"builder-ea5a518e02714c589f7f89d885ddaf92",{"name":1304,"tag":1304,"options":1305,"isRSC":62},"EventsHeroContainer",{"title":1306,"description":1307,"date":1308,"place":1312,"button":1315,"preTitle":1316,"backgroundImage":1317,"backgroundVideo":1318,"Partners":1319,"leftAlignPartners":34,"backgroundTransparent":34,"trustedByTitle":29,"backgroundMedia":1277},"\u003Ch1>After Hours at Flight Deck\u003C/h1>","\u003Ch3>\u003Cem>Good company. Great views. No agenda. \u003C/em>\u003C/h3>\u003Ch3>Join us after day 2 of Gartner's Security & Risk Management Summit!\u003C/h3>",{"startEventDate":1309,"endEventDate":1310,"time":1311,"showDate":34},"Tue Jun 02 2026 19:00:00 GMT-0400 (Eastern Daylight Time)","Tue Jun 02 2026 21:00:00 GMT-0400 (Eastern Daylight Time)","7:00 PM - 9:00 PM ",{"text":1313,"place":1314},"Flight Deck","141 American Way, Oxon Hill, MD 20745","Reserve Your Seat","\u003Ch2>\u003Cbr>\u003C/h2>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fabb7af87d6b74af2a0657a098d851fd4","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Faf00701c4b9b42ecbfb8733bbab49729?alt=media&token=69669124-5487-49f9-b7be-c922214f7b61&apiKey=f3a1111ff5be48cdbb123cd9f5795a05",[1320,1339,1356,1374],{"partner":1321},{"@type":112,"id":1322,"model":1323,"value":1324},"4b1615c90308499c87d31ae6b796c47f","push-partner",{"createdDate":1325,"id":1322,"name":1326,"modelId":1327,"published":13,"query":1328,"data":1329,"variations":1332,"lastUpdated":1333,"firstPublished":1334,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":1335,"meta":1336,"rev":1338},1750929354932,"Dropzone ","6e0aa39f1f534f48ac5ed2ab6fa144c5",[],{"image":1330,"name":1326,"link":1331},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fbf026cd58b284b48bc34352009a808ce","https://www.dropzone.ai/",{},1750933253077,1750930508235,[],{"breakpoints":1337,"lastPreviewUrl":29,"kind":28,"hasAutosaves":34},{"xsmall":31,"small":32,"medium":33},"ts2g89n9eo8",{"partner":1340},{"@type":112,"id":1341,"model":1323,"value":1342},"654bc6a8378c4370ad1992fea0326289",{"createdDate":1343,"id":1341,"name":1344,"modelId":1327,"published":13,"stageModifiedSincePublish":6,"query":1345,"data":1346,"variations":1349,"lastUpdated":1350,"firstPublished":1351,"testRatio":23,"createdBy":93,"lastUpdatedBy":93,"folders":1352,"meta":1353,"rev":1355},1777923043037,"Pixee",[],{"name":1344,"link":1347,"image":1348},"https://www.pixee.ai/","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F0ba929b89d484f369f5bc87693606207?format=webp",{},1777923949426,1777923117274,[],{"lastPreviewUrl":29,"breakpoints":1354,"kind":28,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},"x9jwntmlyti",{"partner":1357},{"@type":112,"id":1358,"model":1323,"value":1359},"0d68029bb7e5460b82b89e7db78035e2",{"createdDate":1360,"id":1358,"name":1361,"modelId":1327,"published":13,"stageModifiedSincePublish":6,"query":1362,"data":1363,"variations":1366,"lastUpdated":1367,"firstPublished":1368,"testRatio":23,"createdBy":93,"lastUpdatedBy":1369,"folders":1370,"meta":1371,"rev":1373},1762986845344,"SpecterOps Bloodhound",[],{"link":1364,"name":1361,"image":1365,"showInGlobalList":6},"https://specterops.io/","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F415e96997bf745649004b2227699768a",{},1777922176451,1762987070893,"I21ujhId4HTgFAhRg5JmNCOeoUE3",[],{"lastPreviewUrl":29,"kind":28,"breakpoints":1372,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},"gpkcyw78pzg",{"partner":1375},{"@type":112,"id":1376,"model":1323,"value":1377},"8e9a93b6f01c42909f01ec9a7bc9311d",{"createdDate":1378,"id":1376,"name":1379,"modelId":1327,"published":13,"stageModifiedSincePublish":6,"query":1380,"data":1381,"variations":1384,"lastUpdated":1385,"firstPublished":1386,"testRatio":23,"createdBy":24,"lastUpdatedBy":1369,"folders":1387,"meta":1388,"rev":1390},1750857786473,"Sublime security",[],{"link":1382,"name":1379,"image":1383},"https://sublime.security/","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F42c11b543f614c929db3bf4031d84905",{},1778166488123,1750857818558,[],{"lastPreviewUrl":29,"kind":28,"breakpoints":1389,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},"3ol08vqpc9e",{"large":1392},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"pointerEvents":1393,"marginRight":1394},"auto","-4px",{"large":1396},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"paddingLeft":346,"paddingRight":346,"paddingTop":345,"paddingBottom":345,"marginTop":346,"minHeight":1397,"backgroundColor":1398},"100px","currentColor",{"@type":47,"@version":48,"id":1400,"component":1401,"responsiveStyles":1405},"builder-6d498db95bae4f4191f604500a0b3ba1",{"name":1304,"tag":1304,"options":1402,"isRSC":62},{"AllPartners":34,"leftAlignPartners":6,"backgroundTransparent":34,"trustedByTitle":1403,"description":1404},"Trusted by:","\u003Cp>After a long day on the conference floor, you deserve a break.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>Come unwind with the teams from Dropzone AI, Pixee, Push Security, Specter Ops, and Sublime at The Flight Deck - an outdoor venue right on the waterfront at National Harbor.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>Kick back, grab a drink, and enjoy the evening air. We'll have food and beverages for everyone, alcoholic and non-alcoholic, so come as you are and stay as long as you like.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>And for a little extra magic - we're giving away tickets to ride the Capital Wheel, so you can take in a stunning nighttime view of National Harbor all lit up below. It's a sight worth seeing.\u003C/p>",{"large":1406},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"marginTop":346},{"@type":47,"@version":48,"tagName":285,"id":1408,"meta":1409,"responsiveStyles":1412},"builder-fec5904ceec643768da76b505eeb41a6",{"naturalWidth":1410,"previousId":1411},806,"builder-04af9151432b455aadcfc2d29ed64a15",{"large":1413,"medium":1418,"small":1419},{"backgroundColor":1414,"borderColor":1415,"color":1415,"display":65,"justifyContent":1416,"outlineColor":1415,"textDecorationColor":1415,"textEmphasisColor":1415,"width":1417},"rgb(255, 255, 255)","rgb(20, 20, 20)","center","100%",{"display":84},{"display":65},{"@type":47,"@version":48,"id":1421,"meta":1422,"component":1424,"responsiveStyles":1435},"builder-bfc693e1d8884d8487b2375f8fb16ee4",{"previousId":1423},"builder-e41f3f4fd3ec4aae9ece79c423e7750d",{"name":1425,"tag":1425,"options":1426,"isRSC":62},"EventsFormContainer",{"title":1427,"description":1428,"formTitle":29,"prodFormId":1429,"segmentId":1430,"segmentFriendlyName":1431,"successTitle":1432,"successDescription":1433,"calendarCode":1434,"workEmailOnly":34},"RSVP to Attend","\u003Cp>Space is limited, please RSVP in advance to secure your seat.\u003C/p>","08258a63-3c83-46c4-8e92-450442466eb1","atl-cyber-cut","Flight Deck Happy Hour","\u003Cp>Add event to calendar\u003C/p>","\u003Cp style=\"text-align: center;\">Please choose which calendar platform you wish to add this event to:\u003C/p>","\u003Cp style=\"margin:0px 0px 25px 0px;text-align:center;font-size:17px;line-height:150%;color:#000;font-weight:bold;\">Add event to calendar\u003C/p> \u003Cp style=\"margin:0px 0px 10px 0px;text-align:center;\">     \u003Ca href=\"https://www.addevent.com/event/gn857pnd53km+apple\" title=\"Apple\" target=\"_blank\" style=\"display:inline;\">\u003Cimg src=\"https://buttons.addevent.com/atc-apple-ee4323-r48-ico-s36.png\" alt=\"Apple\" height=\"36\" border=\"0\" style=\"height:36px;display:inline;\" />\u003C/a>     \u003Ca href=\"https://www.addevent.com/event/gn857pnd53km+google\" title=\"Google\" target=\"_blank\" style=\"display:inline;\">\u003Cimg src=\"https://buttons.addevent.com/atc-google-ee4323-r48-ico-s36.png\" alt=\"Google\" height=\"36\" border=\"0\" style=\"height:36px;display:inline;\" />\u003C/a>     \u003Ca href=\"https://www.addevent.com/event/gn857pnd53km+outlook\" title=\"Outlook\" target=\"_blank\" style=\"display:inline;\">\u003Cimg src=\"https://buttons.addevent.com/atc-outlook-ee4323-r48-ico-s36.png\" alt=\"Outlook\" height=\"36\" border=\"0\" style=\"height:36px;display:inline;\" />\u003C/a>     \u003Ca href=\"https://www.addevent.com/event/gn857pnd53km+outlookcom\" title=\"Outlook.com\" target=\"_blank\" style=\"display:inline;\">\u003Cimg src=\"https://buttons.addevent.com/atc-outlookcom-ee4323-r48-ico-s36.png\" alt=\"Outlook.com\" height=\"36\" border=\"0\" style=\"height:36px;display:inline;\" />\u003C/a>     \u003Ca href=\"https://www.addevent.com/event/gn857pnd53km+office365\" title=\"Office 365\" target=\"_blank\" style=\"display:inline;\">\u003Cimg src=\"https://buttons.addevent.com/atc-officecom-ee4323-r48-ico-s36.png\" alt=\"Office 365\" height=\"36\" border=\"0\" style=\"height:36px;display:inline;\" />\u003C/a>     \u003Ca href=\"https://www.addevent.com/event/gn857pnd53km+yahoo\" title=\"Yahoo\" target=\"_blank\" style=\"display:inline;\">\u003Cimg src=\"https://buttons.addevent.com/atc-yahoo-ee4323-r48-ico-s36.png\" alt=\"Yahoo\" height=\"36\" border=\"0\" style=\"height:36px;display:inline;\" />\u003C/a> \u003C/p> \u003Cp style=\"margin:0;padding:25px 0px 0px 0px;text-align:center;\">     \u003Ca href=\"\" target=\"_blank\" style=\"font-weight:normal;color:#125ef8;text-decoration:underline;\">         \u003Cimg src=\"https://cdn.addevent.com/web/images/logo-email-plain-fff-t1.png\" alt=\"\" width=\"129\" height=\"15\" style=\"width:129px;height:15px;display:inline;\" />     \u003C/a> \u003C/p>",{"large":1436},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"marginTop":346},{"id":1438,"@type":47,"tagName":75,"properties":1439,"responsiveStyles":1440},"builder-pixel-yfqs6lhsmu",{"src":77,"aria-hidden":78,"alt":29,"role":79,"width":68,"height":68},{"large":1441},{"height":68,"width":68,"display":82,"opacity":68,"overflow":83,"pointerEvents":84},{"deviceSize":86,"location":1443},{"pathname":1265,"path":1444,"query":1447},[1445,1446],"events","flight-deck-gartner",{},{},1778005001051,1777991460909,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F20c0db4137814c4c9a2d191aa4fc7459","Vcs09PUqI9PcLtzXOEgfTn5t6n42",[],{"originalContentId":1455,"lastPreviewUrl":1456,"breakpoints":1457,"kind":400,"hasLinks":6,"winningTest":62,"hasAutosaves":34},"e8b2cde9ebf64a11912562b9f12b3001","https://pushsecurity.com/events/flight-deck-gartner?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=events-pages&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.events-pages=b14096b958aa4f1ab3c66b84ce72f0bf&builder.overrides.b14096b958aa4f1ab3c66b84ce72f0bf=b14096b958aa4f1ab3c66b84ce72f0bf&builder.overrides.events-pages:/events/flight-deck-gartner=b14096b958aa4f1ab3c66b84ce72f0bf&builder.options.locale=Default",{"xsmall":31,"small":32,"medium":33},"djw1572cllu",[1460,6839,10287,13384],{"id":1461,"title":1462,"authorsCollection":1463,"content":1471,"extension":2073,"hashTags":62,"meta":2074,"metaTitle":2075,"ogImage":62,"publishedDate":2076,"relatedBlogPostsCollection":2077,"slug":6813,"stem":6814,"subtitle":62,"summary":6815,"synopsis":6826,"sys":6827,"tagsCollection":6830,"__hash__":6838},"blog/blog/7-things-we-learned-from-john-hammond.json","7 things we learned from ‘Why the browser is the new battleground’ with John Hammond",{"items":1464},[1465],{"fullName":1466,"firstName":1467,"jobTitle":1468,"profilePicture":1469},"Daniel Park","Daniel","Technical Content",{"url":1470},"https://images.ctfassets.net/y1cdw1ablpvd/6Cwg1xVeCdzUvxBIMfnDO5/6b18ed126b53611e7b521da34f900d29/254-0-2.jpg",{"json":1472,"links":2061},{"data":1473,"content":1474,"nodeType":2060},{},[1475,1499,1508,1512,1522,1577,1584,1587,1595,1614,1621,1646,1665,1668,1676,1695,1702,1709,1716,1719,1727,1759,1777,1780,1788,1807,1814,1821,1824,1832,1851,1858,1876,1883,1886,1894,1911,1918,1925,1937,1956,1959,1967,1974,2022,2053],{"data":1476,"content":1477,"nodeType":1498},{},[1478,1483,1494],{"data":1479,"marks":1480,"value":1481,"nodeType":1482},{},[],"We recently sat down with ","text",{"data":1484,"content":1486,"nodeType":1493},{"uri":1485},"https://www.youtube.com/@_JohnHammond",[1487],{"data":1488,"marks":1489,"value":1492,"nodeType":1482},{},[1490],{"type":1491},"underline","John Hammond","hyperlink",{"data":1495,"marks":1496,"value":1497,"nodeType":1482},{},[]," — Senior Principal Security Researcher at Huntress — for a live deep-dive into the browser-based attack techniques defining the 2026 threat landscape. The session covered AiTM phishing, ClickFix, ConsentFix, device code phishing, and the structural shifts making traditional security controls less effective against all of them. Here are seven takeaways.","paragraph",{"data":1500,"content":1506,"nodeType":1507},{"target":1501},{"sys":1502},{"id":1503,"type":1504,"linkType":1505},"5lJ49aLY0nApDeY69tNvUi","Link","Entry",[],"embedded-entry-block",{"data":1509,"content":1510,"nodeType":1511},{},[],"hr",{"data":1513,"content":1514,"nodeType":1521},{},[1515],{"data":1516,"marks":1517,"value":1520,"nodeType":1482},{},[1518],{"type":1519},"bold","1. Browser attacks are evolving faster than defenses can adapt","heading-1",{"data":1523,"content":1524,"nodeType":1498},{},[1525,1529,1537,1541,1549,1553,1561,1565,1573],{"data":1526,"marks":1527,"value":1528,"nodeType":1482},{},[],"The overriding theme of the session wasn't any single technique — it was the pace of change across all of them. AiTM phishing has been",{"data":1530,"content":1532,"nodeType":1493},{"uri":1531},"https://pushsecurity.com/blog/2025-top-phishing-trends/",[1533],{"data":1534,"marks":1535,"value":1536,"nodeType":1482},{},[]," the dominant phishing technique",{"data":1538,"marks":1539,"value":1540,"nodeType":1482},{},[]," for a couple of years now, but the variants layered on top of it are arriving faster than most security teams can evaluate, let alone deploy defenses against. ClickFix went from novel to",{"data":1542,"content":1544,"nodeType":1493},{"uri":1543},"https://pushsecurity.com/blog/introducing-the-browser-and-identity-attacks-matrix/",[1545],{"data":1546,"marks":1547,"value":1548,"nodeType":1482},{},[]," the most common initial access vector observed by Microsoft",{"data":1550,"marks":1551,"value":1552,"nodeType":1482},{},[]," within about a year. Device code phishing went from near-zero to",{"data":1554,"content":1556,"nodeType":1493},{"uri":1555},"https://pushsecurity.com/blog/device-code-phishing/",[1557],{"data":1558,"marks":1559,"value":1560,"nodeType":1482},{},[]," at least 12 distinct kits",{"data":1562,"marks":1563,"value":1564,"nodeType":1482},{},[]," in a matter of months. ConsentFix was detected as a zero-day technique by Push in late 2025 and has already been",{"data":1566,"content":1568,"nodeType":1493},{"uri":1567},"https://pushsecurity.com/blog/consentfix-v3-analyzing-a-new-toolkit/",[1569],{"data":1570,"marks":1571,"value":1572,"nodeType":1482},{},[]," operationalized on criminal forums",{"data":1574,"marks":1575,"value":1576,"nodeType":1482},{},[],".",{"data":1578,"content":1579,"nodeType":1498},{},[1580],{"data":1581,"marks":1582,"value":1583,"nodeType":1482},{},[],"As Luke put it toward the end of the session: \"I've seen this develop so fast over the last two years. This isn't what's coming — this is now. This is where the battleground is.\"",{"data":1585,"content":1586,"nodeType":1511},{},[],{"data":1588,"content":1589,"nodeType":1521},{},[1590],{"data":1591,"marks":1592,"value":1594,"nodeType":1482},{},[1593],{"type":1519},"2. AiTM phishing is table stakes for attackers ",{"data":1596,"content":1597,"nodeType":1498},{},[1598,1602,1610],{"data":1599,"marks":1600,"value":1601,"nodeType":1482},{},[],"Adversary-in-the-middle phishing — where a reverse proxy sits between the victim and the real login page, intercepting session tokens in real time to bypass MFA — is no longer an advanced technique. It's available as a commodity for-hire through Phishing-as-a-Service platforms like Tycoon2FA, Sneaky2FA, and others",{"data":1603,"content":1604,"nodeType":1493},{"uri":1531},[1605],{"data":1606,"marks":1607,"value":1609,"nodeType":1482},{},[1608],{"type":1491},",",{"data":1611,"marks":1612,"value":1613,"nodeType":1482},{},[]," and the kits are getting harder to detect through traditional means.",{"data":1615,"content":1616,"nodeType":1498},{},[1617],{"data":1618,"marks":1619,"value":1620,"nodeType":1482},{},[],"Luke demoed the attacker's perspective using Evilginx — an open-source tool now commonly seen in criminal operations — showing how session tokens are captured in real time even when the victim enters their MFA code correctly. From the victim's side, the login feels completely normal.",{"data":1622,"content":1623,"nodeType":1498},{},[1624,1629,1633,1642],{"data":1625,"marks":1626,"value":1628,"nodeType":1482},{},[1627],{"type":1519},"One of the key focuses in the session was how attackers are abusing legitimate infrastructure for both hosting and delivery of phishing pages. .",{"data":1630,"marks":1631,"value":1632,"nodeType":1482},{},[]," The in-the-wild examples showed attack chains routing through multiple legitimate services — file-sharing platforms, TinyURL, Cloudflare Turnstile, Google Search redirects — before finally landing on the phishing page. This is a well established technique for ",{"data":1634,"content":1636,"nodeType":1493},{"uri":1635},"https://phishing-techniques.pushsecurity.com/",[1637],{"data":1638,"marks":1639,"value":1641,"nodeType":1482},{},[1640],{"type":1491},"detection evasion",{"data":1643,"marks":1644,"value":1645,"nodeType":1482},{},[],". ",{"data":1647,"content":1648,"nodeType":1498},{},[1649,1653,1661],{"data":1650,"marks":1651,"value":1652,"nodeType":1482},{},[],"As John observed, \"the end user doesn't have that wherewithal or that observability understanding of how far they drove around across the internet\" before arriving at the credential-harvesting page. Push reconstructs these multi-hop chains into a",{"data":1654,"content":1656,"nodeType":1493},{"uri":1655},"https://pushsecurity.com/blog/guide-how-to-use-push-controls-to-protect-your-users-from-modern-attacks/",[1657],{"data":1658,"marks":1659,"value":1660,"nodeType":1482},{},[]," complete timeline",{"data":1662,"marks":1663,"value":1664,"nodeType":1482},{},[],", mapping the full redirect sequence even when individual hops are through trusted domains that wouldn't trigger any reputation-based alert — and crucially, detects malicious content on the phishing page itself rather than relying on known-bad IP and domain based checks that can only see the known-good sites used early in the chain.",{"data":1666,"content":1667,"nodeType":1511},{},[],{"data":1669,"content":1670,"nodeType":1521},{},[1671],{"data":1672,"marks":1673,"value":1675,"nodeType":1482},{},[1674],{"type":1519},"3. Email is losing its market share as a delivery vector",{"data":1677,"content":1678,"nodeType":1498},{},[1679,1683,1691],{"data":1680,"marks":1681,"value":1682,"nodeType":1482},{},[],"One of the most striking examples in the webinar was a targeted AiTM campaign",{"data":1684,"content":1686,"nodeType":1493},{"uri":1685},"https://pushsecurity.com/blog/new-phishing-campaign-identified-targeting-linkedin-users/",[1687],{"data":1688,"marks":1689,"value":1690,"nodeType":1482},{},[]," Push detected last year",{"data":1692,"marks":1693,"value":1694,"nodeType":1482},{},[]," that was delivered entirely via LinkedIn. Senior executives at tech companies received direct messages from compromised contacts — people they already knew, in some cases other employees of the same companies — offering involvement in private equity fundraising rounds connected to companies they had real involvement with. The targeting was precise and personal, and the redirect chain ran through sites.google.com and Microsoft Dynamics before landing on a cloned login page.",{"data":1696,"content":1697,"nodeType":1498},{},[1698],{"data":1699,"marks":1700,"value":1701,"nodeType":1482},{},[],"As Luke noted, LinkedIn occupies an unusual middle ground: \"It's this great way of targeting companies, but through a vector that can't really be monitored in the same way as other corporate systems, because it's kind of a personal platform.\" It's personal enough that companies can't realistically monitor it, but professional enough that employees routinely access it from corporate devices.",{"data":1703,"content":1704,"nodeType":1498},{},[1705],{"data":1706,"marks":1707,"value":1708,"nodeType":1482},{},[],"LinkedIn is only part of the shift. ClickFix attacks most commonly arrive via search results in 4 of 5 cases based on Push data. Luke noted \"not even malvertising, just organic search, uncovering legit websites that have been compromised.\" InstallFix pages appear as sponsored Google ads. ConsentFix pages were seeded on compromised websites found through normal browsing. In every case, the email gateway never sees the lure because the lure was never in an email. And of course, even if a compromised website is reported and removed, it’s easier than ever for an attacker to quickly tear down and rotate their sites to stay ahead of blocklists. ",{"data":1710,"content":1711,"nodeType":1498},{},[1712],{"data":1713,"marks":1714,"value":1715,"nodeType":1482},{},[],"As John put it: \"You could set up this lure or this trap out on the open internet so that anyone could fall for it at any point.\"",{"data":1717,"content":1718,"nodeType":1511},{},[],{"data":1720,"content":1721,"nodeType":1521},{},[1722],{"data":1723,"marks":1724,"value":1726,"nodeType":1482},{},[1725],{"type":1519},"4. ClickFix keeps evolving with multiple *Fix derivatives",{"data":1728,"content":1729,"nodeType":1498},{},[1730,1734,1743,1747,1755],{"data":1731,"marks":1732,"value":1733,"nodeType":1482},{},[],"ClickFix — where a malicious page silently writes a payload to the victim's clipboard and instructs them to paste and execute it — ",{"data":1735,"content":1737,"nodeType":1493},{"uri":1736},"https://pushsecurity.com/blog/introducing-malicious-copy-paste-detection/",[1738],{"data":1739,"marks":1740,"value":1742,"nodeType":1482},{},[1741],{"type":1491},"spawned an entire family of variants since its emergence, according to Push’s research",{"data":1744,"marks":1745,"value":1746,"nodeType":1482},{},[],". The webinar showed how far the social engineering has come: Luke demonstrated a",{"data":1748,"content":1750,"nodeType":1493},{"uri":1749},"https://pushsecurity.com/blog/the-most-advanced-clickfix-yet/",[1751],{"data":1752,"marks":1753,"value":1754,"nodeType":1482},{},[]," particularly sophisticated variant",{"data":1756,"marks":1757,"value":1758,"nodeType":1482},{},[]," on a compromised legitimate website with an embedded instructional video and a countdown timer to manufacture urgency, targeting macOS. As John noted: \"It can be cross-platform because you're just preying on the human weakness. The video smooths it over for the user experience.\"",{"data":1760,"content":1761,"nodeType":1498},{},[1762,1766,1773],{"data":1763,"marks":1764,"value":1765,"nodeType":1482},{},[],"The more important point was structural. Because the user manually pastes and executes the command, \"from the EDR's perspective, the user just manually ran this command,\" Luke explained. \"It actually breaks that link from an EDR's perspective.\" EDR behavioral detections weigh execution context heavily — a PowerShell command spawned from a browser process tree is suspicious, but the same command initiated through the Run dialog looks like normal activity. Push",{"data":1767,"content":1768,"nodeType":1493},{"uri":1736},[1769],{"data":1770,"marks":1771,"value":1772,"nodeType":1482},{},[]," detects ClickFix at the clipboard-injection stage",{"data":1774,"marks":1775,"value":1776,"nodeType":1482},{},[],", before the payload ever reaches the endpoint, to bolster endpoint-level detections and extend protection to machines like BYOD, contractor, or developer devices where EDR is often missing or tuned-down.",{"data":1778,"content":1779,"nodeType":1511},{},[],{"data":1781,"content":1782,"nodeType":1521},{},[1783],{"data":1784,"marks":1785,"value":1787,"nodeType":1482},{},[1786],{"type":1519},"5. InstallFix turned the AI tool boom into an attack surface overnight",{"data":1789,"content":1790,"nodeType":1498},{},[1791,1794,1803],{"data":1792,"marks":1793,"value":29,"nodeType":1482},{},[],{"data":1795,"content":1797,"nodeType":1493},{"uri":1796},"https://pushsecurity.com/blog/installfix/",[1798],{"data":1799,"marks":1800,"value":1802,"nodeType":1482},{},[1801],{"type":1491},"InstallFix",{"data":1804,"marks":1805,"value":1806,"nodeType":1482},{},[]," — a ClickFix variant that clones legitimate developer tool installation pages and swaps the install command for a malicious payload — was one of the clearest examples of how quickly a new attack pattern can go from zero to dominant. Luke showed side-by-side comparisons of real and fake Claude Code installation pages that were visually identical except for the payload itself, and fake Notebook LM pages appearing as top Google sponsored results.",{"data":1808,"content":1809,"nodeType":1498},{},[1810],{"data":1811,"marks":1812,"value":1813,"nodeType":1482},{},[],"The trajectory Luke described was striking: \"It literally started one day and then it's just been nonstop for the last couple of months since it started. It obviously is working really well.\" John added that the Claude Code variant in particular has been \"running rampant,\" and that he personally knows someone who fell for it.",{"data":1815,"content":1816,"nodeType":1498},{},[1817],{"data":1818,"marks":1819,"value":1820,"nodeType":1482},{},[],"What makes InstallFix effective is that it exploits a workflow that's become completely normalized — the rise of AI tools has encouraged even non-technical users to install software via terminal commands copied from documentation pages. When the fake page looks identical to the real one and the install method is exactly what you'd expect, the only tell is a base64-encoded payload that most users wouldn't think to scrutinize.",{"data":1822,"content":1823,"nodeType":1511},{},[],{"data":1825,"content":1826,"nodeType":1521},{},[1827],{"data":1828,"marks":1829,"value":1831,"nodeType":1482},{},[1830],{"type":1519},"6. ConsentFix plays out entirely in the browser, and criminals just got the playbook",{"data":1833,"content":1834,"nodeType":1498},{},[1835,1838,1847],{"data":1836,"marks":1837,"value":29,"nodeType":1482},{},[],{"data":1839,"content":1841,"nodeType":1493},{"uri":1840},"https://pushsecurity.com/blog/consentfix/",[1842],{"data":1843,"marks":1844,"value":1846,"nodeType":1482},{},[1845],{"type":1491},"ConsentFix",{"data":1848,"marks":1849,"value":1850,"nodeType":1482},{},[]," was a key focus in the webinar, and for good reason — it represents a fundamentally different class of browser attack. Rather than proxying credentials (AiTM) or injecting endpoint payloads (ClickFix), ConsentFix abuses the OAuth authorization code flow via the Azure CLI's localhost redirect to obtain access tokens without ever touching a password or MFA prompt. As John put it: \"This one is really tricky because the entire attack and technique lives only within the browser. There are no little EDR artifacts to poke and play at.\"",{"data":1852,"content":1853,"nodeType":1498},{},[1854],{"data":1855,"marks":1856,"value":1857,"nodeType":1482},{},[],"Luke described how Push first detected ConsentFix in the wild — a genuine zero-day discovery that took multiple encounters to fully understand. The attackers were fingerprinting visitors by IP and browser, triggering the payload only once per visitor across all compromised sites, and performing conditional access checks on the email address provided before deciding whether to proceed. \"It took us seeing it a few times before we cracked it,\" Luke explained. \"And then we were like — wow. What is this? I've never seen this before.\"",{"data":1859,"content":1860,"nodeType":1498},{},[1861,1865,1872],{"data":1862,"marks":1863,"value":1864,"nodeType":1482},{},[],"The session then took an interesting turn when John revealed something he hadn't previously shared publicly: a",{"data":1866,"content":1867,"nodeType":1493},{"uri":1567},[1868],{"data":1869,"marks":1870,"value":1871,"nodeType":1482},{},[]," ConsentFix v3 toolkit",{"data":1873,"marks":1874,"value":1875,"nodeType":1482},{},[]," posted on a well-known criminal forum, complete with a tutorial video, step-by-step instructions, and a zero-infrastructure approach using Cloudflare Workers for hosting, Dropbox for PDF delivery, and Pipedream as an automated exfiltration channel. \"They don’t need any infrastructure,\" John noted. \"They don’t have to host any servers or VPS. They could just cast this out to the whole wide world on the open internet.\"",{"data":1877,"content":1878,"nodeType":1498},{},[1879],{"data":1880,"marks":1881,"value":1882,"nodeType":1482},{},[],"Luke's assessment was measured but clear: \"When we published our first article, we were thinking, surely we're going to see a huge increase in this technique. We haven't really — until now.\" With the criminal ecosystem now tooled up, the expectation is that ConsentFix will follow the same commoditization arc as other techniques discussed in the session.",{"data":1884,"content":1885,"nodeType":1511},{},[],{"data":1887,"content":1888,"nodeType":1521},{},[1889],{"data":1890,"marks":1891,"value":1893,"nodeType":1482},{},[1892],{"type":1519},"7. Device code phishing is the technique both speakers fear most (and it's just getting started)",{"data":1895,"content":1896,"nodeType":1498},{},[1897,1901,1908],{"data":1898,"marks":1899,"value":1900,"nodeType":1482},{},[],"When John asked Luke which technique felt most dangerous, the answer was immediate:",{"data":1902,"content":1903,"nodeType":1493},{"uri":1555},[1904],{"data":1905,"marks":1906,"value":1907,"nodeType":1482},{},[]," device code phishing",{"data":1909,"marks":1910,"value":1645,"nodeType":1482},{},[],{"data":1912,"content":1913,"nodeType":1498},{},[1914],{"data":1915,"marks":1916,"value":1917,"nodeType":1482},{},[],"The technique abuses the OAuth 2.0 device authorization grant flow — originally designed for input-constrained devices like TVs, but now primarily used in enterprise environments for CLI tool authentication (Azure CLI, GitHub CLI, AWS CLI). That everyday enterprise usage is exactly what makes the phishing so effective: users in developer-heavy organizations are already habituated to entering short codes as part of their normal workflow. The victim enters a code on a legitimate Microsoft login page, and if they're already authenticated, the entire compromise happens without entering a password or completing an MFA challenge.",{"data":1919,"content":1920,"nodeType":1498},{},[1921],{"data":1922,"marks":1923,"value":1924,"nodeType":1482},{},[],"Push is now tracking at least 12 distinct device code phishing kits, \"literally within the last couple of months — from basically zero to this.\" EvilTokens dominates at an estimated 90–95% of detected volume, but the kit landscape is diversifying fast. Luke's theory: every existing AiTM vendor is adding device code phishing as a module. When Push investigated the Venom kit, its AiTM component triggered existing Sneaky2FA detections — suggesting the same actors or codebase behind both. \"That's why we've seen such a rapid increase — it's worked so well that everyone is just doing the same thing now.\"",{"data":1926,"content":1927,"nodeType":1498},{},[1928,1933],{"data":1929,"marks":1930,"value":1932,"nodeType":1482},{},[1931],{"type":1519},"What makes device code phishing uniquely dangerous is how little friction it presents to the victim.",{"data":1934,"marks":1935,"value":1936,"nodeType":1482},{},[]," As Luke explained: \"It's purely identity-driven. It completely bypasses 2FA, even bypasses phishing-resistant factors like passkeys. And it's just not something that seems malicious to your average user. We haven't trained people to worry about being given a code and being told to type that code.\"",{"data":1938,"content":1939,"nodeType":1498},{},[1940,1944,1953],{"data":1941,"marks":1942,"value":1943,"nodeType":1482},{},[],"John's closing take: \"It still feels early and emergent, even though the technique has been known for a while. It hasn't been weaponized like it has right now. I think device code is just at the starting gun.\" The blast radius extends beyond Microsoft too — GitHub, Salesforce, and other platforms support the same underlying flow, and was exploited in 2025’s massive Salesforce campaign operated by ",{"data":1945,"content":1947,"nodeType":1493},{"uri":1946},"https://pushsecurity.com/blog/analyzing-the-instructure-breach/",[1948],{"data":1949,"marks":1950,"value":1952,"nodeType":1482},{},[1951],{"type":1491},"ShinyHunters",{"data":1954,"marks":1955,"value":1576,"nodeType":1482},{},[],{"data":1957,"content":1958,"nodeType":1511},{},[],{"data":1960,"content":1961,"nodeType":1521},{},[1962],{"data":1963,"marks":1964,"value":1966,"nodeType":1482},{},[1965],{"type":1519},"What ties all of this together",{"data":1968,"content":1969,"nodeType":1498},{},[1970],{"data":1971,"marks":1972,"value":1973,"nodeType":1482},{},[],"Every technique covered in the webinar — AiTM, ClickFix, InstallFix, ConsentFix, device code phishing — is designed to operate in or through the browser, abuse legitimate infrastructure and authentication flows, and evade the traditional security stack. Email gateways don't see them because the delivery vector increasingly isn't email. EDR doesn't reliably block them because the attack either breaks the process tree attribution (ClickFix) or never touches the endpoint at all (ConsentFix, device code phishing). Network proxies don't see them because the attack plays out in client-side page content, DOM interactions, and OAuth flows that are invisible to traffic inspection.",{"data":1975,"content":1976,"nodeType":1498},{},[1977,1981,1988,1991,1998,2001,2008,2012,2018],{"data":1978,"marks":1979,"value":1980,"nodeType":1482},{},[],"Push detects all of them —",{"data":1982,"content":1983,"nodeType":1493},{"uri":1655},[1984],{"data":1985,"marks":1986,"value":1987,"nodeType":1482},{},[]," AiTM phishing",{"data":1989,"marks":1990,"value":1609,"nodeType":1482},{},[],{"data":1992,"content":1993,"nodeType":1493},{"uri":1736},[1994],{"data":1995,"marks":1996,"value":1997,"nodeType":1482},{},[]," ClickFix and the *Fix family",{"data":1999,"marks":2000,"value":1609,"nodeType":1482},{},[],{"data":2002,"content":2003,"nodeType":1493},{"uri":1840},[2004],{"data":2005,"marks":2006,"value":2007,"nodeType":1482},{},[]," ConsentFix",{"data":2009,"marks":2010,"value":2011,"nodeType":1482},{},[],", and",{"data":2013,"content":2014,"nodeType":1493},{"uri":1555},[2015],{"data":2016,"marks":2017,"value":1907,"nodeType":1482},{},[],{"data":2019,"marks":2020,"value":2021,"nodeType":1482},{},[]," — through behavioral detection at the browser layer, regardless of delivery channel, domain reputation, or infrastructure rotation. The detections target technique-class behaviors rather than specific kits or indicators, which is why Push detected ConsentFix as a zero-day and why new kit variants are typically caught by existing detection logic before a kit-specific rule is even written.",{"data":2023,"content":2024,"nodeType":1498},{},[2025,2028,2037,2041,2049],{"data":2026,"marks":2027,"value":29,"nodeType":1482},{},[],{"data":2029,"content":2031,"nodeType":1493},{"uri":2030},"https://pushsecurity.com/resources/browser-attacks-why-browser-new-battleground",[2032],{"data":2033,"marks":2034,"value":2036,"nodeType":1482},{},[2035],{"type":1491},"Watch the full webinar",{"data":2038,"marks":2039,"value":2040,"nodeType":1482},{},[]," to see the demos, attack chain timelines, and in-the-wild examples discussed in this post — or",{"data":2042,"content":2044,"nodeType":1493},{"uri":2043},"https://pushsecurity.com/demo",[2045],{"data":2046,"marks":2047,"value":2048,"nodeType":1482},{},[]," book a demo",{"data":2050,"marks":2051,"value":2052,"nodeType":1482},{},[]," to see how Push handles them.",{"data":2054,"content":2055,"nodeType":1498},{},[2056],{"data":2057,"marks":2058,"value":2059,"nodeType":1482},{},[],"\n","document",{"entries":2062},{"hyperlink":2063,"inline":2064,"block":2065},[],[],[2066],{"sys":2067,"__typename":2068,"type":2069,"ctaText":2070,"buttonLabel":2071,"buttonColour":2072,"buttonUrl":2030},{"id":1503},"CtaWidget","Custom","Watch the full webinar on demand.","Watch now","sunny orange","json",{},"7 things we learned from our conversation with John Hammond","2026-05-19T00:00:00.000Z",{"items":2078},[2079,5075,5935],{"__typename":2080,"sys":2081,"content":2083,"title":5053,"synopsis":5054,"hashTags":62,"publishedDate":5055,"slug":5056,"tagsCollection":5057,"authorsCollection":5067},"BlogPosts",{"id":2082},"5DmCqTU2Tg4adYScA5vT2x",{"json":2084},{"nodeType":2060,"data":2085,"content":2086},{},[2087,2093,2113,2132,2139,2145,2152,2159,2162,2170,2176,2261,2281,2287,2294,2415,2421,2424,2432,2439,2445,2448,2457,2499,2505,2512,2519,2526,2533,2552,2558,2564,2570,2576,2582,2588,2594,2600,2867,2870,2878,3013,3019,3022,3030,3164,3170,3173,3181,3328,3334,3337,3345,3486,3492,3495,3503,3650,3656,3659,3667,3813,3819,3822,3830,3925,3931,3934,3942,4036,4042,4045,4053,4059,4192,4198,4201,4209,4258,4264,4267,4275,4422,4428,4431,4439,4573,4579,4582,4590,4602,4609,4615,4621,4628,4649,4665,4671,4674,4682,4690,4711,4732,4737,4744,4751,4759,4766,4773,4780,4788,4795,4846,4852,4855,4863,4870,4877,4924,4930,4937,4940,4948,4955,4962,4982,4988,4995,5003,5010],{"nodeType":1507,"data":2088,"content":2092},{"target":2089},{"sys":2090},{"id":2091,"type":1504,"linkType":1505},"XOFOeNqmRHeiRbkPOJrP1",[],{"nodeType":1498,"data":2094,"content":2095},{},[2096,2100,2109],{"nodeType":1482,"value":2097,"marks":2098,"data":2099},"The OAuth 2.0 ",[],{},{"nodeType":1493,"data":2101,"content":2103},{"uri":2102},"https://www.rfc-editor.org/rfc/rfc8628",[2104],{"nodeType":1482,"value":2105,"marks":2106,"data":2108},"device authorization grant",[2107],{"type":1491},{},{"nodeType":1482,"value":2110,"marks":2111,"data":2112}," was designed to enable input-constrained devices to sign-in to apps by asking the user to complete the login on a separate device by entering a code. But today, it’s mainly used when accessing CLI tools, meaning that many users encounter the device code flow daily. ",[],{},{"nodeType":1498,"data":2114,"content":2115},{},[2116,2119,2128],{"nodeType":1482,"value":29,"marks":2117,"data":2118},[],{},{"nodeType":1493,"data":2120,"content":2122},{"uri":2121},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/device_code_phishing/description.md",[2123],{"nodeType":1482,"value":2124,"marks":2125,"data":2127},"Device code phishing",[2126],{"type":1491},{},{"nodeType":1482,"value":2129,"marks":2130,"data":2131}," attacks designed to exploit this authorization flow are not new — it was among the first techniques that we added to the SaaS attacks matrix back in 2023. But it’s taken until now for it to really enter mainstream adoption. ",[],{},{"nodeType":1498,"data":2133,"content":2134},{},[2135],{"nodeType":1482,"value":2136,"marks":2137,"data":2138},"The technique tricks a user into issuing access tokens for an attacker-controlled application (not a device, confusingly). Any app that supports device code logins can be a target. Popular examples include Microsoft, Google, Salesforce, GitHub, and AWS. That said, Microsoft is, as always, much more heavily targeted at scale now than any other app.",[],{},{"nodeType":1507,"data":2140,"content":2144},{"target":2141},{"sys":2142},{"id":2143,"type":1504,"linkType":1505},"Al0pGH8vmOYiufDFiAbt0",[],{"nodeType":1498,"data":2146,"content":2147},{},[2148],{"nodeType":1482,"value":2149,"marks":2150,"data":2151},"We’ve always been surprised that attackers haven’t commonly used device code phishing in their standard toolkit, preferring session-stealing AITM phishing and other social engineering attacks like ClickFix. But it’s pretty clear from the recent data that the shift to mainstream adoption has now happened. ",[],{},{"nodeType":1498,"data":2153,"content":2154},{},[2155],{"nodeType":1482,"value":2156,"marks":2157,"data":2158},"In this blog post, we’ll explore the history of device code phishing, what’s changed for it to enter mainstream adoption, how it works under the hood (with recent examples), and what security teams can do about it. ",[],{},{"nodeType":1511,"data":2160,"content":2161},{},[],{"nodeType":1521,"data":2163,"content":2164},{},[2165],{"nodeType":1482,"value":2166,"marks":2167,"data":2169},"A brief history of device code phishing",[2168],{"type":1519},{},{"nodeType":1507,"data":2171,"content":2175},{"target":2172},{"sys":2173},{"id":2174,"type":1504,"linkType":1505},"6u3DgvSGChtTJu7l9I7PG1",[],{"nodeType":1498,"data":2177,"content":2178},{},[2179,2183,2192,2196,2205,2209,2218,2222,2231,2235,2244,2248,2257],{"nodeType":1482,"value":2180,"marks":2181,"data":2182},"The technique was first documented in 2020, before Secureworks released the first tooling framework ",[],{},{"nodeType":1493,"data":2184,"content":2186},{"uri":2185},"https://github.com/secureworks/PhishInSuits",[2187],{"nodeType":1482,"value":2188,"marks":2189,"data":2191},"PhishInSuits",[2190],{"type":1491},{},{"nodeType":1482,"value":2193,"marks":2194,"data":2195}," a year later. A host of research followed, including ",[],{},{"nodeType":1493,"data":2197,"content":2199},{"uri":2198},"https://github.com/secureworks/squarephish",[2200],{"nodeType":1482,"value":2201,"marks":2202,"data":2204},"SquarePhish",[2203],{"type":1491},{},{"nodeType":1482,"value":2206,"marks":2207,"data":2208}," v1 (using QR codes to trigger the 15 minute code expiration window), Dirk-Jan Mollema’s ",[],{},{"nodeType":1493,"data":2210,"content":2212},{"uri":2211},"https://dirkjanm.io/phishing-for-microsoft-entra-primary-refresh-tokens/",[2213],{"nodeType":1482,"value":2214,"marks":2215,"data":2217},"key research",[2216],{"type":1491},{},{"nodeType":1482,"value":2219,"marks":2220,"data":2221}," (chaining device code phishing via Microsoft apps into Primary Refresh Token (PRT) acquisition to gain full browser-level access) and Dennis Kniep’s ",[],{},{"nodeType":1493,"data":2223,"content":2225},{"uri":2224},"https://github.com/denniskniep/DeviceCodePhishing",[2226],{"nodeType":1482,"value":2227,"marks":2228,"data":2230},"DeviceCodePhishing tool",[2229],{"type":1491},{},{"nodeType":1482,"value":2232,"marks":2233,"data":2234}," which automates the entire flow with a headless browser. (Other recent noteworthy tools include ",[],{},{"nodeType":1493,"data":2236,"content":2238},{"uri":2237},"https://github.com/nromsdahl/squarephish2",[2239],{"nodeType":1482,"value":2240,"marks":2241,"data":2243},"SquarePhish2",[2242],{"type":1491},{},{"nodeType":1482,"value":2245,"marks":2246,"data":2247}," and ",[],{},{"nodeType":1493,"data":2249,"content":2251},{"uri":2250},"https://github.com/praetorian-inc/GitPhish",[2252],{"nodeType":1482,"value":2253,"marks":2254,"data":2256},"GitPhish",[2255],{"type":1491},{},{"nodeType":1482,"value":2258,"marks":2259,"data":2260},", so shout out to those too). ",[],{},{"nodeType":1498,"data":2262,"content":2263},{},[2264,2268,2277],{"nodeType":1482,"value":2265,"marks":2266,"data":2267},"It wasn’t until August 2024 that in-the-wild exploitation was first identified, with Russia-linked campaigns then continuing into 2025 before entering mainstream criminal adoption. This trend has continued to gather momentum in 2026 with ",[],{},{"nodeType":1493,"data":2269,"content":2271},{"uri":2270},"https://thehackernews.com/2026/03/device-code-phishing-hits-340-microsoft.html",[2272],{"nodeType":1482,"value":2273,"marks":2274,"data":2276},"EvilTokens",[2275],{"type":1491},{},{"nodeType":1482,"value":2278,"marks":2279,"data":2280},", the first reported criminal PhaaS kit for device code phishing, already powering massive campaigns after launching in February. ",[],{},{"nodeType":1507,"data":2282,"content":2286},{"target":2283},{"sys":2284},{"id":2285,"type":1504,"linkType":1505},"6xsfmbYEzpW7CdDiNzO6cu",[],{"nodeType":1498,"data":2288,"content":2289},{},[2290],{"nodeType":1482,"value":2291,"marks":2292,"data":2293},"Some of the noteworthy in-the-wild campaigns include:",[],{},{"nodeType":2295,"data":2296,"content":2297},"unordered-list",{},[2298,2332,2354],{"nodeType":2299,"data":2300,"content":2301},"list-item",{},[2302],{"nodeType":1498,"data":2303,"content":2304},{},[2305,2309,2317,2320,2328],{"nodeType":1482,"value":2306,"marks":2307,"data":2308},"Storm-2372, tracked by ",[],{},{"nodeType":1493,"data":2310,"content":2312},{"uri":2311},"https://www.microsoft.com/en-us/security/blog/2025/02/13/storm-2372-conducts-device-code-phishing-campaign/",[2313],{"nodeType":1482,"value":2314,"marks":2315,"data":2316},"Microsoft",[],{},{"nodeType":1482,"value":2245,"marks":2318,"data":2319},[],{},{"nodeType":1493,"data":2321,"content":2323},{"uri":2322},"https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication/",[2324],{"nodeType":1482,"value":2325,"marks":2326,"data":2327},"Volexity",[],{},{"nodeType":1482,"value":2329,"marks":2330,"data":2331},", linked to multiple Russia-aligned clusters, combining spear-phishing and social engineering with device code phishing payloads against strategic intelligence targets.",[],{},{"nodeType":2299,"data":2333,"content":2334},{},[2335],{"nodeType":1498,"data":2336,"content":2337},{},[2338,2342,2350],{"nodeType":1482,"value":2339,"marks":2340,"data":2341},"The massive Salesforce campaign operated by ",[],{},{"nodeType":1493,"data":2343,"content":2345},{"uri":2344},"https://pushsecurity.com/blog/scattered-lapsus-hunters/",[2346],{"nodeType":1482,"value":2347,"marks":2348,"data":2349},"Scattered Lapsus$ Hunters",[],{},{"nodeType":1482,"value":2351,"marks":2352,"data":2353}," (SLH) combined vishing with a device code phishing payload targeting Salesforce. The attacks morphed into a broader supply chain campaign using stolen credentials, ultimately resulting in 1000+ organizations being compromised and over 1.5 billion stolen records claimed. ",[],{},{"nodeType":2299,"data":2355,"content":2356},{},[2357],{"nodeType":1498,"data":2358,"content":2359},{},[2360,2364,2372,2376,2385,2389,2398,2402,2411],{"nodeType":1482,"value":2361,"marks":2362,"data":2363},"A massive spike in activity in late 2025 and 2026. This includes ",[],{},{"nodeType":1493,"data":2365,"content":2367},{"uri":2366},"https://www.proofpoint.com/us/blog/threat-insight/access-granted-phishing-device-code-authorization-account-takeover",[2368],{"nodeType":1482,"value":2369,"marks":2370,"data":2371},"multiple threat clusters",[],{},{"nodeType":1482,"value":2373,"marks":2374,"data":2375}," tracked using device code phishing techniques, more ",[],{},{"nodeType":1493,"data":2377,"content":2379},{"uri":2378},"https://www.bleepingcomputer.com/news/security/hackers-target-microsoft-entra-accounts-in-device-code-vishing-attacks/",[2380],{"nodeType":1482,"value":2381,"marks":2382,"data":2384},"criminal operations linked to SLH",[2383],{"type":1491},{},{"nodeType":1482,"value":2386,"marks":2387,"data":2388},", and ",[],{},{"nodeType":1493,"data":2390,"content":2392},{"uri":2391},"https://newtonpaul.com/blog/device-code-phish-update/",[2393],{"nodeType":1482,"value":2394,"marks":2395,"data":2397},"hundreds of organizations being targeted via PhaaS architecture,",[2396],{"type":1491},{},{"nodeType":1482,"value":2399,"marks":2400,"data":2401}," which looks to be the same campaign as the recently uncovered EvilTokens PhaaS reported by ",[],{},{"nodeType":1493,"data":2403,"content":2405},{"uri":2404},"https://www.huntress.com/blog/railway-paas-m365-token-replay-campaign",[2406],{"nodeType":1482,"value":2407,"marks":2408,"data":2410},"Huntress",[2409],{"type":1491},{},{"nodeType":1482,"value":2412,"marks":2413,"data":2414}," (featuring abuse of the Railway PaaS platform). ",[],{},{"nodeType":1507,"data":2416,"content":2420},{"target":2417},{"sys":2418},{"id":2419,"type":1504,"linkType":1505},"3WLt6qLCK8CSwr0QZxZiMv",[],{"nodeType":1511,"data":2422,"content":2423},{},[],{"nodeType":1521,"data":2425,"content":2426},{},[2427],{"nodeType":1482,"value":2428,"marks":2429,"data":2431},"What we’re seeing in the wild",[2430],{"type":1519},{},{"nodeType":1498,"data":2433,"content":2434},{},[2435],{"nodeType":1482,"value":2436,"marks":2437,"data":2438},"As mentioned, we’ve also seen a huge spike in device code phishing activity this year, with multiple kits, page designs, and lure types. We’ve now identified 14+ distinct kits in circulation in the wild, with EvilTokens being the most prevalent. It’s clear that attackers are both spinning up their own kits and creative derivatives of others — we’ve seen kits that are visually similar to EvilTokens (close enough to be clones or forks) but with very different backends, for example AWS, Digital Ocean, 2cloud, and more. ",[],{},{"nodeType":1507,"data":2440,"content":2444},{"target":2441},{"sys":2442},{"id":2443,"type":1504,"linkType":1505},"nJCbTw85GKXdqrlIkzZwi",[],{"nodeType":1511,"data":2446,"content":2447},{},[],{"nodeType":2449,"data":2450,"content":2451},"heading-2",{},[2452],{"nodeType":1482,"value":2453,"marks":2454,"data":2456},"“ANTIBOT” (EvilTokens)",[2455],{"type":1519},{},{"nodeType":1498,"data":2458,"content":2459},{},[2460,2463,2470,2474,2483,2487,2495],{"nodeType":1482,"value":29,"marks":2461,"data":2462},[],{},{"nodeType":1493,"data":2464,"content":2465},{"uri":2404},[2466],{"nodeType":1482,"value":2407,"marks":2467,"data":2469},[2468],{"type":1491},{},{"nodeType":1482,"value":2471,"marks":2472,"data":2473},", ",[],{},{"nodeType":1493,"data":2475,"content":2477},{"uri":2476},"https://blog.sekoia.io/new-widespread-eviltokens-kit-device-code-phishing-as-a-service-part-1/",[2478],{"nodeType":1482,"value":2479,"marks":2480,"data":2482},"Sekoia",[2481],{"type":1491},{},{"nodeType":1482,"value":2484,"marks":2485,"data":2486},", and researcher ",[],{},{"nodeType":1493,"data":2488,"content":2489},{"uri":2391},[2490],{"nodeType":1482,"value":2491,"marks":2492,"data":2494},"Paul Newton",[2493],{"type":1491},{},{"nodeType":1482,"value":2496,"marks":2497,"data":2498}," have already done a great job of providing IOCs for the recent EvilTokens activity spike, including multiple backend Railway IPs in authentication events. ",[],{},{"nodeType":1507,"data":2500,"content":2504},{"target":2501},{"sys":2502},{"id":2503,"type":1504,"linkType":1505},"1XNviq5OvMf5TEAc59F6g5",[],{"nodeType":1498,"data":2506,"content":2507},{},[2508],{"nodeType":1482,"value":2509,"marks":2510,"data":2511},"Beyond the most widely observed implementation featuring a Cloudflare Workers frontend and Railway backend for authentication, we’ve also tracked additional versions of EvilTokens in circulation since January 2026 (many of which remain live along with the current “production” version of the kit). ",[],{},{"nodeType":1498,"data":2513,"content":2514},{},[2515],{"nodeType":1482,"value":2516,"marks":2517,"data":2518},"You can see an evolution of the kit in the videos and screenshots below, from early precursors seen in mid-January, the first mentions of ANTIBOT in the page code in late-January, the parallel development of a “Courts Access” fork that lacks the ANTIBOT references, and finally production EvilTokens in February. One of the key threads between the versions is the presence of a generateFallbackCode() JS function and use of a /generate-codes API call. ",[],{},{"nodeType":1498,"data":2520,"content":2521},{},[2522],{"nodeType":1482,"value":2523,"marks":2524,"data":2525},"Early implementations were quite different, for example using ScrapingBee to generate the displayed code, and varied hosting on vercel, fastly, edgeone, and others. ",[],{},{"nodeType":1498,"data":2527,"content":2528},{},[2529],{"nodeType":1482,"value":2530,"marks":2531,"data":2532},"After initially appearing on custom domains, the production version is now predominantly hosted on Cloudflare Workers, as per the broader tracking of the campaign. The descriptive HTML comments around ANTIBOT functions have also been removed in later versions. ",[],{},{"nodeType":1498,"data":2534,"content":2535},{},[2536,2540,2548],{"nodeType":1482,"value":2537,"marks":2538,"data":2539},"The production version of EvilTokens showcases common ",[],{},{"nodeType":1493,"data":2541,"content":2542},{"uri":1635},[2543],{"nodeType":1482,"value":2544,"marks":2545,"data":2547},"detection evasion techniques",[2546],{"type":1491},{},{"nodeType":1482,"value":2549,"marks":2550,"data":2551}," we've come to associate with PhaaS kits in the AiTM space — using multiple redirects through trusted sites before serving the malicious page, using bot protection to block security tools from analyzing the page, and so on. It also uses a pop-up window for the device code entry rather than a redirect, reducing the friction for the victim (it looks pretty convincing, too).",[],{},{"nodeType":1507,"data":2553,"content":2557},{"target":2554},{"sys":2555},{"id":2556,"type":1504,"linkType":1505},"73rNOIEDPfP5IJwpFaxVc2",[],{"nodeType":1507,"data":2559,"content":2563},{"target":2560},{"sys":2561},{"id":2562,"type":1504,"linkType":1505},"5BJSvOQUW9UpsQtoDNtgTC",[],{"nodeType":1507,"data":2565,"content":2569},{"target":2566},{"sys":2567},{"id":2568,"type":1504,"linkType":1505},"3dbePPxVb4h4SauGg3glIL",[],{"nodeType":1507,"data":2571,"content":2575},{"target":2572},{"sys":2573},{"id":2574,"type":1504,"linkType":1505},"1UOLcmNQvOsL5tdLSVuviq",[],{"nodeType":1507,"data":2577,"content":2581},{"target":2578},{"sys":2579},{"id":2580,"type":1504,"linkType":1505},"55XRqLSwUUi2D4ZVpJboml",[],{"nodeType":1507,"data":2583,"content":2587},{"target":2584},{"sys":2585},{"id":2586,"type":1504,"linkType":1505},"5wg5yr2Lo8t3f72ZV815c",[],{"nodeType":1507,"data":2589,"content":2593},{"target":2590},{"sys":2591},{"id":2592,"type":1504,"linkType":1505},"35cowlL6i3rkGXOGmSxlI1",[],{"nodeType":1498,"data":2595,"content":2596},{},[2597],{"nodeType":1482,"value":29,"marks":2598,"data":2599},[],{},{"nodeType":2601,"data":2602,"content":2603},"table",{},[2604,2630,2714,2766,2790],{"nodeType":2605,"data":2606,"content":2607},"table-row",{},[2608,2620],{"nodeType":2609,"data":2610,"content":2611},"table-cell",{},[2612],{"nodeType":1498,"data":2613,"content":2614},{},[2615],{"nodeType":1482,"value":2616,"marks":2617,"data":2619},"Frontend infrastructure",[2618],{"type":1519},{},{"nodeType":2609,"data":2621,"content":2622},{},[2623],{"nodeType":1498,"data":2624,"content":2625},{},[2626],{"nodeType":1482,"value":2627,"marks":2628,"data":2629},"Workers.dev, vercel.app, github.io, fastly.net, edgeone.dev",[],{},{"nodeType":2605,"data":2631,"content":2632},{},[2633,2644],{"nodeType":2609,"data":2634,"content":2635},{},[2636],{"nodeType":1498,"data":2637,"content":2638},{},[2639],{"nodeType":1482,"value":2640,"marks":2641,"data":2643},"Backend infrastructure",[2642],{"type":1519},{},{"nodeType":2609,"data":2645,"content":2646},{},[2647,2677],{"nodeType":1498,"data":2648,"content":2649},{},[2650,2655,2659,2664,2668,2673],{"nodeType":1482,"value":2651,"marks":2652,"data":2654},"Example IP: (V3) ",[2653],{"type":1519},{},{"nodeType":1482,"value":2656,"marks":2657,"data":2658},"162.220.232.71 (Railway AS400940) ",[],{},{"nodeType":1482,"value":2660,"marks":2661,"data":2663},"(V2)",[2662],{"type":1519},{},{"nodeType":1482,"value":2665,"marks":2666,"data":2667}," 71.11.42.193 ",[],{},{"nodeType":1482,"value":2669,"marks":2670,"data":2672},"(V1) ",[2671],{"type":1519},{},{"nodeType":1482,"value":2674,"marks":2675,"data":2676},"72.218.25.107",[],{},{"nodeType":1498,"data":2678,"content":2679},{},[2680,2685,2689,2694,2698,2702,2706,2710],{"nodeType":1482,"value":2681,"marks":2682,"data":2684},"Backend User Agent:",[2683],{"type":1519},{},{"nodeType":1482,"value":2686,"marks":2687,"data":2688}," ",[],{},{"nodeType":1482,"value":2690,"marks":2691,"data":2693},"(V3) ",[2692],{"type":1519},{},{"nodeType":1482,"value":2695,"marks":2696,"data":2697},"node, ",[],{},{"nodeType":1482,"value":2660,"marks":2699,"data":2701},[2700],{"type":1519},{},{"nodeType":1482,"value":2703,"marks":2704,"data":2705},", Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683 Safari/537.36 OPR/57.0.3098.91 ",[],{},{"nodeType":1482,"value":2669,"marks":2707,"data":2709},[2708],{"type":1519},{},{"nodeType":1482,"value":2711,"marks":2712,"data":2713},"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36 OPR/56.0.3051.52 ",[],{},{"nodeType":2605,"data":2715,"content":2716},{},[2717,2728],{"nodeType":2609,"data":2718,"content":2719},{},[2720],{"nodeType":1498,"data":2721,"content":2722},{},[2723],{"nodeType":1482,"value":2724,"marks":2725,"data":2727},"Network paths",[2726],{"type":1519},{},{"nodeType":2609,"data":2729,"content":2730},{},[2731,2738,2745,2752,2759],{"nodeType":1498,"data":2732,"content":2733},{},[2734],{"nodeType":1482,"value":2735,"marks":2736,"data":2737},"/api/rate-limit ",[],{},{"nodeType":1498,"data":2739,"content":2740},{},[2741],{"nodeType":1482,"value":2742,"marks":2743,"data":2744},"/api/fingerprint ",[],{},{"nodeType":1498,"data":2746,"content":2747},{},[2748],{"nodeType":1482,"value":2749,"marks":2750,"data":2751},"/api/captcha-verify ",[],{},{"nodeType":1498,"data":2753,"content":2754},{},[2755],{"nodeType":1482,"value":2756,"marks":2757,"data":2758},"/api/init /api/generate-code ",[],{},{"nodeType":1498,"data":2760,"content":2761},{},[2762],{"nodeType":1482,"value":2763,"marks":2764,"data":2765},"/api/check-auth",[],{},{"nodeType":2605,"data":2767,"content":2768},{},[2769,2780],{"nodeType":2609,"data":2770,"content":2771},{},[2772],{"nodeType":1498,"data":2773,"content":2774},{},[2775],{"nodeType":1482,"value":2776,"marks":2777,"data":2779},"Lure themes",[2778],{"type":1519},{},{"nodeType":2609,"data":2781,"content":2782},{},[2783],{"nodeType":1498,"data":2784,"content":2785},{},[2786],{"nodeType":1482,"value":2787,"marks":2788,"data":2789},"Various MS lures (e.g. Outlook, SharePoint, Teams) DocuSign, Adobe",[],{},{"nodeType":2605,"data":2791,"content":2792},{},[2793,2804],{"nodeType":2609,"data":2794,"content":2795},{},[2796],{"nodeType":1498,"data":2797,"content":2798},{},[2799],{"nodeType":1482,"value":2800,"marks":2801,"data":2803},"Example Domain",[2802],{"type":1519},{},{"nodeType":2609,"data":2805,"content":2806},{},[2807,2819,2831,2843,2855],{"nodeType":1498,"data":2808,"content":2809},{},[2810,2815],{"nodeType":1482,"value":2811,"marks":2812,"data":2814},"Precursor A:",[2813],{"type":1519},{},{"nodeType":1482,"value":2816,"marks":2817,"data":2818}," teams-zpfvwnpxuc[.]edgeone.dev",[],{},{"nodeType":1498,"data":2820,"content":2821},{},[2822,2827],{"nodeType":1482,"value":2823,"marks":2824,"data":2826},"Precursor B: ",[2825],{"type":1519},{},{"nodeType":1482,"value":2828,"marks":2829,"data":2830},"authenticate-m365-accountsecurity-m-pi[.]vercel.app",[],{},{"nodeType":1498,"data":2832,"content":2833},{},[2834,2839],{"nodeType":1482,"value":2835,"marks":2836,"data":2838},"Courts Access: ",[2837],{"type":1519},{},{"nodeType":1482,"value":2840,"marks":2841,"data":2842},"secure-systems-validations-courts[.]vercel.app",[],{},{"nodeType":1498,"data":2844,"content":2845},{},[2846,2851],{"nodeType":1482,"value":2847,"marks":2848,"data":2850},"Early ANTIBOT:",[2849],{"type":1519},{},{"nodeType":1482,"value":2852,"marks":2853,"data":2854}," interface-auth-en-useast[.]global.ssl.fastly.net",[],{},{"nodeType":1498,"data":2856,"content":2857},{},[2858,2863],{"nodeType":1482,"value":2859,"marks":2860,"data":2862},"Production ANTIBOT: ",[2861],{"type":1519},{},{"nodeType":1482,"value":2864,"marks":2865,"data":2866},"index-z059-document-pending-reviewsign-xlss7994824[.]awalizer[.]workers.dev",[],{},{"nodeType":1511,"data":2868,"content":2869},{},[],{"nodeType":2449,"data":2871,"content":2872},{},[2873],{"nodeType":1482,"value":2874,"marks":2875,"data":2877},"“SHAREFILE”",[2876],{"type":1519},{},{"nodeType":2601,"data":2879,"content":2880},{},[2881,2904,2943,2966,2989],{"nodeType":2605,"data":2882,"content":2883},{},[2884,2894],{"nodeType":2609,"data":2885,"content":2886},{},[2887],{"nodeType":1498,"data":2888,"content":2889},{},[2890],{"nodeType":1482,"value":2616,"marks":2891,"data":2893},[2892],{"type":1519},{},{"nodeType":2609,"data":2895,"content":2896},{},[2897],{"nodeType":1498,"data":2898,"content":2899},{},[2900],{"nodeType":1482,"value":2901,"marks":2902,"data":2903},"No hosting markers visible.",[],{},{"nodeType":2605,"data":2905,"content":2906},{},[2907,2917],{"nodeType":2609,"data":2908,"content":2909},{},[2910],{"nodeType":1498,"data":2911,"content":2912},{},[2913],{"nodeType":1482,"value":2640,"marks":2914,"data":2916},[2915],{"type":1519},{},{"nodeType":2609,"data":2918,"content":2919},{},[2920,2932],{"nodeType":1498,"data":2921,"content":2922},{},[2923,2928],{"nodeType":1482,"value":2924,"marks":2925,"data":2927},"Example IP:",[2926],{"type":1519},{},{"nodeType":1482,"value":2929,"marks":2930,"data":2931}," 147.45.60.47 (Global Connectivity Solutions LLP AS215540)",[],{},{"nodeType":1498,"data":2933,"content":2934},{},[2935,2939],{"nodeType":1482,"value":2681,"marks":2936,"data":2938},[2937],{"type":1519},{},{"nodeType":1482,"value":2940,"marks":2941,"data":2942}," node",[],{},{"nodeType":2605,"data":2944,"content":2945},{},[2946,2956],{"nodeType":2609,"data":2947,"content":2948},{},[2949],{"nodeType":1498,"data":2950,"content":2951},{},[2952],{"nodeType":1482,"value":2724,"marks":2953,"data":2955},[2954],{"type":1519},{},{"nodeType":2609,"data":2957,"content":2958},{},[2959],{"nodeType":1498,"data":2960,"content":2961},{},[2962],{"nodeType":1482,"value":2963,"marks":2964,"data":2965},"POST /api/device/start  POST /api/device/poll",[],{},{"nodeType":2605,"data":2967,"content":2968},{},[2969,2979],{"nodeType":2609,"data":2970,"content":2971},{},[2972],{"nodeType":1498,"data":2973,"content":2974},{},[2975],{"nodeType":1482,"value":2776,"marks":2976,"data":2978},[2977],{"type":1519},{},{"nodeType":2609,"data":2980,"content":2981},{},[2982],{"nodeType":1498,"data":2983,"content":2984},{},[2985],{"nodeType":1482,"value":2986,"marks":2987,"data":2988},"Citrix ShareFile document transfer — file card with sender info, expiry warning, download/preview buttons",[],{},{"nodeType":2605,"data":2990,"content":2991},{},[2992,3003],{"nodeType":2609,"data":2993,"content":2994},{},[2995],{"nodeType":1498,"data":2996,"content":2997},{},[2998],{"nodeType":1482,"value":2999,"marks":3000,"data":3002},"Example domain",[3001],{"type":1519},{},{"nodeType":2609,"data":3004,"content":3005},{},[3006],{"nodeType":1498,"data":3007,"content":3008},{},[3009],{"nodeType":1482,"value":3010,"marks":3011,"data":3012},"cghdfg[.]vbchkioi[.]su",[],{},{"nodeType":1507,"data":3014,"content":3018},{"target":3015},{"sys":3016},{"id":3017,"type":1504,"linkType":1505},"1TtZ6VsMSTlPvy7W996w9E",[],{"nodeType":1511,"data":3020,"content":3021},{},[],{"nodeType":2449,"data":3023,"content":3024},{},[3025],{"nodeType":1482,"value":3026,"marks":3027,"data":3029},"“CLURE”",[3028],{"type":1519},{},{"nodeType":2601,"data":3031,"content":3032},{},[3033,3056,3095,3118,3141],{"nodeType":2605,"data":3034,"content":3035},{},[3036,3046],{"nodeType":2609,"data":3037,"content":3038},{},[3039],{"nodeType":1498,"data":3040,"content":3041},{},[3042],{"nodeType":1482,"value":2616,"marks":3043,"data":3045},[3044],{"type":1519},{},{"nodeType":2609,"data":3047,"content":3048},{},[3049],{"nodeType":1498,"data":3050,"content":3051},{},[3052],{"nodeType":1482,"value":3053,"marks":3054,"data":3055},"API on api.duemineral.uk:8443 and api.loadingdocuments.uk:8443 (rotates). ",[],{},{"nodeType":2605,"data":3057,"content":3058},{},[3059,3069],{"nodeType":2609,"data":3060,"content":3061},{},[3062],{"nodeType":1498,"data":3063,"content":3064},{},[3065],{"nodeType":1482,"value":2640,"marks":3066,"data":3068},[3067],{"type":1519},{},{"nodeType":2609,"data":3070,"content":3071},{},[3072,3084],{"nodeType":1498,"data":3073,"content":3074},{},[3075,3080],{"nodeType":1482,"value":3076,"marks":3077,"data":3079},"Example IP: ",[3078],{"type":1519},{},{"nodeType":1482,"value":3081,"marks":3082,"data":3083},"162.243.166.119 (DigitalOcean AS14061)",[],{},{"nodeType":1498,"data":3085,"content":3086},{},[3087,3091],{"nodeType":1482,"value":2681,"marks":3088,"data":3090},[3089],{"type":1519},{},{"nodeType":1482,"value":3092,"marks":3093,"data":3094}," python-requests/2.32.5",[],{},{"nodeType":2605,"data":3096,"content":3097},{},[3098,3108],{"nodeType":2609,"data":3099,"content":3100},{},[3101],{"nodeType":1498,"data":3102,"content":3103},{},[3104],{"nodeType":1482,"value":2724,"marks":3105,"data":3107},[3106],{"type":1519},{},{"nodeType":2609,"data":3109,"content":3110},{},[3111],{"nodeType":1498,"data":3112,"content":3113},{},[3114],{"nodeType":1482,"value":3115,"marks":3116,"data":3117},"GET /api/status/{numeric_SID} (port :8443)",[],{},{"nodeType":2605,"data":3119,"content":3120},{},[3121,3131],{"nodeType":2609,"data":3122,"content":3123},{},[3124],{"nodeType":1498,"data":3125,"content":3126},{},[3127],{"nodeType":1482,"value":2776,"marks":3128,"data":3130},[3129],{"type":1519},{},{"nodeType":2609,"data":3132,"content":3133},{},[3134],{"nodeType":1498,"data":3135,"content":3136},{},[3137],{"nodeType":1482,"value":3138,"marks":3139,"data":3140},"SharePoint \"Team Site\" doc library, SharePoint \"Shared Document\" individual share",[],{},{"nodeType":2605,"data":3142,"content":3143},{},[3144,3154],{"nodeType":2609,"data":3145,"content":3146},{},[3147],{"nodeType":1498,"data":3148,"content":3149},{},[3150],{"nodeType":1482,"value":2999,"marks":3151,"data":3153},[3152],{"type":1519},{},{"nodeType":2609,"data":3155,"content":3156},{},[3157],{"nodeType":1498,"data":3158,"content":3159},{},[3160],{"nodeType":1482,"value":3161,"marks":3162,"data":3163},"auth[.]duemineral[.]uk",[],{},{"nodeType":1507,"data":3165,"content":3169},{"target":3166},{"sys":3167},{"id":3168,"type":1504,"linkType":1505},"3DAm11OYudNrqbL6pda5S1",[],{"nodeType":1511,"data":3171,"content":3172},{},[],{"nodeType":2449,"data":3174,"content":3175},{},[3176],{"nodeType":1482,"value":3177,"marks":3178,"data":3180},"“LINKID”",[3179],{"type":1519},{},{"nodeType":2601,"data":3182,"content":3183},{},[3184,3207,3252,3282,3305],{"nodeType":2605,"data":3185,"content":3186},{},[3187,3197],{"nodeType":2609,"data":3188,"content":3189},{},[3190],{"nodeType":1498,"data":3191,"content":3192},{},[3193],{"nodeType":1482,"value":2616,"marks":3194,"data":3196},[3195],{"type":1519},{},{"nodeType":2609,"data":3198,"content":3199},{},[3200],{"nodeType":1498,"data":3201,"content":3202},{},[3203],{"nodeType":1482,"value":3204,"marks":3205,"data":3206},"Adobe variant has Cloudflare challenge-platform iframe (CF-protected origin). Relative API paths — self-hosted.",[],{},{"nodeType":2605,"data":3208,"content":3209},{},[3210,3220],{"nodeType":2609,"data":3211,"content":3212},{},[3213],{"nodeType":1498,"data":3214,"content":3215},{},[3216],{"nodeType":1482,"value":2640,"marks":3217,"data":3219},[3218],{"type":1519},{},{"nodeType":2609,"data":3221,"content":3222},{},[3223,3234,3241],{"nodeType":1498,"data":3224,"content":3225},{},[3226,3230],{"nodeType":1482,"value":3076,"marks":3227,"data":3229},[3228],{"type":1519},{},{"nodeType":1482,"value":3231,"marks":3232,"data":3233},"185.176.220.22 (2cloud.eu AS39845)",[],{},{"nodeType":1498,"data":3235,"content":3236},{},[3237],{"nodeType":1482,"value":3238,"marks":3239,"data":3240},"2600:1f10:470d:9a00:1437:ec30:be61:3494 (AWS AS16509)",[],{},{"nodeType":1498,"data":3242,"content":3243},{},[3244,3248],{"nodeType":1482,"value":2681,"marks":3245,"data":3247},[3246],{"type":1519},{},{"nodeType":1482,"value":3249,"marks":3250,"data":3251}," axios/1.10.0 , axios/1.13.6",[],{},{"nodeType":2605,"data":3253,"content":3254},{},[3255,3265],{"nodeType":2609,"data":3256,"content":3257},{},[3258],{"nodeType":1498,"data":3259,"content":3260},{},[3261],{"nodeType":1482,"value":2724,"marks":3262,"data":3264},[3263],{"type":1519},{},{"nodeType":2609,"data":3266,"content":3267},{},[3268,3275],{"nodeType":1498,"data":3269,"content":3270},{},[3271],{"nodeType":1482,"value":3272,"marks":3273,"data":3274},"POST /api/device/start",[],{},{"nodeType":1498,"data":3276,"content":3277},{},[3278],{"nodeType":1482,"value":3279,"marks":3280,"data":3281},"GET /api/device/status/{sessionId}",[],{},{"nodeType":2605,"data":3283,"content":3284},{},[3285,3295],{"nodeType":2609,"data":3286,"content":3287},{},[3288],{"nodeType":1498,"data":3289,"content":3290},{},[3291],{"nodeType":1482,"value":2776,"marks":3292,"data":3294},[3293],{"type":1519},{},{"nodeType":2609,"data":3296,"content":3297},{},[3298],{"nodeType":1498,"data":3299,"content":3300},{},[3301],{"nodeType":1482,"value":3302,"marks":3303,"data":3304},"MS Teams meeting invitation (with interactive date/time picker), Adobe Acrobat Sign document review",[],{},{"nodeType":2605,"data":3306,"content":3307},{},[3308,3318],{"nodeType":2609,"data":3309,"content":3310},{},[3311],{"nodeType":1498,"data":3312,"content":3313},{},[3314],{"nodeType":1482,"value":2999,"marks":3315,"data":3317},[3316],{"type":1519},{},{"nodeType":2609,"data":3319,"content":3320},{},[3321],{"nodeType":1498,"data":3322,"content":3323},{},[3324],{"nodeType":1482,"value":3325,"marks":3326,"data":3327},"sdtr-site[.]cfd",[],{},{"nodeType":1507,"data":3329,"content":3333},{"target":3330},{"sys":3331},{"id":3332,"type":1504,"linkType":1505},"22hsIzlkptC2JTIUtbOuUn",[],{"nodeType":1511,"data":3335,"content":3336},{},[],{"nodeType":2449,"data":3338,"content":3339},{},[3340],{"nodeType":1482,"value":3341,"marks":3342,"data":3344},"“AUTHOV”",[3343],{"type":1519},{},{"nodeType":2601,"data":3346,"content":3347},{},[3348,3371,3417,3440,3463],{"nodeType":2605,"data":3349,"content":3350},{},[3351,3361],{"nodeType":2609,"data":3352,"content":3353},{},[3354],{"nodeType":1498,"data":3355,"content":3356},{},[3357],{"nodeType":1482,"value":2616,"marks":3358,"data":3360},[3359],{"type":1519},{},{"nodeType":2609,"data":3362,"content":3363},{},[3364],{"nodeType":1498,"data":3365,"content":3366},{},[3367],{"nodeType":1482,"value":3368,"marks":3369,"data":3370},"workers.dev",[],{},{"nodeType":2605,"data":3372,"content":3373},{},[3374,3384],{"nodeType":2609,"data":3375,"content":3376},{},[3377],{"nodeType":1498,"data":3378,"content":3379},{},[3380],{"nodeType":1482,"value":2640,"marks":3381,"data":3383},[3382],{"type":1519},{},{"nodeType":2609,"data":3385,"content":3386},{},[3387,3398],{"nodeType":1498,"data":3388,"content":3389},{},[3390,3394],{"nodeType":1482,"value":3076,"marks":3391,"data":3393},[3392],{"type":1519},{},{"nodeType":1482,"value":3395,"marks":3396,"data":3397},"192.3.225.100 (HostPapa / ColoCrossing AS36352)",[],{},{"nodeType":1498,"data":3399,"content":3400},{},[3401,3405,3408,3413],{"nodeType":1482,"value":2681,"marks":3402,"data":3404},[3403],{"type":1519},{},{"nodeType":1482,"value":2686,"marks":3406,"data":3407},[],{},{"nodeType":1482,"value":3409,"marks":3410,"data":3412}," ",[3411],{"type":1519},{},{"nodeType":1482,"value":3414,"marks":3415,"data":3416},"python-httpx/0.28.1",[],{},{"nodeType":2605,"data":3418,"content":3419},{},[3420,3430],{"nodeType":2609,"data":3421,"content":3422},{},[3423],{"nodeType":1498,"data":3424,"content":3425},{},[3426],{"nodeType":1482,"value":2724,"marks":3427,"data":3429},[3428],{"type":1519},{},{"nodeType":2609,"data":3431,"content":3432},{},[3433],{"nodeType":1498,"data":3434,"content":3435},{},[3436],{"nodeType":1482,"value":3437,"marks":3438,"data":3439},"GET /landing/api/session-status?session_id=&token=",[],{},{"nodeType":2605,"data":3441,"content":3442},{},[3443,3453],{"nodeType":2609,"data":3444,"content":3445},{},[3446],{"nodeType":1498,"data":3447,"content":3448},{},[3449],{"nodeType":1482,"value":2776,"marks":3450,"data":3452},[3451],{"type":1519},{},{"nodeType":2609,"data":3454,"content":3455},{},[3456],{"nodeType":1498,"data":3457,"content":3458},{},[3459],{"nodeType":1482,"value":3460,"marks":3461,"data":3462},"Adobe Acrobat document sharing (PDF preview, sender avatar)",[],{},{"nodeType":2605,"data":3464,"content":3465},{},[3466,3476],{"nodeType":2609,"data":3467,"content":3468},{},[3469],{"nodeType":1498,"data":3470,"content":3471},{},[3472],{"nodeType":1482,"value":2999,"marks":3473,"data":3475},[3474],{"type":1519},{},{"nodeType":2609,"data":3477,"content":3478},{},[3479],{"nodeType":1498,"data":3480,"content":3481},{},[3482],{"nodeType":1482,"value":3483,"marks":3484,"data":3485},"milosh-solibella-0dcio[.]sgttommy.workers.dev",[],{},{"nodeType":1507,"data":3487,"content":3491},{"target":3488},{"sys":3489},{"id":3490,"type":1504,"linkType":1505},"6szO6IKJ32usyxIKX1efZy",[],{"nodeType":1511,"data":3493,"content":3494},{},[],{"nodeType":2449,"data":3496,"content":3497},{},[3498],{"nodeType":1482,"value":3499,"marks":3500,"data":3502},"“DOCUPOLL”",[3501],{"type":1519},{},{"nodeType":2601,"data":3504,"content":3505},{},[3506,3529,3567,3604,3627],{"nodeType":2605,"data":3507,"content":3508},{},[3509,3519],{"nodeType":2609,"data":3510,"content":3511},{},[3512],{"nodeType":1498,"data":3513,"content":3514},{},[3515],{"nodeType":1482,"value":2616,"marks":3516,"data":3518},[3517],{"type":1519},{},{"nodeType":2609,"data":3520,"content":3521},{},[3522],{"nodeType":1498,"data":3523,"content":3524},{},[3525],{"nodeType":1482,"value":3526,"marks":3527,"data":3528},"Github.io and workers.dev hosting",[],{},{"nodeType":2605,"data":3530,"content":3531},{},[3532,3542],{"nodeType":2609,"data":3533,"content":3534},{},[3535],{"nodeType":1498,"data":3536,"content":3537},{},[3538],{"nodeType":1482,"value":2640,"marks":3539,"data":3541},[3540],{"type":1519},{},{"nodeType":2609,"data":3543,"content":3544},{},[3545,3556],{"nodeType":1498,"data":3546,"content":3547},{},[3548,3552],{"nodeType":1482,"value":3076,"marks":3549,"data":3551},[3550],{"type":1519},{},{"nodeType":1482,"value":3553,"marks":3554,"data":3555},"144.172.103.240 (FranTech Solutions / RouterHosting / Cloudzy AS14956)",[],{},{"nodeType":1498,"data":3557,"content":3558},{},[3559,3563],{"nodeType":1482,"value":2681,"marks":3560,"data":3562},[3561],{"type":1519},{},{"nodeType":1482,"value":3564,"marks":3565,"data":3566}," Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19042",[],{},{"nodeType":2605,"data":3568,"content":3569},{},[3570,3580],{"nodeType":2609,"data":3571,"content":3572},{},[3573],{"nodeType":1498,"data":3574,"content":3575},{},[3576],{"nodeType":1482,"value":2724,"marks":3577,"data":3579},[3578],{"type":1519},{},{"nodeType":2609,"data":3581,"content":3582},{},[3583,3590,3597],{"nodeType":1498,"data":3584,"content":3585},{},[3586],{"nodeType":1482,"value":3587,"marks":3588,"data":3589},"POST /api/v1/landing-pages/public/{slug}/init",[],{},{"nodeType":1498,"data":3591,"content":3592},{},[3593],{"nodeType":1482,"value":3594,"marks":3595,"data":3596},"POST .../poll",[],{},{"nodeType":1498,"data":3598,"content":3599},{},[3600],{"nodeType":1482,"value":3601,"marks":3602,"data":3603},"POST .../track",[],{},{"nodeType":2605,"data":3605,"content":3606},{},[3607,3617],{"nodeType":2609,"data":3608,"content":3609},{},[3610],{"nodeType":1498,"data":3611,"content":3612},{},[3613],{"nodeType":1482,"value":2776,"marks":3614,"data":3616},[3615],{"type":1519},{},{"nodeType":2609,"data":3618,"content":3619},{},[3620],{"nodeType":1498,"data":3621,"content":3622},{},[3623],{"nodeType":1482,"value":3624,"marks":3625,"data":3626},"DocuSign document signing. One sample is a full scrape of real docusign.com (free-account page) with kit injected.",[],{},{"nodeType":2605,"data":3628,"content":3629},{},[3630,3640],{"nodeType":2609,"data":3631,"content":3632},{},[3633],{"nodeType":1498,"data":3634,"content":3635},{},[3636],{"nodeType":1482,"value":2999,"marks":3637,"data":3639},[3638],{"type":1519},{},{"nodeType":2609,"data":3641,"content":3642},{},[3643],{"nodeType":1498,"data":3644,"content":3645},{},[3646],{"nodeType":1482,"value":3647,"marks":3648,"data":3649},"docufirmar[.]github.io",[],{},{"nodeType":1507,"data":3651,"content":3655},{"target":3652},{"sys":3653},{"id":3654,"type":1504,"linkType":1505},"6Y1XABHnQD82R3MW80HnQZ",[],{"nodeType":1511,"data":3657,"content":3658},{},[],{"nodeType":2449,"data":3660,"content":3661},{},[3662],{"nodeType":1482,"value":3663,"marks":3664,"data":3666},"“FLOW_TOKEN”",[3665],{"type":1519},{},{"nodeType":2601,"data":3668,"content":3669},{},[3670,3692,3737,3767,3790],{"nodeType":2605,"data":3671,"content":3672},{},[3673,3683],{"nodeType":2609,"data":3674,"content":3675},{},[3676],{"nodeType":1498,"data":3677,"content":3678},{},[3679],{"nodeType":1482,"value":2616,"marks":3680,"data":3682},[3681],{"type":1519},{},{"nodeType":2609,"data":3684,"content":3685},{},[3686],{"nodeType":1498,"data":3687,"content":3688},{},[3689],{"nodeType":1482,"value":3368,"marks":3690,"data":3691},[],{},{"nodeType":2605,"data":3693,"content":3694},{},[3695,3705],{"nodeType":2609,"data":3696,"content":3697},{},[3698],{"nodeType":1498,"data":3699,"content":3700},{},[3701],{"nodeType":1482,"value":2640,"marks":3702,"data":3704},[3703],{"type":1519},{},{"nodeType":2609,"data":3706,"content":3707},{},[3708,3719],{"nodeType":1498,"data":3709,"content":3710},{},[3711,3715],{"nodeType":1482,"value":3076,"marks":3712,"data":3714},[3713],{"type":1519},{},{"nodeType":1482,"value":3716,"marks":3717,"data":3718},"43.166.163.163 (Tencent Cloud AS132203)",[],{},{"nodeType":1498,"data":3720,"content":3721},{},[3722,3726,3729,3733],{"nodeType":1482,"value":2681,"marks":3723,"data":3725},[3724],{"type":1519},{},{"nodeType":1482,"value":2686,"marks":3727,"data":3728},[],{},{"nodeType":1482,"value":3409,"marks":3730,"data":3732},[3731],{"type":1519},{},{"nodeType":1482,"value":3734,"marks":3735,"data":3736},"(null)",[],{},{"nodeType":2605,"data":3738,"content":3739},{},[3740,3750],{"nodeType":2609,"data":3741,"content":3742},{},[3743],{"nodeType":1498,"data":3744,"content":3745},{},[3746],{"nodeType":1482,"value":2724,"marks":3747,"data":3749},[3748],{"type":1519},{},{"nodeType":2609,"data":3751,"content":3752},{},[3753,3760],{"nodeType":1498,"data":3754,"content":3755},{},[3756],{"nodeType":1482,"value":3757,"marks":3758,"data":3759},"POST /api/handler.php ",[],{},{"nodeType":1498,"data":3761,"content":3762},{},[3763],{"nodeType":1482,"value":3764,"marks":3765,"data":3766},"(actions: device_code_generate, device_code_poll_public)",[],{},{"nodeType":2605,"data":3768,"content":3769},{},[3770,3780],{"nodeType":2609,"data":3771,"content":3772},{},[3773],{"nodeType":1498,"data":3774,"content":3775},{},[3776],{"nodeType":1482,"value":2776,"marks":3777,"data":3779},[3778],{"type":1519},{},{"nodeType":2609,"data":3781,"content":3782},{},[3783],{"nodeType":1498,"data":3784,"content":3785},{},[3786],{"nodeType":1482,"value":3787,"marks":3788,"data":3789},"DocuSign \"Salary Adjustment Document — 2026\", Microsoft banner · HR Department sender",[],{},{"nodeType":2605,"data":3791,"content":3792},{},[3793,3803],{"nodeType":2609,"data":3794,"content":3795},{},[3796],{"nodeType":1498,"data":3797,"content":3798},{},[3799],{"nodeType":1482,"value":2999,"marks":3800,"data":3802},[3801],{"type":1519},{},{"nodeType":2609,"data":3804,"content":3805},{},[3806],{"nodeType":1498,"data":3807,"content":3808},{},[3809],{"nodeType":1482,"value":3810,"marks":3811,"data":3812},"salaryadjustment-2afb52.pmb6fefc52b3f9aa5c2dbf[.]workers.dev",[],{},{"nodeType":1507,"data":3814,"content":3818},{"target":3815},{"sys":3816},{"id":3817,"type":1504,"linkType":1505},"6xiTDHStbiJh7LMhjAZcPd",[],{"nodeType":1511,"data":3820,"content":3821},{},[],{"nodeType":2449,"data":3823,"content":3824},{},[3825],{"nodeType":1482,"value":3826,"marks":3827,"data":3829},"“PAPRIKA”",[3828],{"type":1519},{},{"nodeType":2601,"data":3831,"content":3832},{},[3833,3856,3879,3902],{"nodeType":2605,"data":3834,"content":3835},{},[3836,3846],{"nodeType":2609,"data":3837,"content":3838},{},[3839],{"nodeType":1498,"data":3840,"content":3841},{},[3842],{"nodeType":1482,"value":2616,"marks":3843,"data":3845},[3844],{"type":1519},{},{"nodeType":2609,"data":3847,"content":3848},{},[3849],{"nodeType":1498,"data":3850,"content":3851},{},[3852],{"nodeType":1482,"value":3853,"marks":3854,"data":3855},"AWS S3 hosting",[],{},{"nodeType":2605,"data":3857,"content":3858},{},[3859,3869],{"nodeType":2609,"data":3860,"content":3861},{},[3862],{"nodeType":1498,"data":3863,"content":3864},{},[3865],{"nodeType":1482,"value":2724,"marks":3866,"data":3868},[3867],{"type":1519},{},{"nodeType":2609,"data":3870,"content":3871},{},[3872],{"nodeType":1498,"data":3873,"content":3874},{},[3875],{"nodeType":1482,"value":3876,"marks":3877,"data":3878},"POST /api/v1/loader",[],{},{"nodeType":2605,"data":3880,"content":3881},{},[3882,3892],{"nodeType":2609,"data":3883,"content":3884},{},[3885],{"nodeType":1498,"data":3886,"content":3887},{},[3888],{"nodeType":1482,"value":2776,"marks":3889,"data":3891},[3890],{"type":1519},{},{"nodeType":2609,"data":3893,"content":3894},{},[3895],{"nodeType":1498,"data":3896,"content":3897},{},[3898],{"nodeType":1482,"value":3899,"marks":3900,"data":3901},"MS login clone (\"Sign in to your account\"), \"Office 365\" branding, fake \"Powered by Okta\" footer",[],{},{"nodeType":2605,"data":3903,"content":3904},{},[3905,3915],{"nodeType":2609,"data":3906,"content":3907},{},[3908],{"nodeType":1498,"data":3909,"content":3910},{},[3911],{"nodeType":1482,"value":2999,"marks":3912,"data":3914},[3913],{"type":1519},{},{"nodeType":2609,"data":3916,"content":3917},{},[3918],{"nodeType":1498,"data":3919,"content":3920},{},[3921],{"nodeType":1482,"value":3922,"marks":3923,"data":3924},"redirect-523346-d95027ec[.]s3.amazonaws.com",[],{},{"nodeType":1507,"data":3926,"content":3930},{"target":3927},{"sys":3928},{"id":3929,"type":1504,"linkType":1505},"6WFXqUDzcJHKWSwVIcDZAf",[],{"nodeType":1511,"data":3932,"content":3933},{},[],{"nodeType":2449,"data":3935,"content":3936},{},[3937],{"nodeType":1482,"value":3938,"marks":3939,"data":3941},"“DCSTATUS”",[3940],{"type":1519},{},{"nodeType":2601,"data":3943,"content":3944},{},[3945,3967,3990,4013],{"nodeType":2605,"data":3946,"content":3947},{},[3948,3958],{"nodeType":2609,"data":3949,"content":3950},{},[3951],{"nodeType":1498,"data":3952,"content":3953},{},[3954],{"nodeType":1482,"value":2616,"marks":3955,"data":3957},[3956],{"type":1519},{},{"nodeType":2609,"data":3959,"content":3960},{},[3961],{"nodeType":1498,"data":3962,"content":3963},{},[3964],{"nodeType":1482,"value":2901,"marks":3965,"data":3966},[],{},{"nodeType":2605,"data":3968,"content":3969},{},[3970,3980],{"nodeType":2609,"data":3971,"content":3972},{},[3973],{"nodeType":1498,"data":3974,"content":3975},{},[3976],{"nodeType":1482,"value":2724,"marks":3977,"data":3979},[3978],{"type":1519},{},{"nodeType":2609,"data":3981,"content":3982},{},[3983],{"nodeType":1498,"data":3984,"content":3985},{},[3986],{"nodeType":1482,"value":3987,"marks":3988,"data":3989},"GET /dc/status/{base64url_sid}",[],{},{"nodeType":2605,"data":3991,"content":3992},{},[3993,4003],{"nodeType":2609,"data":3994,"content":3995},{},[3996],{"nodeType":1498,"data":3997,"content":3998},{},[3999],{"nodeType":1482,"value":2776,"marks":4000,"data":4002},[4001],{"type":1519},{},{"nodeType":2609,"data":4004,"content":4005},{},[4006],{"nodeType":1498,"data":4007,"content":4008},{},[4009],{"nodeType":1482,"value":4010,"marks":4011,"data":4012},"Generic \"Microsoft 365 - Secure Access\" verification page",[],{},{"nodeType":2605,"data":4014,"content":4015},{},[4016,4026],{"nodeType":2609,"data":4017,"content":4018},{},[4019],{"nodeType":1498,"data":4020,"content":4021},{},[4022],{"nodeType":1482,"value":2999,"marks":4023,"data":4025},[4024],{"type":1519},{},{"nodeType":2609,"data":4027,"content":4028},{},[4029],{"nodeType":1498,"data":4030,"content":4031},{},[4032],{"nodeType":1482,"value":4033,"marks":4034,"data":4035},"owa[.]apmmacleans[.]ca",[],{},{"nodeType":1507,"data":4037,"content":4041},{"target":4038},{"sys":4039},{"id":4040,"type":1504,"linkType":1505},"ugYhHeXY1lQdKooALmrIs",[],{"nodeType":1511,"data":4043,"content":4044},{},[],{"nodeType":2449,"data":4046,"content":4047},{},[4048],{"nodeType":1482,"value":4049,"marks":4050,"data":4052},"“DOLCE”",[4051],{"type":1519},{},{"nodeType":1507,"data":4054,"content":4058},{"target":4055},{"sys":4056},{"id":4057,"type":1504,"linkType":1505},"7TzU6kk01Un45NB0buEz2",[],{"nodeType":2601,"data":4060,"content":4061},{},[4062,4085,4123,4146,4169],{"nodeType":2605,"data":4063,"content":4064},{},[4065,4075],{"nodeType":2609,"data":4066,"content":4067},{},[4068],{"nodeType":1498,"data":4069,"content":4070},{},[4071],{"nodeType":1482,"value":2616,"marks":4072,"data":4074},[4073],{"type":1519},{},{"nodeType":2609,"data":4076,"content":4077},{},[4078],{"nodeType":1498,"data":4079,"content":4080},{},[4081],{"nodeType":1482,"value":4082,"marks":4083,"data":4084},"Microsoft PowerApps hosting",[],{},{"nodeType":2605,"data":4086,"content":4087},{},[4088,4098],{"nodeType":2609,"data":4089,"content":4090},{},[4091],{"nodeType":1498,"data":4092,"content":4093},{},[4094],{"nodeType":1482,"value":2640,"marks":4095,"data":4097},[4096],{"type":1519},{},{"nodeType":2609,"data":4099,"content":4100},{},[4101,4112],{"nodeType":1498,"data":4102,"content":4103},{},[4104,4108],{"nodeType":1482,"value":3076,"marks":4105,"data":4107},[4106],{"type":1519},{},{"nodeType":1482,"value":4109,"marks":4110,"data":4111},"34.53.159.84 (Google Cloud AS396982)",[],{},{"nodeType":1498,"data":4113,"content":4114},{},[4115,4119],{"nodeType":1482,"value":2681,"marks":4116,"data":4118},[4117],{"type":1519},{},{"nodeType":1482,"value":4120,"marks":4121,"data":4122}," Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36",[],{},{"nodeType":2605,"data":4124,"content":4125},{},[4126,4136],{"nodeType":2609,"data":4127,"content":4128},{},[4129],{"nodeType":1498,"data":4130,"content":4131},{},[4132],{"nodeType":1482,"value":2724,"marks":4133,"data":4135},[4134],{"type":1519},{},{"nodeType":2609,"data":4137,"content":4138},{},[4139],{"nodeType":1498,"data":4140,"content":4141},{},[4142],{"nodeType":1482,"value":4143,"marks":4144,"data":4145},"GET /api/generatecode (CloudFront)",[],{},{"nodeType":2605,"data":4147,"content":4148},{},[4149,4159],{"nodeType":2609,"data":4150,"content":4151},{},[4152],{"nodeType":1498,"data":4153,"content":4154},{},[4155],{"nodeType":1482,"value":2776,"marks":4156,"data":4158},[4157],{"type":1519},{},{"nodeType":2609,"data":4160,"content":4161},{},[4162],{"nodeType":1498,"data":4163,"content":4164},{},[4165],{"nodeType":1482,"value":4166,"marks":4167,"data":4168},"Dolce & Gabbana branded, Italian language, MS account verification",[],{},{"nodeType":2605,"data":4170,"content":4171},{},[4172,4182],{"nodeType":2609,"data":4173,"content":4174},{},[4175],{"nodeType":1498,"data":4176,"content":4177},{},[4178],{"nodeType":1482,"value":2999,"marks":4179,"data":4181},[4180],{"type":1519},{},{"nodeType":2609,"data":4183,"content":4184},{},[4185],{"nodeType":1498,"data":4186,"content":4187},{},[4188],{"nodeType":1482,"value":4189,"marks":4190,"data":4191},"data-migration-dolcegabbana[.]powerappsportals.com",[],{},{"nodeType":1507,"data":4193,"content":4197},{"target":4194},{"sys":4195},{"id":4196,"type":1504,"linkType":1505},"4ayQDvpf5NNOBrj9wZZRiO",[],{"nodeType":1511,"data":4199,"content":4200},{},[],{"nodeType":2449,"data":4202,"content":4203},{},[4204],{"nodeType":1482,"value":4205,"marks":4206,"data":4208},"Venom",[4207],{"type":1519},{},{"nodeType":2601,"data":4210,"content":4211},{},[4212,4235],{"nodeType":2605,"data":4213,"content":4214},{},[4215,4225],{"nodeType":2609,"data":4216,"content":4217},{},[4218],{"nodeType":1498,"data":4219,"content":4220},{},[4221],{"nodeType":1482,"value":2724,"marks":4222,"data":4224},[4223],{"type":1519},{},{"nodeType":2609,"data":4226,"content":4227},{},[4228],{"nodeType":1498,"data":4229,"content":4230},{},[4231],{"nodeType":1482,"value":4232,"marks":4233,"data":4234},"POST /token/api/device/start\nGET /token/api/device/status/{sessionId}",[],{},{"nodeType":2605,"data":4236,"content":4237},{},[4238,4248],{"nodeType":2609,"data":4239,"content":4240},{},[4241],{"nodeType":1498,"data":4242,"content":4243},{},[4244],{"nodeType":1482,"value":2776,"marks":4245,"data":4247},[4246],{"type":1519},{},{"nodeType":2609,"data":4249,"content":4250},{},[4251],{"nodeType":1498,"data":4252,"content":4253},{},[4254],{"nodeType":1482,"value":4255,"marks":4256,"data":4257},"Various: examples include DocuSign \"Verification\" (Microsoft sign-in pretext); DHL \"Delivery Checkpoint\" package shipment pretext",[],{},{"nodeType":1507,"data":4259,"content":4263},{"target":4260},{"sys":4261},{"id":4262,"type":1504,"linkType":1505},"79C3fces0hgTdf3G68cIrf",[],{"nodeType":1511,"data":4265,"content":4266},{},[],{"nodeType":2449,"data":4268,"content":4269},{},[4270],{"nodeType":1482,"value":4271,"marks":4272,"data":4274},"Tycoon2FA",[4273],{"type":1519},{},{"nodeType":2601,"data":4276,"content":4277},{},[4278,4312,4353,4376,4399],{"nodeType":2605,"data":4279,"content":4280},{},[4281,4291],{"nodeType":2609,"data":4282,"content":4283},{},[4284],{"nodeType":1498,"data":4285,"content":4286},{},[4287],{"nodeType":1482,"value":2616,"marks":4288,"data":4290},[4289],{"type":1519},{},{"nodeType":2609,"data":4292,"content":4293},{},[4294,4305],{"nodeType":1498,"data":4295,"content":4296},{},[4297,4301],{"nodeType":1482,"value":4298,"marks":4299,"data":4300},"Github.io and ",[],{},{"nodeType":1482,"value":4302,"marks":4303,"data":4304},"Cloudflare Workers (workers.dev) hosting",[],{},{"nodeType":1498,"data":4306,"content":4307},{},[4308],{"nodeType":1482,"value":4309,"marks":4310,"data":4311},"Compromised-site landing pages and CF Workers (*.workers.dev) used as frontends; victim email passed in URL as last path segment ($base64) or ?acct/?encoded query",[],{},{"nodeType":2605,"data":4313,"content":4314},{},[4315,4325],{"nodeType":2609,"data":4316,"content":4317},{},[4318],{"nodeType":1498,"data":4319,"content":4320},{},[4321],{"nodeType":1482,"value":2640,"marks":4322,"data":4324},[4323],{"type":1519},{},{"nodeType":2609,"data":4326,"content":4327},{},[4328,4339],{"nodeType":1498,"data":4329,"content":4330},{},[4331,4335],{"nodeType":1482,"value":3076,"marks":4332,"data":4334},[4333],{"type":1519},{},{"nodeType":1482,"value":4336,"marks":4337,"data":4338},"47.253.5.88 (Alibaba Cloud)",[],{},{"nodeType":1498,"data":4340,"content":4341},{},[4342,4346,4349],{"nodeType":1482,"value":2681,"marks":4343,"data":4345},[4344],{"type":1519},{},{"nodeType":1482,"value":2686,"marks":4347,"data":4348},[],{},{"nodeType":1482,"value":4350,"marks":4351,"data":4352},"node",[],{},{"nodeType":2605,"data":4354,"content":4355},{},[4356,4366],{"nodeType":2609,"data":4357,"content":4358},{},[4359],{"nodeType":1498,"data":4360,"content":4361},{},[4362],{"nodeType":1482,"value":2724,"marks":4363,"data":4365},[4364],{"type":1519},{},{"nodeType":2609,"data":4367,"content":4368},{},[4369],{"nodeType":1498,"data":4370,"content":4371},{},[4372],{"nodeType":1482,"value":4373,"marks":4374,"data":4375},"GET /api/session/{UUIDv4} polled with header X-API-Key: \u003Cprefix>_\u003C64-hex> (key materialised at runtime via atob(window.__cyb3r.k)) \nPOST /api/device-code with body {\"prt_foci_session_id\": \"\u003CUUID>\"} (second-stage code retrieval after initial session error)",[],{},{"nodeType":2605,"data":4377,"content":4378},{},[4379,4389],{"nodeType":2609,"data":4380,"content":4381},{},[4382],{"nodeType":1498,"data":4383,"content":4384},{},[4385],{"nodeType":1482,"value":2776,"marks":4386,"data":4388},[4387],{"type":1519},{},{"nodeType":2609,"data":4390,"content":4391},{},[4392],{"nodeType":1498,"data":4393,"content":4394},{},[4395],{"nodeType":1482,"value":4396,"marks":4397,"data":4398},"Various: SharePoint \"Remittance Advice\"; Microsoft 365 generic sign-in; Microsoft 365 Voicemail (.mp3 attachment); OneDrive \"Shared file\"; German \"Sicheres Dokumentenportal\" PDF lure",[],{},{"nodeType":2605,"data":4400,"content":4401},{},[4402,4412],{"nodeType":2609,"data":4403,"content":4404},{},[4405],{"nodeType":1498,"data":4406,"content":4407},{},[4408],{"nodeType":1482,"value":2999,"marks":4409,"data":4411},[4410],{"type":1519},{},{"nodeType":2609,"data":4413,"content":4414},{},[4415],{"nodeType":1498,"data":4416,"content":4417},{},[4418],{"nodeType":1482,"value":4419,"marks":4420,"data":4421},"afriqbeauglobal[.]com/homepage/index[.]html",[],{},{"nodeType":1507,"data":4423,"content":4427},{"target":4424},{"sys":4425},{"id":4426,"type":1504,"linkType":1505},"3UDzUCCizPJhXp3SsoZuSK",[],{"nodeType":1511,"data":4429,"content":4430},{},[],{"nodeType":2449,"data":4432,"content":4433},{},[4434],{"nodeType":1482,"value":4435,"marks":4436,"data":4438},"\"CYB3R\"",[4437],{"type":1519},{},{"nodeType":2601,"data":4440,"content":4441},{},[4442,4464,4505,4527,4550],{"nodeType":2605,"data":4443,"content":4444},{},[4445,4455],{"nodeType":2609,"data":4446,"content":4447},{},[4448],{"nodeType":1498,"data":4449,"content":4450},{},[4451],{"nodeType":1482,"value":2616,"marks":4452,"data":4454},[4453],{"type":1519},{},{"nodeType":2609,"data":4456,"content":4457},{},[4458],{"nodeType":1498,"data":4459,"content":4460},{},[4461],{"nodeType":1482,"value":4302,"marks":4462,"data":4463},[],{},{"nodeType":2605,"data":4465,"content":4466},{},[4467,4477],{"nodeType":2609,"data":4468,"content":4469},{},[4470],{"nodeType":1498,"data":4471,"content":4472},{},[4473],{"nodeType":1482,"value":2640,"marks":4474,"data":4476},[4475],{"type":1519},{},{"nodeType":2609,"data":4478,"content":4479},{},[4480,4491],{"nodeType":1498,"data":4481,"content":4482},{},[4483,4487],{"nodeType":1482,"value":3076,"marks":4484,"data":4486},[4485],{"type":1519},{},{"nodeType":1482,"value":4488,"marks":4489,"data":4490},"2400:8d60:2::1:c116:843e (Evoxt VPS)",[],{},{"nodeType":1498,"data":4492,"content":4493},{},[4494,4498,4501],{"nodeType":1482,"value":2681,"marks":4495,"data":4497},[4496],{"type":1519},{},{"nodeType":1482,"value":2686,"marks":4499,"data":4500},[],{},{"nodeType":1482,"value":4502,"marks":4503,"data":4504},"axios/1.13.6",[],{},{"nodeType":2605,"data":4506,"content":4507},{},[4508,4518],{"nodeType":2609,"data":4509,"content":4510},{},[4511],{"nodeType":1498,"data":4512,"content":4513},{},[4514],{"nodeType":1482,"value":2724,"marks":4515,"data":4517},[4516],{"type":1519},{},{"nodeType":2609,"data":4519,"content":4520},{},[4521],{"nodeType":1498,"data":4522,"content":4523},{},[4524],{"nodeType":1482,"value":4373,"marks":4525,"data":4526},[],{},{"nodeType":2605,"data":4528,"content":4529},{},[4530,4540],{"nodeType":2609,"data":4531,"content":4532},{},[4533],{"nodeType":1498,"data":4534,"content":4535},{},[4536],{"nodeType":1482,"value":2776,"marks":4537,"data":4539},[4538],{"type":1519},{},{"nodeType":2609,"data":4541,"content":4542},{},[4543],{"nodeType":1498,"data":4544,"content":4545},{},[4546],{"nodeType":1482,"value":4547,"marks":4548,"data":4549},"DocuSign in Spanish (\"Documento Firmar — COTIZACIÓN/ESTIMACIÓN.pdf\", \"Complete su firma\", \"Verifique su identidad\", \"Continuar a Microsoft\").",[],{},{"nodeType":2605,"data":4551,"content":4552},{},[4553,4563],{"nodeType":2609,"data":4554,"content":4555},{},[4556],{"nodeType":1498,"data":4557,"content":4558},{},[4559],{"nodeType":1482,"value":2999,"marks":4560,"data":4562},[4561],{"type":1519},{},{"nodeType":2609,"data":4564,"content":4565},{},[4566],{"nodeType":1498,"data":4567,"content":4568},{},[4569],{"nodeType":1482,"value":4570,"marks":4571,"data":4572},"muzagestion[.]secure-share[.]workers.dev",[],{},{"nodeType":1507,"data":4574,"content":4578},{"target":4575},{"sys":4576},{"id":4577,"type":1504,"linkType":1505},"5EU0QNteiQcYybKG1W1cS3",[],{"nodeType":1511,"data":4580,"content":4581},{},[],{"nodeType":1521,"data":4583,"content":4584},{},[4585],{"nodeType":1482,"value":4586,"marks":4587,"data":4589},"Device code phishing under the hood",[4588],{"type":1519},{},{"nodeType":1498,"data":4591,"content":4592},{},[4593,4597],{"nodeType":1482,"value":4594,"marks":4595,"data":4596},"The attacker POSTs to the authorization server's device authorization endpoint with its client_id (i.e. an application ID) and requested scopes or resources. The server responds with a device_code (used for polling), a user_code, a verification_uri, an expires_in value, and a polling interval. The user visits the URL, enters the code and approves the request. Meanwhile, the device polls the token endpoint. Once approved, the server returns an access token, a refresh token (if offline_access was requested), and an ID token (if openid was included). ",[],{},{"nodeType":1482,"value":4598,"marks":4599,"data":4601},"The attacker now has API access to the victim's account. ",[4600],{"type":1519},{},{"nodeType":1498,"data":4603,"content":4604},{},[4605],{"nodeType":1482,"value":4606,"marks":4607,"data":4608},"Broadly, this gives the attacker a comparable level of control to a “normal” phishing attack (with conditions based on the scopes granted and specific app being targeted) while API access grants additional capabilities beyond standard browser sessions. When combined with other techniques, this access can be exchanged to open normal browser app sessions and access SSO connected apps.",[],{},{"nodeType":1507,"data":4610,"content":4614},{"target":4611},{"sys":4612},{"id":4613,"type":1504,"linkType":1505},"4WtQR2xsE236yoyhSXj58Z",[],{"nodeType":1507,"data":4616,"content":4620},{"target":4617},{"sys":4618},{"id":4619,"type":1504,"linkType":1505},"1x7Lip7JdY2xlHKKurT7qJ",[],{"nodeType":1498,"data":4622,"content":4623},{},[4624],{"nodeType":1482,"value":4625,"marks":4626,"data":4627},"At this point, you can achieve a number of objectives both inside the app ecosystem and across SSO connected apps — e.g. data theft, disruption, and ultimately extortion.",[],{},{"nodeType":1498,"data":4629,"content":4630},{},[4631,4635,4640,4644],{"nodeType":1482,"value":4632,"marks":4633,"data":4634},"Critically, the initial request to generate a device code is typically ",[],{},{"nodeType":1482,"value":4636,"marks":4637,"data":4639},"unauthenticated",[4638],{"type":1519},{},{"nodeType":1482,"value":4641,"marks":4642,"data":4643}," across all providers — ",[],{},{"nodeType":1482,"value":4645,"marks":4646,"data":4648},"anyone can generate one, from any machine, without proving any relationship to the target organization.",[4647],{"type":1519},{},{"nodeType":1498,"data":4650,"content":4651},{},[4652,4656,4661],{"nodeType":1482,"value":4653,"marks":4654,"data":4655},"So, the attacker has to deliver a set of instructions via a phishing channel (e.g. email, social media DM, corp IM platform, and so on) with a device code that they have generated. The victim then enters this code on the ",[],{},{"nodeType":1482,"value":4657,"marks":4658,"data":4660},"legitimate device code login page",[4659],{"type":1519},{},{"nodeType":1482,"value":4662,"marks":4663,"data":4664}," for that app and issues the tokens to the attacker.",[],{},{"nodeType":1507,"data":4666,"content":4670},{"target":4667},{"sys":4668},{"id":4669,"type":1504,"linkType":1505},"1txUYuQjH9FlbDGTo8AbZB",[],{"nodeType":1511,"data":4672,"content":4673},{},[],{"nodeType":1521,"data":4675,"content":4676},{},[4677],{"nodeType":1482,"value":4678,"marks":4679,"data":4681},"Why device code phishing is so dangerous",[4680],{"type":1519},{},{"nodeType":2449,"data":4683,"content":4684},{},[4685],{"nodeType":1482,"value":4686,"marks":4687,"data":4689},"Device code phishing bypasses authentication controls (including passkeys)",[4688],{"type":1519},{},{"nodeType":1498,"data":4691,"content":4692},{},[4693,4697,4702,4706],{"nodeType":1482,"value":4694,"marks":4695,"data":4696},"A device code phishing attack ",[],{},{"nodeType":1482,"value":4698,"marks":4699,"data":4701},"cannot be prevented with authentication controls",[4700],{"type":1519},{},{"nodeType":1482,"value":4703,"marks":4704,"data":4705},". This includes all forms of MFA and ",[],{},{"nodeType":1482,"value":4707,"marks":4708,"data":4710},"even “phishing-resistant” authentication methods such as passkeys. ",[4709],{"type":1519},{},{"nodeType":1498,"data":4712,"content":4713},{},[4714,4719,4723,4728],{"nodeType":1482,"value":4715,"marks":4716,"data":4718},"The device code authorization is effectively performed post-authentication. ",[4717],{"type":1519},{},{"nodeType":1482,"value":4720,"marks":4721,"data":4722},"If you already have an active session in your browser, entering the device code and selecting your account from a drop-down menu is all that's needed. ",[],{},{"nodeType":1482,"value":4724,"marks":4725,"data":4727},"No password or MFA required. ",[4726],{"type":1519},{},{"nodeType":1482,"value":4729,"marks":4730,"data":4731},"You can see an example in the video below.",[],{},{"nodeType":1507,"data":4733,"content":4736},{"target":4734},{"sys":4735},{"id":3654,"type":1504,"linkType":1505},[],{"nodeType":1498,"data":4738,"content":4739},{},[4740],{"nodeType":1482,"value":4741,"marks":4742,"data":4743},"Even if you do have to sign in again (because you're not already signed in for some reason), the attack still works because it isn't targeting the login — it's targeting the authorization layer instead.",[],{},{"nodeType":1498,"data":4745,"content":4746},{},[4747],{"nodeType":1482,"value":4748,"marks":4749,"data":4750},"This is what makes device code phishing different to other standard phishing methods like AiTM phishing (and arguably even more effective in environments with strict identity control enforcement). ",[],{},{"nodeType":2449,"data":4752,"content":4753},{},[4754],{"nodeType":1482,"value":4755,"marks":4756,"data":4758},"Device code logins are a feature, not a vulnerability, making attacks difficult to block",[4757],{"type":1519},{},{"nodeType":1498,"data":4760,"content":4761},{},[4762],{"nodeType":1482,"value":4763,"marks":4764,"data":4765},"Device code authorization is a legitimate mechanism regularly used in enterprise environments, particularly for CLI logins. Tools like Azure CLI, GitHub CLI, and AWS CLI all use (or have used) the device code flow as a primary or fallback authentication method. This creates a dual problem for defenders. ",[],{},{"nodeType":1498,"data":4767,"content":4768},{},[4769],{"nodeType":1482,"value":4770,"marks":4771,"data":4772},"First, the phishing attack happens entirely on a legitimate site — there's no fake login page, no malicious payload to scan for, and the URL in the browser is genuine. Since there's no traditional phishing content being delivered, these attacks are more resistant to detection by email and network security tools.",[],{},{"nodeType":1498,"data":4774,"content":4775},{},[4776],{"nodeType":1482,"value":4777,"marks":4778,"data":4779},"Second, the widespread legitimate use of device code flow — particularly among developers and technical users — normalizes the experience of entering device codes. A phishing lure asking them to do the same thing is indistinguishable from a legitimate IT request. And for non-technical users, this experience isn't much different to, for example, entering a code sent via email or authenticator app. ",[],{},{"nodeType":2449,"data":4781,"content":4782},{},[4783],{"nodeType":1482,"value":4784,"marks":4785,"data":4787},"Multiple apps are vulnerable, with different risk profiles",[4786],{"type":1519},{},{"nodeType":1498,"data":4789,"content":4790},{},[4791],{"nodeType":1482,"value":4792,"marks":4793,"data":4794},"Various apps implement the device code flow, each with different levels of control and default security, but the risk is not uniform across platforms. ",[],{},{"nodeType":2295,"data":4796,"content":4797},{},[4798,4813,4827],{"nodeType":2299,"data":4799,"content":4800},{},[4801],{"nodeType":1498,"data":4802,"content":4803},{},[4804,4809],{"nodeType":1482,"value":4805,"marks":4806,"data":4808},"Google Workspace ",[4807],{"type":1519},{},{"nodeType":1482,"value":4810,"marks":4811,"data":4812},"is a significantly lower-risk target because Google explicitly limits which scopes are available to the device code flow — Gmail, Calendar, and most Workspace APIs are simply unavailable through this mechanism. ",[],{},{"nodeType":2299,"data":4814,"content":4815},{},[4816],{"nodeType":1498,"data":4817,"content":4818},{},[4819,4823],{"nodeType":1482,"value":2314,"marks":4820,"data":4822},[4821],{"type":1519},{},{"nodeType":1482,"value":4824,"marks":4825,"data":4826}," offers the broadest attack surface due to unrestricted scopes, reusable first-party client IDs, and the FOCI/PRT escalation paths. ",[],{},{"nodeType":2299,"data":4828,"content":4829},{},[4830],{"nodeType":1498,"data":4831,"content":4832},{},[4833,4837,4842],{"nodeType":1482,"value":4834,"marks":4835,"data":4836},"Apps like ",[],{},{"nodeType":1482,"value":4838,"marks":4839,"data":4841},"GitHub",[4840],{"type":1519},{},{"nodeType":1482,"value":4843,"marks":4844,"data":4845}," sit in between — broad scopes are available (including full repository access), but the attacker must control their own OAuth app and the victim sees an explicit consent screen. ",[],{},{"nodeType":1507,"data":4847,"content":4851},{"target":4848},{"sys":4849},{"id":4850,"type":1504,"linkType":1505},"ejNSC76jge1p1zzz9wwiG",[],{"nodeType":1511,"data":4853,"content":4854},{},[],{"nodeType":1521,"data":4856,"content":4857},{},[4858],{"nodeType":1482,"value":4859,"marks":4860,"data":4862},"Security recommendations",[4861],{"type":1519},{},{"nodeType":1498,"data":4864,"content":4865},{},[4866],{"nodeType":1482,"value":4867,"marks":4868,"data":4869},"Security teams need to consider the risk posed by device code phishing across multiple apps where device code authorization grants are common, particularly for developers and technical users. ",[],{},{"nodeType":1498,"data":4871,"content":4872},{},[4873],{"nodeType":1482,"value":4874,"marks":4875,"data":4876},"In an ideal world, you would simply block device code logins. But this can’t be done without causing serious disruption in some environments, while some apps simply don’t provide the tools required to do so. For example, device code is the default CLI sign-in method for GitHub. Developer-heavy organizations are likely to encounter higher levels of legitimate use.",[],{},{"nodeType":1498,"data":4878,"content":4879},{},[4880,4884,4893,4897,4902,4906,4911,4915,4920],{"nodeType":1482,"value":4881,"marks":4882,"data":4883},"Microsoft arguably offers the strongest control options (other than Google, who negate it right out of the gate), though they do require a fair amount of work. ",[],{},{"nodeType":1493,"data":4885,"content":4887},{"uri":4886},"https://techcommunity.microsoft.com/blog/microsoft-entra-blog/new-microsoft-managed-policies-to-raise-your-identity-security-posture/4286758",[4888],{"nodeType":1482,"value":4889,"marks":4890,"data":4892},"Microsoft now explicitly recommends",[4891],{"type":1491},{},{"nodeType":1482,"value":4894,"marks":4895,"data":4896}," blocking device code flow for tenants that haven't used it in the past 25 days. Their guidance is to create a custom CA policy: target relevant users, set the ",[],{},{"nodeType":1482,"value":4898,"marks":4899,"data":4901},"Authentication Flows",[4900],{"type":1519},{},{"nodeType":1482,"value":4903,"marks":4904,"data":4905}," condition to block ",[],{},{"nodeType":1482,"value":4907,"marks":4908,"data":4910},"Device Code Flow",[4909],{"type":1519},{},{"nodeType":1482,"value":4912,"marks":4913,"data":4914},", and set the grant control to ",[],{},{"nodeType":1482,"value":4916,"marks":4917,"data":4919},"Block Access",[4918],{"type":1519},{},{"nodeType":1482,"value":4921,"marks":4922,"data":4923},". Deploy in report-only mode first to identify any legitimate device code usage, then enforce with narrow exceptions.",[],{},{"nodeType":1507,"data":4925,"content":4929},{"target":4926},{"sys":4927},{"id":4928,"type":1504,"linkType":1505},"mQIj2o9xRzkZYKNmanB25",[],{"nodeType":1498,"data":4931,"content":4932},{},[4933],{"nodeType":1482,"value":4934,"marks":4935,"data":4936},"For other apps, you’re mainly limited to monitoring and response. Ensuring you’re getting authentication logs for these apps is vital, and searching for unusual access patterns (e.g. unusual login protocols, having different IPs for the authorization grant and subsequent account activity). ",[],{},{"nodeType":1511,"data":4938,"content":4939},{},[],{"nodeType":1521,"data":4941,"content":4942},{},[4943],{"nodeType":1482,"value":4944,"marks":4945,"data":4947},"How Push Security can help",[4946],{"type":1519},{},{"nodeType":1498,"data":4949,"content":4950},{},[4951],{"nodeType":1482,"value":4952,"marks":4953,"data":4954},"Push customers can use our browser-based capabilities to overcome the limitations of app-level controls and detect, intercept, and shut down attacks in real time. ",[],{},{"nodeType":1498,"data":4956,"content":4957},{},[4958],{"nodeType":1482,"value":4959,"marks":4960,"data":4961},"Our research team is already tracking multiple device code phishing campaigns and toolkits, including the EvilTokens kit. Blocking controls are already in place to prevent customers from interacting with malicious pages that match our detections for these new toolkits, ensuring that these pages can be identified and blocked in real time regardless of the infrastructure. ",[],{},{"nodeType":1498,"data":4963,"content":4964},{},[4965,4969,4978],{"nodeType":1482,"value":4966,"marks":4967,"data":4968},"Using Push you can also ",[],{},{"nodeType":1493,"data":4970,"content":4972},{"uri":4971},"https://pushsecurity.com/help/can-i-use-push-to-help-protect-against-device-code-phishing-scenarios/",[4973],{"nodeType":1482,"value":4974,"marks":4975,"data":4977},"configure in-browser warnings",[4976],{"type":1491},{},{"nodeType":1482,"value":4979,"marks":4980,"data":4981}," whenever a user accesses a URL used for device code logins. This provides universal, last-mile protection against even ‘zero-day’ device code phishing attacks using previously unidentified toolkits.  ",[],{},{"nodeType":1507,"data":4983,"content":4987},{"target":4984},{"sys":4985},{"id":4986,"type":1504,"linkType":1505},"3JsbGaOKSS3INzBUJpoh1W",[],{"nodeType":1498,"data":4989,"content":4990},{},[4991],{"nodeType":1482,"value":4992,"marks":4993,"data":4994},"When a user visits those URLs, Push will also emit a webhook event that the banner was shown and acknowledged. If a user opts to proceed, you can treat this as a high-fidelity alert for your security team to investigate, providing app-agnostic telemetry that may not already be provided in your logs from that particular vendor. You can also simply use Push to block users from accessing device login pages if you’re confident that disruption won’t be caused. ",[],{},{"nodeType":2449,"data":4996,"content":4997},{},[4998],{"nodeType":1482,"value":4999,"marks":5000,"data":5002},"Learn more about Push",[5001],{"type":1519},{},{"nodeType":1498,"data":5004,"content":5005},{},[5006],{"nodeType":1482,"value":5007,"marks":5008,"data":5009},"Push Security's browser-based security platform detects and blocks browser-based attacks like AiTM phishing, credential stuffing, malicious browser extensions, ClickFix, and session hijacking. You don't need to wait until it all goes wrong either — you can use Push to proactively find and fix vulnerabilities across the apps that your employees use, like ghost logins, SSO coverage gaps, MFA gaps, vulnerable passwords, and more to harden your attack surface.",[],{},{"nodeType":1498,"data":5011,"content":5012},{},[5013,5017,5026,5029,5038,5042,5050],{"nodeType":1482,"value":5014,"marks":5015,"data":5016},"To learn more about Push, ",[],{},{"nodeType":1493,"data":5018,"content":5020},{"uri":5019},"https://pushsecurity.com/resources/product-brochure",[5021],{"nodeType":1482,"value":5022,"marks":5023,"data":5025},"check out our latest product overview",[5024],{"type":1491},{},{"nodeType":1482,"value":2471,"marks":5027,"data":5028},[],{},{"nodeType":1493,"data":5030,"content":5032},{"uri":5031},"https://pushsecurity.com/product-demo/",[5033],{"nodeType":1482,"value":5034,"marks":5035,"data":5037},"view our demo library",[5036],{"type":1491},{},{"nodeType":1482,"value":5039,"marks":5040,"data":5041},", or ",[],{},{"nodeType":1493,"data":5043,"content":5044},{"uri":2043},[5045],{"nodeType":1482,"value":5046,"marks":5047,"data":5049},"book some time with one of our team for a live demo",[5048],{"type":1491},{},{"nodeType":1482,"value":1576,"marks":5051,"data":5052},[],{},"Device code phishing attacks have skyrocketed: here’s what you need to know","Device code phishing is seeing a huge spike in adoption in 2026, enabling attackers to steal access tokens while bypassing standard access controls.","2026-04-04T00:00:00.000Z","device-code-phishing",{"items":5058},[5059,5063],{"sys":5060,"name":5062},{"id":5061},"6A5RXS31ZQx3PwryGb1IMy","Browser-based attacks",{"sys":5064,"name":5066},{"id":5065},"4ksQNCFeBf8H4QIORqpRLw","Detection & response",{"items":5068},[5069],{"fullName":5070,"firstName":5071,"jobTitle":5072,"profilePicture":5073},"Luke Jennings","Luke","Vice President, R&D",{"url":5074},"https://images.ctfassets.net/y1cdw1ablpvd/4Hosb4zKi1dA0PUyDLMe1h/27e09d894861f2196ba794037986fb08/T016S22KZ96-U02NVQM7ZD4-57761d542d83-512.jpeg",{"__typename":2080,"sys":5076,"content":5078,"title":5917,"synopsis":5918,"hashTags":62,"publishedDate":5919,"slug":5920,"tagsCollection":5921,"authorsCollection":5927},{"id":5077},"211Dd0EIrXPOFpvRgs0fEE",{"json":5079},{"nodeType":2060,"data":5080,"content":5081},{},[5082,5101,5120,5138,5144,5147,5155,5162,5169,5176,5183,5191,5194,5202,5209,5216,5223,5229,5237,5255,5262,5269,5285,5293,5324,5340,5347,5375,5383,5413,5420,5428,5446,5453,5460,5466,5473,5481,5500,5507,5526,5533,5536,5544,5551,5639,5646,5662,5665,5695,5714,5721,5728,5731,5739,5758,5765,5772,5789,5792,5800,5807,5840,5847,5864,5883,5889,5892,5899],{"nodeType":1498,"data":5083,"content":5084},{},[5085,5089,5097],{"nodeType":1482,"value":5086,"marks":5087,"data":5088},"When we released the",[],{},{"nodeType":1493,"data":5090,"content":5092},{"uri":5091},"https://pushsecurity.com/blog/saas-attack-techniques/",[5093],{"nodeType":1482,"value":5094,"marks":5095,"data":5096}," SaaS attack matrix",[],{},{"nodeType":1482,"value":5098,"marks":5099,"data":5100}," in 2023, we were anticipating a shift that was just beginning to take shape. The techniques that attackers were using to compromise cloud applications and identities weren't well represented in existing frameworks, and many of the ones we documented hadn't yet been widely observed in the wild.",[],{},{"nodeType":1498,"data":5102,"content":5103},{},[5104,5108,5116],{"nodeType":1482,"value":5105,"marks":5106,"data":5107},"A year later, we",[],{},{"nodeType":1493,"data":5109,"content":5111},{"uri":5110},"https://pushsecurity.com/blog/the-saas-attack-matrix-one-year-on/",[5112],{"nodeType":1482,"value":5113,"marks":5114,"data":5115}," reviewed what had changed",[],{},{"nodeType":1482,"value":5117,"marks":5118,"data":5119}," and found that the initial access phase — the techniques designed to compromise an identity in the first place — was where almost all of the attacker innovation was concentrated. And two years on, that trend has become the story of the modern threat landscape. ",[],{},{"nodeType":1498,"data":5121,"content":5122},{},[5123,5127,5134],{"nodeType":1482,"value":5124,"marks":5125,"data":5126},"Today, we're re-releasing the matrix as the",[],{},{"nodeType":1493,"data":5128,"content":5129},{"uri":61},[5130],{"nodeType":1482,"value":5131,"marks":5132,"data":5133}," Browser & Identity Attacks Matrix",[],{},{"nodeType":1482,"value":5135,"marks":5136,"data":5137},". The name change isn't cosmetic. It reflects that the attacks driving the most consequential breaches are browser-based and identity-first.",[],{},{"nodeType":1507,"data":5139,"content":5143},{"target":5140},{"sys":5141},{"id":5142,"type":1504,"linkType":1505},"MSnrBRJtiQxpv2qxFLCVE",[],{"nodeType":1511,"data":5145,"content":5146},{},[],{"nodeType":1521,"data":5148,"content":5149},{},[5150],{"nodeType":1482,"value":5151,"marks":5152,"data":5154},"Why the scope needed to change",[5153],{"type":1519},{},{"nodeType":1498,"data":5156,"content":5157},{},[5158],{"nodeType":1482,"value":5159,"marks":5160,"data":5161},"The original SaaS attack matrix was built around a specific insight: that attacks targeting modern business applications played out entirely over the internet, without touching endpoints or internal networks in any way that EDR or network detection tools would recognize.",[],{},{"nodeType":1498,"data":5163,"content":5164},{},[5165],{"nodeType":1482,"value":5166,"marks":5167,"data":5168},"That framing was useful, and it remains true. But it anchored the matrix to the post-access phase — what attackers do once they're inside a SaaS application — and didn't give enough weight to the initial access techniques that determine whether attackers get there in the first place.",[],{},{"nodeType":1498,"data":5170,"content":5171},{},[5172],{"nodeType":1482,"value":5173,"marks":5174,"data":5175},"The problem is that initial access is where the overwhelming majority of attacker innovation and investment is concentrated, and the techniques being used to achieve it are best understood as browser and identity attacks rather than SaaS-specific ones. AiTM phishing, ClickFix and its growing family of clipboard-injection variants, device code phishing, OAuth consent abuse, credential stuffing powered by infostealer supply chains, malicious browser extensions all happen in or via the browser.",[],{},{"nodeType":1498,"data":5177,"content":5178},{},[5179],{"nodeType":1482,"value":5180,"marks":5181,"data":5182},"Another issue is that \"SaaS\" has arguably ceased to be a meaningful category. When we consider that most organizations run the majority of their business on cloud applications, the difference between what constitutes \"SaaS\" versus cloud versus just \"business IT\" is pretty blurry (and feels like an academic rather than practical difference).",[],{},{"nodeType":1498,"data":5184,"content":5185},{},[5186],{"nodeType":1482,"value":5187,"marks":5188,"data":5190},"So it's less about whether an attack is a \"SaaS attack\" and more about how these attacks actually play out. ",[5189],{"type":1519},{},{"nodeType":1511,"data":5192,"content":5193},{},[],{"nodeType":1521,"data":5195,"content":5196},{},[5197],{"nodeType":1482,"value":5198,"marks":5199,"data":5201},"The technique landscape has transformed",[5200],{"type":1519},{},{"nodeType":1498,"data":5203,"content":5204},{},[5205],{"nodeType":1482,"value":5206,"marks":5207,"data":5208},"The second part to the change is the fact that scale and speed of attacker innovation in the space justifies it.",[],{},{"nodeType":1498,"data":5210,"content":5211},{},[5212],{"nodeType":1482,"value":5213,"marks":5214,"data":5215},"When we launched the matrix in mid-2023, AiTM phishing was emerging as a serious concern but was far from ubiquitous. ClickFix didn't exist as a named technique. Device code phishing was a curiosity documented by a handful of researchers. ConsentFix was years away from being discovered. Browser extension supply chain attacks were rare enough to be individually notable.",[],{},{"nodeType":1498,"data":5217,"content":5218},{},[5219],{"nodeType":1482,"value":5220,"marks":5221,"data":5222},"In the two and a half years since, every one of these has become a mainstream, industrialized attack technique — and several have converged in ways that would have been hard to predict.",[],{},{"nodeType":1507,"data":5224,"content":5228},{"target":5225},{"sys":5226},{"id":5227,"type":1504,"linkType":1505},"5Kw2kSrL8u4VyslxK8HCtR",[],{"nodeType":2449,"data":5230,"content":5231},{},[5232],{"nodeType":1482,"value":5233,"marks":5234,"data":5236},"AiTM phishing has become the default phishing method",[5235],{"type":1519},{},{"nodeType":1498,"data":5238,"content":5239},{},[5240,5244,5251],{"nodeType":1482,"value":5241,"marks":5242,"data":5243},"AiTM phishing is now the standard, powered by Phishing-as-a-Service kits that operate with the release cycles and customer support of legitimate SaaS products. Tycoon 2FA alone accounted for",[],{},{"nodeType":1493,"data":5245,"content":5246},{"uri":1531},[5247],{"nodeType":1482,"value":5248,"marks":5249,"data":5250}," 62% of phishing detected by Microsoft",[],{},{"nodeType":1482,"value":5252,"marks":5253,"data":5254}," and over 64,000 confirmed incidents, with Sneaky2FA, FlowerStorm, Evilginx, and a growing roster of competitors filling out the marketplace.",[],{},{"nodeType":1498,"data":5256,"content":5257},{},[5258],{"nodeType":1482,"value":5259,"marks":5260,"data":5261},"AiTM is constantly evolving, with vendors adding new features, capabilities, detection evasion techniques, and so on. Abuse of legitimate platforms, and increasingly AI-assisted development means that it’s trivial for attackers to spin up and tear down infrastructure, scale their campaigns, target specific organizations with crafted pages and lures, and generally means that attackers can operate highly sophisticated attacks with minimal effort and complexity. This makes AiTM and other PhaaS-powered techniques extremely accessible to all kinds of criminals.  ",[],{},{"nodeType":1498,"data":5263,"content":5264},{},[5265],{"nodeType":1482,"value":5266,"marks":5267,"data":5268},"These kits are delivered across several browser-based channels — not just email. Push data consistently shows that roughly 1 in 3 phishing payloads we intercept arrive via social media, search ads, messaging apps, or other non-email vectors.",[],{},{"nodeType":1498,"data":5270,"content":5271},{},[5272,5276,5281],{"nodeType":1482,"value":5273,"marks":5274,"data":5275},"Vishing has also surged as a delivery channel — CrowdStrike documented a ",[],{},{"nodeType":1482,"value":5277,"marks":5278,"data":5280},"442% year-over-year increase",[5279],{"type":1519},{},{"nodeType":1482,"value":5282,"marks":5283,"data":5284},", and Mandiant found it was the single most common initial vector in cloud compromises at 23%. But the trend that matters isn't voice calls in isolation; it's voice calls combined with browser-based payloads, where a live operator guides the victim into an AiTM page or device code flow that the call alone could not execute.",[],{},{"nodeType":2449,"data":5286,"content":5287},{},[5288],{"nodeType":1482,"value":5289,"marks":5290,"data":5292},"ClickFix is the top reported initial access vector",[5291],{"type":1519},{},{"nodeType":1498,"data":5294,"content":5295},{},[5296,5300,5308,5312,5320],{"nodeType":1482,"value":5297,"marks":5298,"data":5299},"ClickFix has gone from nonexistent to one of the most prevalent initial access techniques in under 18 months. Microsoft reported it as the",[],{},{"nodeType":1493,"data":5301,"content":5303},{"uri":5302},"https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/msc/documents/presentations/CSR/Microsoft-Digital-Defense-Report-2025.pdf",[5304],{"nodeType":1482,"value":5305,"marks":5306,"data":5307}," most common initial access vector in 2025",[],{},{"nodeType":1482,"value":5309,"marks":5310,"data":5311},", accounting for 47% of observed attacks, while CrowdStrike documented a",[],{},{"nodeType":1493,"data":5313,"content":5315},{"uri":5314},"https://www.crowdstrike.com/explore/2026-global-threat-report",[5316],{"nodeType":1482,"value":5317,"marks":5318,"data":5319}," 563% increase",[],{},{"nodeType":1482,"value":5321,"marks":5322,"data":5323}," in fake CAPTCHA lures (a top ClickFix style).",[],{},{"nodeType":1498,"data":5325,"content":5326},{},[5327,5331,5336],{"nodeType":1482,"value":5328,"marks":5329,"data":5330},"ClickFix is admittedly an outlier in a browser attacks matrix — the payload ultimately executes on the endpoint, not in the browser — but the delivery is overwhelmingly browser-based: ",[],{},{"nodeType":1482,"value":5332,"marks":5333,"data":5335},"4 in 5 ClickFix payloads",[5334],{"type":1519},{},{"nodeType":1482,"value":5337,"marks":5338,"data":5339}," intercepted by Push arrive via search engines as a result of malvertising or compromised web pages, not email, which means the browser is the only control point that actually sees the attack before the user pastes the malicious command.",[],{},{"nodeType":1498,"data":5341,"content":5342},{},[5343],{"nodeType":1482,"value":5344,"marks":5345,"data":5346},"ClickFix is now the primary delivery mechanism for infostealer malware, which is in turn the primary source of the stolen credentials and session tokens that power credential stuffing and session hijacking — which means the technique sits at the start of a cycle where one class of browser-delivered attack generates the raw material for the next.",[],{},{"nodeType":1498,"data":5348,"content":5349},{},[5350,5354,5361,5365,5371],{"nodeType":1482,"value":5351,"marks":5352,"data":5353},"The success of ClickFix has predictably spawned a growing family of derivatives — FileFix, CrashFix,",[],{},{"nodeType":1493,"data":5355,"content":5356},{"uri":1796},[5357],{"nodeType":1482,"value":5358,"marks":5359,"data":5360}," InstallFix",[],{},{"nodeType":1482,"value":5362,"marks":5363,"data":5364}," — and much of the naming is marketing hype around variations on the same clipboard-injection mechanic. But",[],{},{"nodeType":1493,"data":5366,"content":5367},{"uri":1840},[5368],{"nodeType":1482,"value":2007,"marks":5369,"data":5370},[],{},{"nodeType":1482,"value":5372,"marks":5373,"data":5374}," was a genuinely novel development.",[],{},{"nodeType":2449,"data":5376,"content":5377},{},[5378],{"nodeType":1482,"value":5379,"marks":5380,"data":5382},"Browser-native ClickFix: ConsentFix",[5381],{"type":1519},{},{"nodeType":1498,"data":5384,"content":5385},{},[5386,5390,5398,5402,5409],{"nodeType":1482,"value":5387,"marks":5388,"data":5389},"ConsentFix is a fully browser-native attack that merged ClickFix-style social engineering with OAuth consent abuse, compromising accounts through a legitimate Microsoft authorization flow with no endpoint component at all. ConsentFix was",[],{},{"nodeType":1493,"data":5391,"content":5393},{"uri":5392},"https://pushsecurity.com/blog/consentfix-debrief/",[5394],{"nodeType":1482,"value":5395,"marks":5396,"data":5397}," traced to APT29",[],{},{"nodeType":1482,"value":5399,"marks":5400,"data":5401}," and has since been",[],{},{"nodeType":1493,"data":5403,"content":5404},{"uri":1567},[5405],{"nodeType":1482,"value":5406,"marks":5407,"data":5408}," commercialized on criminal forums",[],{},{"nodeType":1482,"value":5410,"marks":5411,"data":5412},", following the same path from state-sponsored technique to commodity criminal tooling that we've seen repeatedly in this space.",[],{},{"nodeType":1498,"data":5414,"content":5415},{},[5416],{"nodeType":1482,"value":5417,"marks":5418,"data":5419},"ConsentFix demonstrates that the clipboard-injection mechanic can evolve into something that operates entirely within the browser, eliminating the endpoint detection surface that traditional ClickFix still exposed.",[],{},{"nodeType":2449,"data":5421,"content":5422},{},[5423],{"nodeType":1482,"value":5424,"marks":5425,"data":5427},"Attackers have pivoted to authorization attacks to get around login controls",[5426],{"type":1519},{},{"nodeType":1498,"data":5429,"content":5430},{},[5431,5435,5442],{"nodeType":1482,"value":5432,"marks":5433,"data":5434},"Authorization attacks like device code phishing have seen a",[],{},{"nodeType":1493,"data":5436,"content":5437},{"uri":1555},[5438],{"nodeType":1482,"value":5439,"marks":5440,"data":5441}," 37.5x increase",[],{},{"nodeType":1482,"value":5443,"marks":5444,"data":5445}," since the start of 2026, with at least 12 distinct kits now offering the technique. It bypasses standard authentication controls — including passkeys — because the attack occurs through the OAuth device authorization flow rather than the standard login flow. ",[],{},{"nodeType":1498,"data":5447,"content":5448},{},[5449],{"nodeType":1482,"value":5450,"marks":5451,"data":5452},"The technique was first associated with nation-state actors like Storm-2372, but went from espionage-grade to commodity PhaaS tooling in roughly eighteen months, with kits like EvilTokens and Venom now offering turnkey device code phishing as a service.",[],{},{"nodeType":1498,"data":5454,"content":5455},{},[5456],{"nodeType":1482,"value":5457,"marks":5458,"data":5459},"The device code authorization is effectively performed post-authentication. If you already have an active session in your browser, entering the device code and selecting your account from a drop-down menu is all that's needed. No password or MFA required. You can see an example in the video below.",[],{},{"nodeType":1507,"data":5461,"content":5465},{"target":5462},{"sys":5463},{"id":5464,"type":1504,"linkType":1505},"2WPb41lNRajdpt5pogQg8M",[],{"nodeType":1498,"data":5467,"content":5468},{},[5469],{"nodeType":1482,"value":5470,"marks":5471,"data":5472},"And the ecosystem is adapting to this opportunity: established AiTM vendors like Tycoon are adding authorization-focused options alongside their existing credential-harvesting capabilities, which points toward multi-technique platforms where operators pick the right tool for whatever defenses the target has in place.",[],{},{"nodeType":2449,"data":5474,"content":5475},{},[5476],{"nodeType":1482,"value":5477,"marks":5478,"data":5480},"Malicious and hacked browser extensions are one of the fastest growing threats",[5479],{"type":1519},{},{"nodeType":1498,"data":5482,"content":5483},{},[5484,5488,5496],{"nodeType":1482,"value":5485,"marks":5486,"data":5487},"Malicious browser extensions have matured from an occasional nuisance into a scalable supply chain attack vector. The",[],{},{"nodeType":1493,"data":5489,"content":5491},{"uri":5490},"https://pushsecurity.com/blog/why-browser-extension-risk-scoring-wont-predict-your-next-breach/",[5492],{"nodeType":1482,"value":5493,"marks":5494,"data":5495}," Cyberhaven compromise",[],{},{"nodeType":1482,"value":5497,"marks":5498,"data":5499}," in December 2024 — where approximately 35 extensions were weaponized through a single OAuth phishing campaign targeting developers — impacted 2.6 million users and demonstrated that extension supply chain attacks can achieve the kind of reach that used to require a compromised software update server.",[],{},{"nodeType":1498,"data":5501,"content":5502},{},[5503],{"nodeType":1482,"value":5504,"marks":5505,"data":5506},"Since Cyberhaven, the pace has only accelerated. In 2026 alone, researchers have publicly disclosed at least 250 confirmed malicious browser extensions affecting roughly 1.75 million users, alongside a further 370+ extensions engaged in undisclosed or policy-disclosed data harvesting affecting an additional 44 million users. That doesn't count the extensions from late-2025 campaigns (DarkSpectre, AITOPIA, Trust Wallet) whose impacts carried into 2026.",[],{},{"nodeType":1498,"data":5508,"content":5509},{},[5510,5514,5522],{"nodeType":1482,"value":5511,"marks":5512,"data":5513},"The attack paths have also expanded. Beyond phishing developers for take over Web Store accounts (the Cyberhaven playbook), attackers are buying existing extensions from developers, waiting for ownership transfers or abandonments to take over, and increasingly vibe-coding their own functional extensions from scratch to build an audience that can later be weaponized. The common thread is that ",[],{},{"nodeType":1493,"data":5515,"content":5516},{"uri":5490},[5517],{"nodeType":1482,"value":5518,"marks":5519,"data":5521},"most malicious extensions didn't start out malicious",[5520],{"type":1491},{},{"nodeType":1482,"value":5523,"marks":5524,"data":5525}," — they started as legitimate tools and were turned into weapons after the fact.",[],{},{"nodeType":1498,"data":5527,"content":5528},{},[5529],{"nodeType":1482,"value":5530,"marks":5531,"data":5532},"None of this is happening in isolation. The threat landscape has reoriented around browser-based initial access and identity compromise — and the matrix needed to catch up.",[],{},{"nodeType":1511,"data":5534,"content":5535},{},[],{"nodeType":1521,"data":5537,"content":5538},{},[5539],{"nodeType":1482,"value":5540,"marks":5541,"data":5543},"The evolution is playing out in public breaches",[5542],{"type":1519},{},{"nodeType":1498,"data":5545,"content":5546},{},[5547],{"nodeType":1482,"value":5548,"marks":5549,"data":5550},"It’s worth reinforcing that when the SaaS matrix was first released, many of these attacks hadn’t been seen in the wild. The change today is staggering:",[],{},{"nodeType":2295,"data":5552,"content":5553},{},[5554,5575,5597,5617],{"nodeType":2299,"data":5555,"content":5556},{},[5557],{"nodeType":1498,"data":5558,"content":5559},{},[5560,5564,5571],{"nodeType":1482,"value":5561,"marks":5562,"data":5563},"When",[],{},{"nodeType":1493,"data":5565,"content":5566},{"uri":2344},[5567],{"nodeType":1482,"value":5568,"marks":5569,"data":5570}," Scattered Lapsus$ Hunters",[],{},{"nodeType":1482,"value":5572,"marks":5573,"data":5574}," compromised over a thousand organizations' Salesforce tenants through device code phishing, the attack started with a phone call, moved through a browser-based authorization flow for the attacker’s app, and ended with mass data exfiltration via API.",[],{},{"nodeType":2299,"data":5576,"content":5577},{},[5578],{"nodeType":1498,"data":5579,"content":5580},{},[5581,5585,5593],{"nodeType":1482,"value":5582,"marks":5583,"data":5584},"When the same collective launched",[],{},{"nodeType":1493,"data":5586,"content":5588},{"uri":5587},"https://pushsecurity.com/blog/unpacking-the-latest-slh-campaign/",[5589],{"nodeType":1482,"value":5590,"marks":5591,"data":5592}," AiTM phishing campaigns",[],{},{"nodeType":1482,"value":5594,"marks":5595,"data":5596}," targeting Okta and Entra SSO, the phishing page was operated by a human in real time and delivered over a voice call — not email.",[],{},{"nodeType":2299,"data":5598,"content":5599},{},[5600],{"nodeType":1498,"data":5601,"content":5602},{},[5603,5606,5613],{"nodeType":1482,"value":5561,"marks":5604,"data":5605},[],{},{"nodeType":1493,"data":5607,"content":5608},{"uri":1840},[5609],{"nodeType":1482,"value":5610,"marks":5611,"data":5612}," APT29 deployed ConsentFix",[],{},{"nodeType":1482,"value":5614,"marks":5615,"data":5616}," across dozens of compromised websites, the entire attack chain was browser-native, abusing a legitimate Microsoft OAuth flow to bypass MFA without proxying a single credential.",[],{},{"nodeType":2299,"data":5618,"content":5619},{},[5620],{"nodeType":1498,"data":5621,"content":5622},{},[5623,5627,5635],{"nodeType":1482,"value":5624,"marks":5625,"data":5626},"The",[],{},{"nodeType":1493,"data":5628,"content":5630},{"uri":5629},"https://pushsecurity.com/blog/identity-attacks-in-the-wild/#id-snowflake-june-2024",[5631],{"nodeType":1482,"value":5632,"marks":5633,"data":5634}," Snowflake breach",[],{},{"nodeType":1482,"value":5636,"marks":5637,"data":5638}," — arguably the most consequential credential-based campaign of the past several years — saw 165 organizations breached using credentials that had been sitting in infostealer dumps for years, replayed against Snowflake tenants that lacked mandatory MFA. The attack surface wasn't Snowflake's application logic; it was the identity hygiene gap that every organization carries across hundreds of apps.",[],{},{"nodeType":1498,"data":5640,"content":5641},{},[5642],{"nodeType":1482,"value":5643,"marks":5644,"data":5645},"And that’s just the big picture. Every month we’re tracking new public breaches involving browser and identity TTPs — which again, are just the tip of the iceberg when you consider that many breaches are settled quietly without hitting the headlines. ",[],{},{"nodeType":1498,"data":5647,"content":5648},{},[5649,5653,5658],{"nodeType":1482,"value":5650,"marks":5651,"data":5652},"One of the key drivers here is the shrinking time-to-exploit. CrowdStrike's average e-crime breakout time is down to ",[],{},{"nodeType":1482,"value":5654,"marks":5655,"data":5657},"29 minutes",[5656],{"type":1519},{},{"nodeType":1482,"value":5659,"marks":5660,"data":5661},", with the fastest recorded at 27 seconds. When attackers can move from initial access to data exfiltration within minutes, the window for post-compromise detection collapses to near zero. The best chance of stopping the attack is at the point of initial access before the identity is compromised.",[],{},{"nodeType":1511,"data":5663,"content":5664},{},[],{"nodeType":1521,"data":5666,"content":5667},{},[5668,5673,5679,5684,5690],{"nodeType":1482,"value":5669,"marks":5670,"data":5672},"Sidenote: why we're looking at attacks ",[5671],{"type":1519},{},{"nodeType":1482,"value":5674,"marks":5675,"data":5678},"in",[5676,5677],{"type":274},{"type":1519},{},{"nodeType":1482,"value":5680,"marks":5681,"data":5683}," the browser, not ",[5682],{"type":1519},{},{"nodeType":1482,"value":5685,"marks":5686,"data":5689},"on",[5687,5688],{"type":274},{"type":1519},{},{"nodeType":1482,"value":5691,"marks":5692,"data":5694}," the browser",[5693],{"type":1519},{},{"nodeType":1498,"data":5696,"content":5697},{},[5698,5702,5710],{"nodeType":1482,"value":5699,"marks":5700,"data":5701},"Calling this a \"browser attacks\" matrix needs clarification. We're not talking about browser exploits — RCE vulnerabilities, sandbox escapes, memory corruption bugs. Those attacks target the browser itself, they're extraordinarily expensive to develop, and they're increasingly rare. Browser zero-days hit a",[],{},{"nodeType":1493,"data":5703,"content":5705},{"uri":5704},"https://cloud.google.com/blog/topics/threat-intelligence/2025-zero-day-review",[5706],{"nodeType":1482,"value":5707,"marks":5708,"data":5709}," historic low of 9%",[],{},{"nodeType":1482,"value":5711,"marks":5712,"data":5713}," of all zero-days reported to Google, and a Chrome RCE commands a $250,000 bug bounty.",[],{},{"nodeType":1498,"data":5715,"content":5716},{},[5717],{"nodeType":1482,"value":5718,"marks":5719,"data":5720},"In comparison, a one-year phishing kit rental costs $1,000. A bulk stolen credential list costs $15. An initial-access-broker-provided IdP admin account costs $3,000. When it costs orders of magnitude less to exploit the person using the browser than to exploit the browser itself, attackers will take the cheaper option every time.",[],{},{"nodeType":1498,"data":5722,"content":5723},{},[5724],{"nodeType":1482,"value":5725,"marks":5726,"data":5727},"It's worth heading off the obvious counterargument: won't AI-assisted vulnerability discovery eventually make browser exploits cheaper? Perhaps — but it will simultaneously make them easier for browser vendors to find and patch, and vendors like Google and Microsoft have the engineering capacity and financial incentive to scale AI-driven remediation far faster than attackers can scale exploit development.",[],{},{"nodeType":1511,"data":5729,"content":5730},{},[],{"nodeType":1521,"data":5732,"content":5733},{},[5734],{"nodeType":1482,"value":5735,"marks":5736,"data":5738},"What hasn't changed",[5737],{"type":1519},{},{"nodeType":1498,"data":5740,"content":5741},{},[5742,5746,5754],{"nodeType":1482,"value":5743,"marks":5744,"data":5745},"The matrix remains open-source, community-maintained, and available on",[],{},{"nodeType":1493,"data":5747,"content":5749},{"uri":5748},"https://github.com/pushsecurity/saas-attacks",[5750],{"nodeType":1482,"value":5751,"marks":5752,"data":5753}," GitHub",[],{},{"nodeType":1482,"value":5755,"marks":5756,"data":5757},". The goal is the same as it was in 2023: to give offensive and defensive security teams a shared reference point for the techniques that matter most.",[],{},{"nodeType":1498,"data":5759,"content":5760},{},[5761],{"nodeType":1482,"value":5762,"marks":5763,"data":5764},"We built it because there was a gap in how the industry talked about these techniques, and that gap still exists — MITRE ATT&CK remains essential for endpoint and network TTPs, but the browser-based, identity-first techniques behind most modern breaches are still underrepresented in traditional frameworks.",[],{},{"nodeType":1498,"data":5766,"content":5767},{},[5768],{"nodeType":1482,"value":5769,"marks":5770,"data":5771},"We continue to maintain the matrix with input from red teams, detection engineers, and threat researchers across the community. Some of the most valuable additions over the past two years have come from practitioners who encountered a technique on an engagement or in an investigation and contributed it back to the repository.",[],{},{"nodeType":1498,"data":5773,"content":5774},{},[5775,5779,5786],{"nodeType":1482,"value":5776,"marks":5777,"data":5778},"If you're an offensive security professional using these techniques on engagements, or a defender building detections against them, we want to hear from you. Submit a PR, open a discussion, or flag a technique we've missed on ",[],{},{"nodeType":1493,"data":5780,"content":5782},{"uri":5781},"https://github.com/pushsecurity/browser-identity-attacks-matrix",[5783],{"nodeType":1482,"value":4838,"marks":5784,"data":5785},[],{},{"nodeType":1482,"value":1576,"marks":5787,"data":5788},[],{},{"nodeType":1511,"data":5790,"content":5791},{},[],{"nodeType":1521,"data":5793,"content":5794},{},[5795],{"nodeType":1482,"value":5796,"marks":5797,"data":5799},"Looking ahead",[5798],{"type":1519},{},{"nodeType":1498,"data":5801,"content":5802},{},[5803],{"nodeType":1482,"value":5804,"marks":5805,"data":5806},"The pace of attacker innovation in browser-based initial access techniques over the past 18 months has been unlike anything we've tracked before — technique after technique moving from research curiosity to industrialized criminal tooling within months, not years.",[],{},{"nodeType":2295,"data":5808,"content":5809},{},[5810,5820,5830],{"nodeType":2299,"data":5811,"content":5812},{},[5813],{"nodeType":1498,"data":5814,"content":5815},{},[5816],{"nodeType":1482,"value":5817,"marks":5818,"data":5819},"AiTM platforms are adding authorization-based attack options alongside their credential-harvesting capabilities.",[],{},{"nodeType":2299,"data":5821,"content":5822},{},[5823],{"nodeType":1498,"data":5824,"content":5825},{},[5826],{"nodeType":1482,"value":5827,"marks":5828,"data":5829},"ClickFix has spawned fully browser-native variants.",[],{},{"nodeType":2299,"data":5831,"content":5832},{},[5833],{"nodeType":1498,"data":5834,"content":5835},{},[5836],{"nodeType":1482,"value":5837,"marks":5838,"data":5839},"AI is lowering the cost of producing convincing social engineering and phishing infrastructure at scale.",[],{},{"nodeType":1498,"data":5841,"content":5842},{},[5843],{"nodeType":1482,"value":5844,"marks":5845,"data":5846},"We don't see any of this slowing down, and that's exactly why thinking about these attacks as a browser problem instead of siloing them across email, endpoint, network, and cloud categories, each with a partial view of the picture (and still missing the whole when combined).",[],{},{"nodeType":1498,"data":5848,"content":5849},{},[5850,5854,5861],{"nodeType":1482,"value":5851,"marks":5852,"data":5853},"The Browser & Identity Attacks Matrix is our contribution to keeping that shared understanding current. You can",[],{},{"nodeType":1493,"data":5855,"content":5856},{"uri":61},[5857],{"nodeType":1482,"value":5858,"marks":5859,"data":5860}," explore the matrix here",[],{},{"nodeType":1482,"value":1576,"marks":5862,"data":5863},[],{},{"nodeType":1498,"data":5865,"content":5866},{},[5867,5871,5879],{"nodeType":1482,"value":5868,"marks":5869,"data":5870},"You can also read our recent",[],{},{"nodeType":1493,"data":5872,"content":5874},{"uri":5873},"https://pushsecurity.com/thank-you/browser-attacks-report",[5875],{"nodeType":1482,"value":5876,"marks":5877,"data":5878}," browser attack techniques report",[],{},{"nodeType":1482,"value":5880,"marks":5881,"data":5882}," for more information.",[],{},{"nodeType":1507,"data":5884,"content":5888},{"target":5885},{"sys":5886},{"id":5887,"type":1504,"linkType":1505},"1hx6sxpyEzxn4F4jc1RGQi",[],{"nodeType":1511,"data":5890,"content":5891},{},[],{"nodeType":1498,"data":5893,"content":5894},{},[5895],{"nodeType":1482,"value":5896,"marks":5897,"data":5898},"Push Security is the most powerful AI-native security tool in the browser. Think EDR, but for the browser — high-fidelity telemetry and real-time control across every session, on every device, with no browser migration required. Security teams use Push to detect and stop advanced browser-based attacks like AiTM phishing, ClickFix, and session hijacking; gain visibility and control over AI tool usage across their workforce; harden identities by surfacing credential reuse, SSO gaps, and shadow IT; and support data loss and insider investigations with browser-layer telemetry that other tools can't see.",[],{},{"nodeType":1498,"data":5900,"content":5901},{},[5902,5906,5913],{"nodeType":1482,"value":5903,"marks":5904,"data":5905},"Book a",[],{},{"nodeType":1493,"data":5907,"content":5908},{"uri":2043},[5909],{"nodeType":1482,"value":5910,"marks":5911,"data":5912}," live demo",[],{},{"nodeType":1482,"value":5914,"marks":5915,"data":5916}," to learn more.",[],{},"Introducing the Browser & Identity Attacks Matrix","We're re-releasing the SaaS attack matrix as the Browser & Identity Attacks Matrix. Here's why we've decided to make the change and what it means.","2026-05-08T00:00:00.000Z","introducing-the-browser-and-identity-attacks-matrix",{"items":5922},[5923,5925],{"sys":5924,"name":5062},{"id":5061},{"sys":5926,"name":5066},{"id":5065},{"items":5928},[5929],{"fullName":5930,"firstName":5931,"jobTitle":5932,"profilePicture":5933},"Dan Green","Dan","Threat Research",{"url":5934},"https://images.ctfassets.net/y1cdw1ablpvd/7jik1VhFgA3kgzXBXTm2Vw/fcd8c171da644903d0827eafcfbcaad0/Dan_Headshot_2025.png",{"__typename":2080,"sys":5936,"content":5938,"title":6800,"synopsis":6801,"hashTags":62,"publishedDate":5919,"slug":6802,"tagsCollection":6803,"authorsCollection":6809},{"id":5937},"3jF1fypt08TNlSoWuoMWhj",{"json":5939},{"nodeType":2060,"data":5940,"content":5941},{},[5942,5959,6002,6009,6040,6083,6089,6101,6104,6112,6163,6170,6193,6199,6202,6210,6238,6245,6253,6259,6262,6270,6277,6295,6302,6345,6352,6355,6363,6381,6389,6396,6419,6442,6466,6474,6481,6484,6491,6498,6515,6518,6526,6544,6794],{"nodeType":1498,"data":5943,"content":5944},{},[5945,5949,5955],{"nodeType":1482,"value":5946,"marks":5947,"data":5948},"ShinyHunters and the broader SLH (",[],{},{"nodeType":1493,"data":5950,"content":5951},{"uri":2344},[5952],{"nodeType":1482,"value":2347,"marks":5953,"data":5954},[],{},{"nodeType":1482,"value":5956,"marks":5957,"data":5958},") collective have claimed breaches at thousands of organizations over the past twelve months across retail, technology, aviation, financial services, media, gaming, and education, in what amounts to the most sustained data theft and extortion operation in recent cybercrime history. ",[],{},{"nodeType":1498,"data":5960,"content":5961},{},[5962,5966,5974,5978,5986,5990,5998],{"nodeType":1482,"value":5963,"marks":5964,"data":5965},"The confirmed victim list reads like a Fortune 500 directory: Coca-Cola, Cisco, Qantas, Coinbase, ADT, Aflac, SoundCloud, Rockstar Games, and recently ",[],{},{"nodeType":1493,"data":5967,"content":5969},{"uri":5968},"https://www.bleepingcomputer.com/news/security/instructure-confirms-data-breach-shinyhunters-claims-attack/",[5970],{"nodeType":1482,"value":5971,"marks":5972,"data":5973},"Instructure",[],{},{"nodeType":1482,"value":5975,"marks":5976,"data":5977}," — whose breach ",[],{},{"nodeType":1493,"data":5979,"content":5981},{"uri":5980},"https://krebsonsecurity.com/2026/05/canvas-breach-disrupts-schools-colleges-nationwide/",[5982],{"nodeType":1482,"value":5983,"marks":5984,"data":5985},"disrupted schools and universities nationwide",[],{},{"nodeType":1482,"value":5987,"marks":5988,"data":5989}," during final exams — among dozens more named publicly and likely many more that haven't been (breaches settled quickly behind closed doors don't always make it into the public eye). ShinyHunters alone claimed over 1.5 billion stolen Salesforce records from a single campaign targeting more than 1,000 organizations, and this follows the ",[],{},{"nodeType":1493,"data":5991,"content":5993},{"uri":5992},"https://www.bleepingcomputer.com/news/security/shinyhunters-claims-15-billion-salesforce-records-stolen-in-drift-hacks/",[5994],{"nodeType":1482,"value":5995,"marks":5996,"data":5997},"2024 Snowflake breach",[],{},{"nodeType":1482,"value":5999,"marks":6000,"data":6001}," where the same group used infostealer-harvested credentials to compromise over 165 customer environments (and another billion-plus records).",[],{},{"nodeType":1498,"data":6003,"content":6004},{},[6005],{"nodeType":1482,"value":6006,"marks":6007,"data":6008},"SLH operates as a distributed criminal collective. Its genealogy traces through a merger of Scattered Spider, Lapsus$, and ShinyHunters, itself part of the Com, a broader community of English-speaking cybercriminals with international criminal affiliations. ",[],{},{"nodeType":1498,"data":6010,"content":6011},{},[6012,6016,6024,6028,6036],{"nodeType":1482,"value":6013,"marks":6014,"data":6015},"Additional operating clusters, including Cordial Spider and Snarky Spider (which CrowdStrike ",[],{},{"nodeType":1493,"data":6017,"content":6019},{"uri":6018},"https://cyberscoop.com/crowdstrike-cordial-spider-snarky-spider-extortion-attacks/",[6020],{"nodeType":1482,"value":6021,"marks":6022,"data":6023},"characterizes as the new generation of Scattered Spider",[],{},{"nodeType":1482,"value":6025,"marks":6026,"data":6027},") run parallel campaigns against different target sectors, unified not by shared infrastructure but by a shared playbook of techniques that exploit the structural weakness in modern SaaS-first organizations. ",[],{},{"nodeType":1493,"data":6029,"content":6031},{"uri":6030},"https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-03-12-Vishing-Campaigns-Lead-to-Data-Theft-and-Extortion.txt",[6032],{"nodeType":1482,"value":6033,"marks":6034,"data":6035},"Unit 42 documented",[],{},{"nodeType":1482,"value":6037,"marks":6038,"data":6039}," these groups moving from initial compromise to complete data exfiltration in under an hour — faster than most organizations can even begin to respond. ",[],{},{"nodeType":1498,"data":6041,"content":6042},{},[6043,6047,6055,6059,6067,6071,6079],{"nodeType":1482,"value":6044,"marks":6045,"data":6046},"Not every SLH breach is browser-based — the Instructure breach (275 million individuals, ~330 school login portals defaced) began with a Salesforce tenant compromise in September 2025, but resurfaced in May 2026 after attackers exploited a ",[],{},{"nodeType":1493,"data":6048,"content":6050},{"uri":6049},"https://www.bitdefender.com/en-gb/blog/businessinsights/technical-advisory-shinyhunters-breach-instructure-canvas-lms",[6051],{"nodeType":1482,"value":6052,"marks":6053,"data":6054},"vulnerability affecting Canvas's Free-For-Teacher program",[],{},{"nodeType":1482,"value":6056,"marks":6057,"data":6058}," (it's now been confirmed that Instructure \"",[],{},{"nodeType":1493,"data":6060,"content":6062},{"uri":6061},"https://www.instructure.com/incident_update",[6063],{"nodeType":1482,"value":6064,"marks":6065,"data":6066},"reached a settlement",[],{},{"nodeType":1482,"value":6068,"marks":6069,"data":6070},"\" for the deletion of the data, and shut down the free account tier), while the Coinbase breach cost ",[],{},{"nodeType":1493,"data":6072,"content":6074},{"uri":6073},"https://www.bleepingcomputer.com/news/security/coinbase-discloses-breach-faces-up-to-400-million-in-losses/",[6075],{"nodeType":1482,"value":6076,"marks":6077,"data":6078},"$180M–400M through insider bribery",[],{},{"nodeType":1482,"value":6080,"marks":6081,"data":6082}," — but these are the exceptions that prove the rule. ",[],{},{"nodeType":1507,"data":6084,"content":6088},{"target":6085},{"sys":6086},{"id":6087,"type":1504,"linkType":1505},"4qNrbDyMJIumQfdbh9YVkU",[],{"nodeType":1498,"data":6090,"content":6091},{},[6092,6097],{"nodeType":1482,"value":6093,"marks":6094,"data":6096},"The vast majority of SLH campaigns over the past year converge on three browser-based attack vectors: vishing combined with AiTM phishing, device code phishing exploiting account authorization flows, and OAuth supply chain attacks through compromised third-party integrators.",[6095],{"type":1519},{},{"nodeType":1482,"value":6098,"marks":6099,"data":6100}," Each is well-documented, each has produced confirmed victims at scale, and each is detectable or preventable through browser-layer security controls. This post examines all three.",[],{},{"nodeType":1511,"data":6102,"content":6103},{},[],{"nodeType":1521,"data":6105,"content":6106},{},[6107],{"nodeType":1482,"value":6108,"marks":6109,"data":6111},"Vector 1: Vishing combined with AiTM phishing",[6110],{"type":1519},{},{"nodeType":1498,"data":6113,"content":6114},{},[6115,6119,6127,6130,6138,6141,6148,6152,6160],{"nodeType":1482,"value":6116,"marks":6117,"data":6118},"The most visible campaign right now pairs targeted voice calls with adversary-in-the-middle phishing pages — an approach that",[],{},{"nodeType":1493,"data":6120,"content":6122},{"uri":6121},"https://cloud.google.com/blog/topics/threat-intelligence/expansion-shinyhunters-saas-data-theft",[6123],{"nodeType":1482,"value":6124,"marks":6125,"data":6126}," Mandiant",[],{},{"nodeType":1482,"value":1609,"marks":6128,"data":6129},[],{},{"nodeType":1493,"data":6131,"content":6133},{"uri":6132},"https://www.crowdstrike.com/en-us/blog/defending-against-cordial-spider-and-snarky-spider-with-falcon-shield/",[6134],{"nodeType":1482,"value":6135,"marks":6136,"data":6137}," CrowdStrike",[],{},{"nodeType":1482,"value":2011,"marks":6139,"data":6140},[],{},{"nodeType":1493,"data":6142,"content":6143},{"uri":6030},[6144],{"nodeType":1482,"value":6145,"marks":6146,"data":6147}," Unit 42",[],{},{"nodeType":1482,"value":6149,"marks":6150,"data":6151}," have all documented from the incident response side, and which Push has",[],{},{"nodeType":1493,"data":6153,"content":6155},{"uri":6154},"https://pushsecurity.com/blog/inside-criminal-phishing-panel/",[6156],{"nodeType":1482,"value":6157,"marks":6158,"data":6159}," documented from inside the attacker's own operator panels",[],{},{"nodeType":1482,"value":1576,"marks":6161,"data":6162},[],{},{"nodeType":1498,"data":6164,"content":6165},{},[6166],{"nodeType":1482,"value":6167,"marks":6168,"data":6169},"An attacker impersonating IT support calls the target employee, establishes urgency — often citing a \"mandatory passkey rollout\" or a \"security compliance update\" — and directs them to a victim-branded AiTM phishing page (typically at a domain like \u003Ccompany>sso.com or \u003Ccompany>internal.com). The attack is processed by a live human in real time, relaying credentials and MFA codes to the legitimate identity provider as they are entered, capturing the resulting session token, and granting the attacker an authenticated session. ",[],{},{"nodeType":1498,"data":6171,"content":6172},{},[6173,6177,6184,6188],{"nodeType":1482,"value":6174,"marks":6175,"data":6176},"One of the reasons that this method is becoming so widespread is the commoditization of effective tools. Push's ",[],{},{"nodeType":1493,"data":6178,"content":6179},{"uri":6154},[6180],{"nodeType":1482,"value":6181,"marks":6182,"data":6183},"infiltration of the criminal phishing panels",[],{},{"nodeType":1482,"value":6185,"marks":6186,"data":6187}," identified over 400 linked domains across four distinct infrastructure clusters. ",[],{},{"nodeType":1482,"value":6189,"marks":6190,"data":6192},"This mirrors the pattern that turned AiTM phishing from a specialist capability into an industrialized market with competing PhaaS platforms, but with the added complication that voice phishing as the delivery vector makes the attack invisible to traditional anti-phishing controls at the email layer.",[6191],{"type":1519},{},{"nodeType":1507,"data":6194,"content":6198},{"target":6195},{"sys":6196},{"id":6197,"type":1504,"linkType":1505},"1Yhthl0PILGW7EmCcZUrNv",[],{"nodeType":1511,"data":6200,"content":6201},{},[],{"nodeType":1521,"data":6203,"content":6204},{},[6205],{"nodeType":1482,"value":6206,"marks":6207,"data":6209},"Vector 2: Vishing combined with device code phishing",[6208],{"type":1519},{},{"nodeType":1498,"data":6211,"content":6212},{},[6213,6216,6223,6227,6234],{"nodeType":1482,"value":5624,"marks":6214,"data":6215},[],{},{"nodeType":1493,"data":6217,"content":6218},{"uri":5587},[6219],{"nodeType":1482,"value":6220,"marks":6221,"data":6222}," ShinyHunters Salesforce campaign",[],{},{"nodeType":1482,"value":6224,"marks":6225,"data":6226}," that ran through 2025 and into 2026 used device code phishing as one of its core methods,",[],{},{"nodeType":1493,"data":6228,"content":6229},{"uri":5992},[6230],{"nodeType":1482,"value":6231,"marks":6232,"data":6233}," compromising over 1,000 organizations and claiming 1.5 billion stolen records",[],{},{"nodeType":1482,"value":6235,"marks":6236,"data":6237}," — including an attempted extortion of Salesforce itself. The attack involved registering an attacker-controlled \"DataLoader\" application mimicking a legitimate Salesforce tool, configuring it to request broad OAuth scopes including full API access and refresh token generation, and guiding victims through the device authorization flow via vishing calls.",[],{},{"nodeType":1498,"data":6239,"content":6240},{},[6241],{"nodeType":1482,"value":6242,"marks":6243,"data":6244},"Device code phishing exploits the OAuth 2.0 device authorization grant — a flow designed for devices without browsers, like smart TVs, but used in a wide range of scenarios including CLI logins — by tricking users into entering a code on Microsoft's (or another identity provider's) legitimate verification page. Since the victim is usually signed into the app in their browser, there’s no login at all. They simply navigate to the app’s device code login page and enter an attacker-provided code to grant the attacker an access token. ",[],{},{"nodeType":1498,"data":6246,"content":6247},{},[6248],{"nodeType":1482,"value":6249,"marks":6250,"data":6252},"This is what makes device code phishing structurally different from AiTM: it defeats all MFA (including passkeys) because the attack doesn’t target the login, but the authorization layer instead.",[6251],{"type":1519},{},{"nodeType":1507,"data":6254,"content":6258},{"target":6255},{"sys":6256},{"id":6257,"type":1504,"linkType":1505},"3ElQz8sLATnR8RY5nVlBGM",[],{"nodeType":1511,"data":6260,"content":6261},{},[],{"nodeType":1521,"data":6263,"content":6264},{},[6265],{"nodeType":1482,"value":6266,"marks":6267,"data":6269},"Vector 3: OAuth supply chain attacks through compromised integrators",[6268],{"type":1519},{},{"nodeType":1498,"data":6271,"content":6272},{},[6273],{"nodeType":1482,"value":6274,"marks":6275,"data":6276},"The third vector does not require the attacker to phish the victim organization's employees at all. Instead, it exploits the OAuth trust relationships that organizations create when they connect third-party SaaS vendors into their environments — and the consequence is that every organization that authorized one of these integrations effectively extended its security boundary to include the vendor's own security posture.",[],{},{"nodeType":1498,"data":6278,"content":6279},{},[6280,6283,6291],{"nodeType":1482,"value":5624,"marks":6281,"data":6282},[],{},{"nodeType":1493,"data":6284,"content":6286},{"uri":6285},"https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift",[6287],{"nodeType":1482,"value":6288,"marks":6289,"data":6290}," Salesloft/Drift supply chain attack",[],{},{"nodeType":1482,"value":6292,"marks":6293,"data":6294}," demonstrated this at scale in 2025: in an extension of the previously mentioned device code phishing campaign, the attacker compromised Salesloft's GitHub environment, used TruffleHog to find secrets, stole Drift OAuth tokens, and used them to access downstream Salesforce environments. The same pattern was later repeated at Gainsight. ",[],{},{"nodeType":1498,"data":6296,"content":6297},{},[6298],{"nodeType":1482,"value":6299,"marks":6300,"data":6301},"Along with the previously mentioned device code phishing attacks,  more than 1000 organizations were breached. The attackers then harvested AWS keys, Snowflake credentials, and stored passwords from breached Salesforce instances, compounding the access into progressively wider reach.",[],{},{"nodeType":1498,"data":6303,"content":6304},{},[6305,6309,6317,6321,6329,6333,6341],{"nodeType":1482,"value":6306,"marks":6307,"data":6308},"The same structural pattern has continued into 2026 with the Anodot supply chain compromise, which has produced confirmed breaches at",[],{},{"nodeType":1493,"data":6310,"content":6312},{"uri":6311},"https://www.bleepingcomputer.com/news/security/vimeo-data-breach-exposes-personal-information-of-119-000-people/",[6313],{"nodeType":1482,"value":6314,"marks":6315,"data":6316}," Vimeo",[],{},{"nodeType":1482,"value":6318,"marks":6319,"data":6320}," (119,000 users), Rockstar Games (78.6 million records), and",[],{},{"nodeType":1493,"data":6322,"content":6324},{"uri":6323},"https://www.bleepingcomputer.com/news/security/zara-data-breach-exposed-personal-information-of-197-000-people/",[6325],{"nodeType":1482,"value":6326,"marks":6327,"data":6328}," Zara/Inditex",[],{},{"nodeType":1482,"value":6330,"marks":6331,"data":6332}," (197,000 people), with further downstream victims likely still emerging. The",[],{},{"nodeType":1493,"data":6334,"content":6336},{"uri":6335},"https://pushsecurity.com/blog/unpacking-the-vercel-breach/",[6337],{"nodeType":1482,"value":6338,"marks":6339,"data":6340}," Vercel breach",[],{},{"nodeType":1482,"value":6342,"marks":6343,"data":6344}," demonstrates this too, which involved compromised OAuth tokens from Context.ai cascading into Google Workspace, reinforces the same attack pattern (though it was likely not a ShinyHunters operation despite being claimed by someone pretending to be them).",[],{},{"nodeType":1498,"data":6346,"content":6347},{},[6348],{"nodeType":1482,"value":6349,"marks":6350,"data":6351},"A forgotten SaaS integration can easily become the pivot point for downstream compromise. The moment you authorize a third-party integration, your security boundary extends to include that vendor. If the third-party is compromised, every downstream customer organization with an active integration is exposed.",[],{},{"nodeType":1511,"data":6353,"content":6354},{},[],{"nodeType":1521,"data":6356,"content":6357},{},[6358],{"nodeType":1482,"value":6359,"marks":6360,"data":6362},"These attacks all happen in the browser",[6361],{"type":1519},{},{"nodeType":1498,"data":6364,"content":6365},{},[6366,6370,6377],{"nodeType":1482,"value":6367,"marks":6368,"data":6369},"Every one of these attack chains is a browser-based attack that either occurs in the browser (AiTM phishing, device code phishing) or could have been prevented at the browser layer (OAuth consent governance). The techniques are interchangeable — the",[],{},{"nodeType":1493,"data":6371,"content":6372},{"uri":1555},[6373],{"nodeType":1482,"value":6374,"marks":6375,"data":6376}," same criminal kits now offer AiTM and device code phishing side by side",[],{},{"nodeType":1482,"value":6378,"marks":6379,"data":6380},", and the same threat actor (ShinyHunters) has used all three vectors across different campaigns within the same twelve-month period.",[],{},{"nodeType":2449,"data":6382,"content":6383},{},[6384],{"nodeType":1482,"value":6385,"marks":6386,"data":6388},"How Push can help",[6387],{"type":1519},{},{"nodeType":1498,"data":6390,"content":6391},{},[6392],{"nodeType":1482,"value":6393,"marks":6394,"data":6395},"Push operates at the exact point in each of these attack chains where automated intervention can still prevent the compromise. ",[],{},{"nodeType":1498,"data":6397,"content":6398},{},[6399,6404,6408,6415],{"nodeType":1482,"value":6400,"marks":6401,"data":6403},"For vishing + AiTM attacks, ",[6402],{"type":1519},{},{"nodeType":1482,"value":6405,"marks":6406,"data":6407},"Push's",[],{},{"nodeType":1493,"data":6409,"content":6410},{"uri":6154},[6411],{"nodeType":1482,"value":6412,"marks":6413,"data":6414}," behavioral phishing detection",[],{},{"nodeType":1482,"value":6416,"marks":6417,"data":6418}," analyzes and blocks the phishing page in real time by detecting it from the user's browser — regardless of the domains used, hosting infrastructure, or where the URL was delivered.  ",[],{},{"nodeType":1498,"data":6420,"content":6421},{},[6422,6427,6431,6438],{"nodeType":1482,"value":6423,"marks":6424,"data":6426},"For device code phishing,",[6425],{"type":1519},{},{"nodeType":1482,"value":6428,"marks":6429,"data":6430}," Push detects the phishing pages associated with ",[],{},{"nodeType":1493,"data":6432,"content":6433},{"uri":1555},[6434],{"nodeType":1482,"value":6435,"marks":6436,"data":6437},"device code phishing kits",[],{},{"nodeType":1482,"value":6439,"marks":6440,"data":6441}," — including generic, technique-class detections that catch new kits without requiring kit-specific signatures. Second, Push provides an additional layer of protection on the legitimate device code authentication pages themselves, preventing users from entering attacker-supplied codes into them. Together, these detections cover both the kit-operated phishing infrastructure and the legitimate auth pages that the attack flow depends on.",[],{},{"nodeType":1498,"data":6443,"content":6444},{},[6445,6450,6454,6462],{"nodeType":1482,"value":6446,"marks":6447,"data":6449},"For OAuth supply chain attacks,",[6448],{"type":1519},{},{"nodeType":1482,"value":6451,"marks":6452,"data":6453}," Push's ",[],{},{"nodeType":1493,"data":6455,"content":6457},{"uri":6456},"https://site.dev.pushsecurity.com/contentful-preview/?blogSlug=analyzing-the-instructure-breach",[6458],{"nodeType":1482,"value":6459,"marks":6460,"data":6461},"detects and controls OAuth consent flows",[],{},{"nodeType":1482,"value":6463,"marks":6464,"data":6465}," at the browser layer — capturing which application is requesting access, what scopes it's requesting, and whether the grant should be permitted under organizational policy. Push customers can also block OAuth connection requests as they transit the browser, enabling security teams to stop unwanted integrations being added in the first place. ",[],{},{"nodeType":2449,"data":6467,"content":6468},{},[6469],{"nodeType":1482,"value":6470,"marks":6471,"data":6473},"Closing thoughts",[6472],{"type":1519},{},{"nodeType":1498,"data":6475,"content":6476},{},[6477],{"nodeType":1482,"value":6478,"marks":6479,"data":6480},"The campaigns documented in this post are not historical — they are ongoing, with new victims surfacing weekly and the underlying criminal infrastructure still actively developing. But the defensive strategy does not require anticipating which specific group, vector, or target sector comes next, because all three converge on the same control point: the browser, where the attack begins or the integration decision is made. Organizations with browser-layer detection and OAuth governance in place have defense-in-depth against the full range of techniques these groups employ, regardless of which specific vector any given campaign uses.",[],{},{"nodeType":1511,"data":6482,"content":6483},{},[],{"nodeType":1498,"data":6485,"content":6486},{},[6487],{"nodeType":1482,"value":6488,"marks":6489,"data":6490},"Push Security is the most powerful AI-native security tool in the browser. Think EDR, but for the browser — high-fidelity telemetry and real-time control across every session, on every device, with no browser migration required. ",[],{},{"nodeType":1498,"data":6492,"content":6493},{},[6494],{"nodeType":1482,"value":6495,"marks":6496,"data":6497},"Security teams use Push to detect and stop advanced browser-based attacks like AiTM phishing, ClickFix, and session hijacking; gain visibility and control over AI tool usage across their workforce; harden identities by surfacing credential reuse, SSO gaps, and shadow IT; and support data loss and insider investigations with browser-layer telemetry that other tools can't see.",[],{},{"nodeType":1498,"data":6499,"content":6500},{},[6501,6504,6512],{"nodeType":1482,"value":29,"marks":6502,"data":6503},[],{},{"nodeType":1493,"data":6505,"content":6507},{"uri":6506},"https://pushsecurity.com/demo/",[6508],{"nodeType":1482,"value":6509,"marks":6510,"data":6511},"Book a live demo to learn more.",[],{},{"nodeType":1482,"value":29,"marks":6513,"data":6514},[],{},{"nodeType":1511,"data":6516,"content":6517},{},[],{"nodeType":1521,"data":6519,"content":6520},{},[6521],{"nodeType":1482,"value":6522,"marks":6523,"data":6525},"Appendix: named ShinyHunters victims since May 2025",[6524],{"type":1519},{},{"nodeType":1498,"data":6527,"content":6528},{},[6529,6533,6540],{"nodeType":1482,"value":6530,"marks":6531,"data":6532},"To give an indication of the scale, the following table documents all publicly named victims attributed to ShinyHunters specifically since the Salesforce campaign began in May 2025. It is not exhaustive: ShinyHunters has claimed over 1,000 organizations in aggregate across its Salesforce campaigns alone, and many victims have not been publicly named. This list also doesn’t include the billion-plus records compromised in the 2024 Snowflake breaches. The major ransomware attacks executed against M&S, Co-op, and Jaguar Land Rover claimed by the ",[],{},{"nodeType":1493,"data":6534,"content":6535},{"uri":2344},[6536],{"nodeType":1482,"value":6537,"marks":6538,"data":6539},"Scattered Lapsus$ Hunters \"brand\"",[],{},{"nodeType":1482,"value":6541,"marks":6542,"data":6543}," also aren't listed below. ",[],{},{"nodeType":2601,"data":6545,"content":6546},{},[6547,6594,6651,6699,6747],{"nodeType":2605,"data":6548,"content":6549},{},[6550,6561,6572,6583],{"nodeType":2609,"data":6551,"content":6552},{},[6553],{"nodeType":1498,"data":6554,"content":6555},{},[6556],{"nodeType":1482,"value":6557,"marks":6558,"data":6560},"Campaign",[6559],{"type":1519},{},{"nodeType":2609,"data":6562,"content":6563},{},[6564],{"nodeType":1498,"data":6565,"content":6566},{},[6567],{"nodeType":1482,"value":6568,"marks":6569,"data":6571},"Began",[6570],{"type":1519},{},{"nodeType":2609,"data":6573,"content":6574},{},[6575],{"nodeType":1498,"data":6576,"content":6577},{},[6578],{"nodeType":1482,"value":6579,"marks":6580,"data":6582},"Named victims",[6581],{"type":1519},{},{"nodeType":2609,"data":6584,"content":6585},{},[6586],{"nodeType":1498,"data":6587,"content":6588},{},[6589],{"nodeType":1482,"value":6590,"marks":6591,"data":6593},"Confirmed impact",[6592],{"type":1519},{},{"nodeType":2605,"data":6595,"content":6596},{},[6597,6621,6631,6641],{"nodeType":2609,"data":6598,"content":6599},{},[6600],{"nodeType":1498,"data":6601,"content":6602},{},[6603,6608,6612,6617],{"nodeType":1482,"value":6604,"marks":6605,"data":6607},"ShinyHunters Salesforce Vishing",[6606],{"type":1519},{},{"nodeType":1482,"value":6609,"marks":6610,"data":6611}," (vishing + device code phishing → Salesforce connected app authorization) \n\n& ",[],{},{"nodeType":1482,"value":6613,"marks":6614,"data":6616},"Salesloft/Drift Supply Chain",[6615],{"type":1519},{},{"nodeType":1482,"value":6618,"marks":6619,"data":6620}," (stolen OAuth tokens → downstream Salesforce access)",[],{},{"nodeType":2609,"data":6622,"content":6623},{},[6624],{"nodeType":1498,"data":6625,"content":6626},{},[6627],{"nodeType":1482,"value":6628,"marks":6629,"data":6630},"May 2025",[],{},{"nodeType":2609,"data":6632,"content":6633},{},[6634],{"nodeType":1498,"data":6635,"content":6636},{},[6637],{"nodeType":1482,"value":6638,"marks":6639,"data":6640},"Coca-Cola Europacific Partners, Cisco, Qantas, LVMH, Adidas, Google, Chanel, Pandora, Allianz Life, Air France-KLM, Farmers Insurance, Workday, TransUnion, Stellantis, Kering, Odido, Hallmark, Salesloft (origin), Toast, Avalara, Fastly, Cato Networks, Cloudflare, Palo Alto Networks, Zscaler, Tenable, Elastic, JFrog, CyberArk, Rubrik, BeyondTrust, Proofpoint, Workiva, Mercer Advisors, Beacon Pointe, Ameriprise, Kemper, Udemy, 7-Eleven, Mytheresa, Marcus & Millichap, Carnival, Pitney Bowes, Alert 360, Amtrak, McGraw-Hill, Canada Life",[],{},{"nodeType":2609,"data":6642,"content":6643},{},[6644],{"nodeType":1498,"data":6645,"content":6646},{},[6647],{"nodeType":1482,"value":6648,"marks":6649,"data":6650},"48 named victims. Confirmed individual impact includes 23M+ records (Coca-Cola), 5.7M records (Qantas), 6.2M customers (Odido), 4.4M consumers (TransUnion), up to 18M records (Stellantis), 13.5M emails (McGraw-Hill), 8.2M emails (Pitney Bowes), 7.5M emails (Carnival). ShinyHunters claims 1.5B+ Salesforce records across 1,000+ organizations total.",[],{},{"nodeType":2605,"data":6652,"content":6653},{},[6654,6669,6679,6689],{"nodeType":2609,"data":6655,"content":6656},{},[6657],{"nodeType":1498,"data":6658,"content":6659},{},[6660,6665],{"nodeType":1482,"value":6661,"marks":6662,"data":6664},"Vishing + AiTM SSO",[6663],{"type":1519},{},{"nodeType":1482,"value":6666,"marks":6667,"data":6668}," (vishing → AiTM phishing page → SSO session capture → SaaS data exfiltration)",[],{},{"nodeType":2609,"data":6670,"content":6671},{},[6672],{"nodeType":1498,"data":6673,"content":6674},{},[6675],{"nodeType":1482,"value":6676,"marks":6677,"data":6678},"Aug 2025",[],{},{"nodeType":2609,"data":6680,"content":6681},{},[6682],{"nodeType":1498,"data":6683,"content":6684},{},[6685],{"nodeType":1482,"value":6686,"marks":6687,"data":6688},"SoundCloud, GrubHub, Panera Bread, Match Group, Crunchbase, Betterment, CarMax, Edmunds, CarGurus, Hims & Hers, University of Pennsylvania, Harvard University, Optimizely, TELUS Digital, Crunchyroll, ADT",[],{},{"nodeType":2609,"data":6690,"content":6691},{},[6692],{"nodeType":1498,"data":6693,"content":6694},{},[6695],{"nodeType":1482,"value":6696,"marks":6697,"data":6698},"16 named victims. Confirmed individual impact includes ~30M records (SoundCloud), ~14M records (Panera), 10M+ records (Match Group), ~20M records (Betterment), 5.5M people (ADT), 1M+ records (UPenn), ~1PB stolen from TELUS Digital ($65M ransom refused).",[],{},{"nodeType":2605,"data":6700,"content":6701},{},[6702,6717,6727,6737],{"nodeType":2609,"data":6703,"content":6704},{},[6705],{"nodeType":1498,"data":6706,"content":6707},{},[6708,6713],{"nodeType":1482,"value":6709,"marks":6710,"data":6712},"Anodot Supply Chain",[6711],{"type":1519},{},{"nodeType":1482,"value":6714,"marks":6715,"data":6716}," (stolen OAuth tokens → downstream Snowflake/BigQuery access)",[],{},{"nodeType":2609,"data":6718,"content":6719},{},[6720],{"nodeType":1498,"data":6721,"content":6722},{},[6723],{"nodeType":1482,"value":6724,"marks":6725,"data":6726},"Apr 2026",[],{},{"nodeType":2609,"data":6728,"content":6729},{},[6730],{"nodeType":1498,"data":6731,"content":6732},{},[6733],{"nodeType":1482,"value":6734,"marks":6735,"data":6736},"Anodot/Glassbox (origin), Rockstar Games, Vimeo, Zara/Inditex",[],{},{"nodeType":2609,"data":6738,"content":6739},{},[6740],{"nodeType":1498,"data":6741,"content":6742},{},[6743],{"nodeType":1482,"value":6744,"marks":6745,"data":6746},"4 named victims (12+ total claimed). 78.6M records (Rockstar Games), 197K individuals (Zara), 119K individuals (Vimeo).",[],{},{"nodeType":2605,"data":6748,"content":6749},{},[6750,6765,6774,6784],{"nodeType":2609,"data":6751,"content":6752},{},[6753],{"nodeType":1498,"data":6754,"content":6755},{},[6756,6761],{"nodeType":1482,"value":6757,"marks":6758,"data":6760},"Other SLH-attributed",[6759],{"type":1519},{},{"nodeType":1482,"value":6762,"marks":6763,"data":6764}," (misc. vectors including infostealer chains, CI/CD supply chain, SaaS platform compromise)",[],{},{"nodeType":2609,"data":6766,"content":6767},{},[6768],{"nodeType":1498,"data":6769,"content":6770},{},[6771],{"nodeType":1482,"value":6628,"marks":6772,"data":6773},[],{},{"nodeType":2609,"data":6775,"content":6776},{},[6777],{"nodeType":1498,"data":6778,"content":6779},{},[6780],{"nodeType":1482,"value":6781,"marks":6782,"data":6783},"UK Legal Aid Agency, Mixpanel, Wynn Resorts, Woflow, Vercel, European Commission, Mercor, Medtronic, Instructure",[],{},{"nodeType":2609,"data":6785,"content":6786},{},[6787],{"nodeType":1498,"data":6788,"content":6789},{},[6790],{"nodeType":1482,"value":6791,"marks":6792,"data":6793},"10 named victims across varied vectors. Notable: Vercel (Lumma Stealer → Context.ai OAuth app → Google Workspace), European Commission (poisoned Trivy GitHub Action → 340GB across 71 EU entities)",[],{},{"nodeType":1498,"data":6795,"content":6796},{},[6797],{"nodeType":1482,"value":29,"marks":6798,"data":6799},[],{},"The three attack techniques behind ShinyHunters' 2026 campaigns ","ShinyHunters' breach of Instructure is the latest in a long series of attacks. Here's our view of the big picture. ","analyzing-the-instructure-breach",{"items":6804},[6805,6807],{"sys":6806,"name":5062},{"id":5061},{"sys":6808,"name":5066},{"id":5065},{"items":6810},[6811],{"fullName":5930,"firstName":5931,"jobTitle":5932,"profilePicture":6812},{"url":5934},"7-things-we-learned-from-john-hammond","blog/7-things-we-learned-from-john-hammond",{"json":6816},{"data":6817,"content":6818,"nodeType":2060},{},[6819],{"data":6820,"content":6821,"nodeType":1498},{},[6822],{"data":6823,"marks":6824,"value":6825,"nodeType":1482},{},[],"Luke Jennings (Push VP of Research) and John Hammond (Senior Principal Security Researcher, Huntress) walked through the browser-based attack techniques defining the 2026 threat landscape.","Here are 7 things we learned from our conversation with John Hammond on the \"Why the browser is the new battleground\" webinar. ",{"id":6828,"publishedAt":6829},"6V12IJexyAkFFVIrbwlNPq","2026-05-19T14:06:00.055Z",{"items":6831},[6832,6834],{"sys":6833,"name":5062},{"id":5061},{"sys":6835,"name":6837},{"id":6836},"3pjES4THCIfSAwhGdNwBcy","Browser security","S_3D1uBOjtKgsWy8PjGV7IpJxr92lHRtD5ri0elrxdM",{"id":6840,"title":6841,"authorsCollection":6842,"content":6850,"extension":2073,"hashTags":62,"meta":7505,"metaTitle":7506,"ogImage":62,"publishedDate":2076,"relatedBlogPostsCollection":7507,"slug":10264,"stem":10265,"subtitle":62,"summary":10266,"synopsis":10276,"sys":10277,"tagsCollection":10280,"__hash__":10286},"blog/blog/the-case-for-best-of-breed-browser-security.json","Why \"good enough\" isn’t enough: the case for best-of-breed browser security",{"items":6843},[6844],{"fullName":6845,"firstName":6846,"jobTitle":6847,"profilePicture":6848},"Alex Henshall","Alex","Product Team",{"url":6849},"https://images.ctfassets.net/y1cdw1ablpvd/2rz3Pre3b1MexPIQ4hzPUe/0ef8a092b7e7df00fbce3f7d1ccb96d1/Alex_Henshall.jpeg",{"json":6851,"links":7447},{"nodeType":2060,"data":6852,"content":6853},{},[6854,6861,6889,6896,6899,6907,6914,6921,6928,6936,7002,7009,7017,7035,7042,7050,7057,7064,7083,7114,7121,7124,7132,7140,7159,7167,7187,7195,7202,7210,7217,7225,7232,7235,7243,7250,7261,7280,7288,7295,7301,7309,7348,7354,7362,7379,7387,7406,7409,7417,7424,7431],{"nodeType":1498,"data":6855,"content":6856},{},[6857],{"nodeType":1482,"value":6858,"marks":6859,"data":6860},"Three browser security companies have been acquired by major security platforms in five months. CrowdStrike acquired Seraphic Security in January 2026. Zscaler absorbed SquareX in February. In May, Akamai announced the acquisition of LayerX. Add Palo Alto Networks' earlier acquisition of Talon, and the browser security market has consolidated faster than almost any adjacent security category before it.",[],{},{"nodeType":1498,"data":6862,"content":6863},{},[6864,6868,6876,6879,6886],{"nodeType":1482,"value":6865,"marks":6866,"data":6867},"These acquisitions recognize that the browser is now where employees work, where AI runs, and where the most damaging attacks on organizations originate. It’s telling that browser security already accounts for",[],{},{"nodeType":1493,"data":6869,"content":6871},{"uri":6870},"https://pushsecurity.com/blog/7-things-omdias-latest-report-tells-us-about-the-secure-enterprise-browser-market/",[6872],{"nodeType":1482,"value":6873,"marks":6874,"data":6875}," 12.6% of the average security budget",[],{},{"nodeType":1482,"value":2011,"marks":6877,"data":6878},[],{},{"nodeType":1493,"data":6880,"content":6881},{"uri":6870},[6882],{"nodeType":1482,"value":6883,"marks":6884,"data":6885}," 85% of organizations expect to increase that spend over the next 12-24 months",[],{},{"nodeType":1482,"value":1576,"marks":6887,"data":6888},[],{},{"nodeType":1498,"data":6890,"content":6891},{},[6892],{"nodeType":1482,"value":6893,"marks":6894,"data":6895},"But for security buyers, consolidation creates a risk as much as an opportunity. The question isn't whether your existing platform vendor now offers browser security — it's whether what they're offering can actually protect you as the threat landscape evolves.",[],{},{"nodeType":1511,"data":6897,"content":6898},{},[],{"nodeType":1521,"data":6900,"content":6901},{},[6902],{"nodeType":1482,"value":6903,"marks":6904,"data":6906},"Why \"good enough\" isn't good enough in the browser",[6905],{"type":1519},{},{"nodeType":1498,"data":6908,"content":6909},{},[6910],{"nodeType":1482,"value":6911,"marks":6912,"data":6913},"The consolidation pitch is tempting. If you're already a CrowdStrike, Zscaler, or Palo Alto customer, adding browser security through an existing relationship means fewer vendors, fewer contracts, and a coherent narrative about platform consolidation that plays well internally. ",[],{},{"nodeType":1498,"data":6915,"content":6916},{},[6917],{"nodeType":1482,"value":6918,"marks":6919,"data":6920},"Security teams make these kinds of tradeoffs all the time — accepting that your SASE vendor's threat intelligence feed may not match a dedicated provider, or that your EDR vendor's vulnerability management module may not match a dedicated scanner — are reasonable decisions where the operational benefit of consolidation outweighs the capability difference.",[],{},{"nodeType":1498,"data":6922,"content":6923},{},[6924],{"nodeType":1482,"value":6925,"marks":6926,"data":6927},"But browser security is a category where the stakes are too high to accept a \"good enough\" solution. The majority of all reported breaches now originate in the browser and attacker tradecraft in this space is advancing at an unprecedented rate thanks to AI. These risks warrant the strongest form of defense. Here are three reasons that “good enough” solutions don't give you that:",[],{},{"nodeType":2449,"data":6929,"content":6930},{},[6931],{"nodeType":1482,"value":6932,"marks":6933,"data":6935},"1. Most platform browser solutions were built for the wrong problems",[6934],{"type":1519},{},{"nodeType":1498,"data":6937,"content":6938},{},[6939,6942,6951,6955,6963,6967,6975,6979,6987,6991,6998],{"nodeType":1482,"value":29,"marks":6940,"data":6941},[],{},{"nodeType":1493,"data":6943,"content":6945},{"uri":6944},"https://www.crowdstrike.com/en-us/resources/infographics/identity-security-risk-review/",[6946],{"nodeType":1482,"value":6947,"marks":6948,"data":6950},"CrowdStrike's own research",[6949],{"type":1491},{},{"nodeType":1482,"value":6952,"marks":6953,"data":6954}," puts identity involvement in 80% of all modern breaches. Identity weaknesses played a material role in",[],{},{"nodeType":1493,"data":6956,"content":6958},{"uri":6957},"https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report",[6959],{"nodeType":1482,"value":6960,"marks":6961,"data":6962}," almost 90% of Unit 42 incident response investigations",[],{},{"nodeType":1482,"value":6964,"marks":6965,"data":6966},". The breaches making headlines — 2024's",[],{},{"nodeType":1493,"data":6968,"content":6970},{"uri":6969},"https://pushsecurity.com/blog/snowflake-breach-from-a-browser-security-perspective/",[6971],{"nodeType":1482,"value":6972,"marks":6973,"data":6974}," mass Snowflake account compromises",[],{},{"nodeType":1482,"value":6976,"marks":6977,"data":6978},", 2025's wave of",[],{},{"nodeType":1493,"data":6980,"content":6982},{"uri":6981},"https://pushsecurity.com/blog/salesforce-device-code-phishing/",[6983],{"nodeType":1482,"value":6984,"marks":6985,"data":6986}," Salesforce-targeted attacks",[],{},{"nodeType":1482,"value":6988,"marks":6989,"data":6990},", and 2026's",[],{},{"nodeType":1493,"data":6992,"content":6993},{"uri":1946},[6994],{"nodeType":1482,"value":6995,"marks":6996,"data":6997}," continued spree of data theft and extortion",[],{},{"nodeType":1482,"value":6999,"marks":7000,"data":7001}," — all trace back to identity weaknesses exploited through the browser: credentials stuffed into login pages that lacked MFA, session tokens hijacked via AiTM phishing, OAuth consent abused to grant persistent access, and device code flows manipulated to bypass authentication entirely. ",[],{},{"nodeType":1498,"data":7003,"content":7004},{},[7005],{"nodeType":1482,"value":7006,"marks":7007,"data":7008},"Yet Seraphic was built for browser runtime exploit prevention, SquareX for file-based malware sandboxing, LayerX for access governance and AI usage policy. These are real use cases, but they're not the use cases behind headline breaches. If your browser security solution checks a box for \"phishing protection\" but can't detect the identity attack techniques that are actually being industrialized and deployed at scale, you have a gap — and the danger is that you don't know it's there.",[],{},{"nodeType":2449,"data":7010,"content":7011},{},[7012],{"nodeType":1482,"value":7013,"marks":7014,"data":7016},"2. Even solutions claiming the right capabilities often deliver them superficially",[7015],{"type":1519},{},{"nodeType":1498,"data":7018,"content":7019},{},[7020,7024,7032],{"nodeType":1482,"value":7021,"marks":7022,"data":7023},"Every browser security vendor claims phishing detection, ClickFix protection, and session security. What varies enormously is whether those capabilities work against real, live, never-before-seen attacker infrastructure — or only against known-bad indicators that attackers rotate in minutes. 95% of in-browser attacks detected by Push used bot protection to evade blocklists;",[],{},{"nodeType":1493,"data":7025,"content":7027},{"uri":7026},"https://pushsecurity.com/blog/zero-day-phishing-and-how-to-stop-it/",[7028],{"nodeType":1482,"value":7029,"marks":7030,"data":7031}," 89% of phishing domains are active for fewer than two days",[],{},{"nodeType":1482,"value":1645,"marks":7033,"data":7034},[],{},{"nodeType":1498,"data":7036,"content":7037},{},[7038],{"nodeType":1482,"value":7039,"marks":7040,"data":7041},"A solution that appears comprehensive in a demo or PoV may leave significant gaps when tested against adversaries who understand exactly how security tools work and actively engineer around them. ",[],{},{"nodeType":2449,"data":7043,"content":7044},{},[7045],{"nodeType":1482,"value":7046,"marks":7047,"data":7049},"3. AI is only going to widen the gap between \"good enough\" and what you need",[7048],{"type":1519},{},{"nodeType":1498,"data":7051,"content":7052},{},[7053],{"nodeType":1482,"value":7054,"marks":7055,"data":7056},"When a browser security product is acquired, engineering effort turns inwards towards integration with the parent platform, not advancing detection capability. ",[],{},{"nodeType":1498,"data":7058,"content":7059},{},[7060],{"nodeType":1482,"value":7061,"marks":7062,"data":7063},"That dynamic plays out differently for each acquisition, but in Seraphic's case it is expected to be particularly heightened. Seraphic works by injecting an agent into the browser's JavaScript runtime. This is the same approach antivirus vendors have used for years, with well-documented stability consequences. Stability is now a top priority for CrowdStrike, which means the Seraphic integration will proceed cautiously. For buyers, that translates directly into slower capability advancement, not faster.",[],{},{"nodeType":1498,"data":7065,"content":7066},{},[7067,7071,7079],{"nodeType":1482,"value":7068,"marks":7069,"data":7070},"But this is no time for engineering efforts to turn inward, as the threat landscape continues to evolve at an unprecedented rate. You only need to look at the rise of techniques like device code phishing, which have gone from ",[],{},{"nodeType":1493,"data":7072,"content":7073},{"uri":1555},[7074],{"nodeType":1482,"value":7075,"marks":7076,"data":7078},"research curiosity to industrialized exploitation",[7077],{"type":1491},{},{"nodeType":1482,"value":7080,"marks":7081,"data":7082}," in a matter of months — in large part enabled by AI-powered tools and AI-assisted development. Similarly, AI has compressed the time to generate a convincing phishing campaign from hours to minutes. ",[],{},{"nodeType":1498,"data":7084,"content":7085},{},[7086,7090,7097,7101,7110],{"nodeType":1482,"value":7087,"marks":7088,"data":7089},"But it's not only external threats:",[],{},{"nodeType":1493,"data":7091,"content":7092},{"uri":6870},[7093],{"nodeType":1482,"value":7094,"marks":7095,"data":7096}," 92% of organizations allow employees to use public GenAI applications",[],{},{"nodeType":1482,"value":7098,"marks":7099,"data":7100}," — every one of them with unsanctioned AI use occurring by design — employees are routinely entering sensitive data into unapproved AI tools, and ",[],{},{"nodeType":1493,"data":7102,"content":7104},{"uri":7103},"https://www.gartner.com/en/newsroom/press-releases/2025-08-26-gartner-predicts-40-percent-of-enterprise-apps-will-feature-task-specific-ai-agents-by-2026-up-from-less-than-5-percent-in-2025",[7105],{"nodeType":1482,"value":7106,"marks":7107,"data":7109},"Gartner predicts",[7108],{"type":1491},{},{"nodeType":1482,"value":7111,"marks":7112,"data":7113}," 40% of enterprise applications will feature AI agents by end of 2026, up from under 5% in 2025. ",[],{},{"nodeType":1498,"data":7115,"content":7116},{},[7117],{"nodeType":1482,"value":7118,"marks":7119,"data":7120},"The gap between an acquired product focused on integration and vendors whose single-minded focus is on stopping these emerging threats will continue to widen over time.",[],{},{"nodeType":1511,"data":7122,"content":7123},{},[],{"nodeType":1521,"data":7125,"content":7126},{},[7127],{"nodeType":1482,"value":7128,"marks":7129,"data":7131},"How to identify a genuinely best-of-breed solution",[7130],{"type":1519},{},{"nodeType":2449,"data":7133,"content":7134},{},[7135],{"nodeType":1482,"value":7136,"marks":7137,"data":7139},"Start from your own requirements",[7138],{"type":1519},{},{"nodeType":1498,"data":7141,"content":7142},{},[7143,7147,7155],{"nodeType":1482,"value":7144,"marks":7145,"data":7146},"Define the outcomes you need before speaking to any vendor. The",[],{},{"nodeType":1493,"data":7148,"content":7150},{"uri":7149},"https://pushsecurity.com/blog/the-top-10-security-problems-you-can-solve-in-the-browser-ranked-by-value/",[7151],{"nodeType":1482,"value":7152,"marks":7153,"data":7154}," highest-value browser security use cases",[],{},{"nodeType":1482,"value":7156,"marks":7157,"data":7158}," are account takeover prevention, advanced phishing detection, identity posture hardening, browser extension security, and shadow SaaS and OAuth governance.",[],{},{"nodeType":2449,"data":7160,"content":7161},{},[7162],{"nodeType":1482,"value":7163,"marks":7164,"data":7166},"Understand how it detects, not just what it claims",[7165],{"type":1519},{},{"nodeType":1498,"data":7168,"content":7169},{},[7170,7174,7183],{"nodeType":1482,"value":7171,"marks":7172,"data":7173},"Most solutions rely on IoCs — matching known-bad domains, URLs, and IPs against feeds that attackers rotate in minutes.  There’s a major shortcoming with this approach, though: attackers rotate infrastructure faster than any blocklist updates and use bot protection to stay off threat intelligence feeds, making every attack feel ",[],{},{"nodeType":1493,"data":7175,"content":7177},{"uri":7176},"https://pushsecurity.com/blog/why-most-phishing-attacks-feel-like-a-zero-day/",[7178],{"nodeType":1482,"value":7179,"marks":7180,"data":7182},"like a zero-day",[7181],{"type":1491},{},{"nodeType":1482,"value":7184,"marks":7185,"data":7186},". The only approach that reliably works is TTP-based behavioral detection. Ask every vendor: are you detecting a known-bad indicator or a behavioral technique?",[],{},{"nodeType":2449,"data":7188,"content":7189},{},[7190],{"nodeType":1482,"value":7191,"marks":7192,"data":7194},"Test against real attacker behavior",[7193],{"type":1519},{},{"nodeType":1498,"data":7196,"content":7197},{},[7198],{"nodeType":1482,"value":7199,"marks":7200,"data":7201},"Don't evaluate phishing detection with old phishing URLs. By the time you’re running these tests their IoCs will already be on block-lists (see point above). Instead, deploy realistic testing scenarios and look for demonstrable evidence of stopping real-world phishing kits — Evilginx, Tycoon2FA, Sneaky2FA, and so on. ",[],{},{"nodeType":2449,"data":7203,"content":7204},{},[7205],{"nodeType":1482,"value":7206,"marks":7207,"data":7209},"Assess innovation velocity",[7208],{"type":1519},{},{"nodeType":1498,"data":7211,"content":7212},{},[7213],{"nodeType":1482,"value":7214,"marks":7215,"data":7216},"Ask every vendor about their research output and feature release history over the past six months — are they discovering and publishing novel attack techniques, or covering what others already documented? Are new detections shipping continuously, or in quarterly cycles? For acquired products specifically, also ask how the roadmap has changed since acquisition. ",[],{},{"nodeType":2449,"data":7218,"content":7219},{},[7220],{"nodeType":1482,"value":7221,"marks":7222,"data":7224},"Consider operationalization, vendor focus, and lock-in",[7223],{"type":1519},{},{"nodeType":1498,"data":7226,"content":7227},{},[7228],{"nodeType":1482,"value":7229,"marks":7230,"data":7231},"Many solutions demo well but create significant overhead at scale. Consider whether you want another agent on endpoints, and whether you have the resources to tune granular policies without drowning in false positives. Your requirements might not carry the same weight with a platform vendor with tens of thousands of customers across multiple product lines, versus a dedicated vendor whose entire roadmap exists to solve your problem. And factor in lock-in: every capability consolidated into an existing platform vendor reduces your ability to change direction later.",[],{},{"nodeType":1511,"data":7233,"content":7234},{},[],{"nodeType":1521,"data":7236,"content":7237},{},[7238],{"nodeType":1482,"value":7239,"marks":7240,"data":7242},"Why Push is the best-of-breed browser security solution",[7241],{"type":1519},{},{"nodeType":1498,"data":7244,"content":7245},{},[7246],{"nodeType":1482,"value":7247,"marks":7248,"data":7249},"Think of Push as EDR, but for the browser — high-fidelity telemetry and real-time control across every session, on every device, with no browser migration required. Here’s why customers choose Push as a best-of-breed solution:",[],{},{"nodeType":2449,"data":7251,"content":7252},{},[7253,7258],{"nodeType":1482,"value":7254,"marks":7255,"data":7257},"Push is built for the security problems that actually cause breaches",[7256],{"type":1519},{},{"nodeType":1482,"value":2686,"marks":7259,"data":7260},[],{},{"nodeType":1498,"data":7262,"content":7263},{},[7264,7268,7276],{"nodeType":1482,"value":7265,"marks":7266,"data":7267},"The highest-value browser security problems — account takeover prevention, advanced phishing detection, identity posture hardening, browser extension security, shadow SaaS and OAuth governance — all require visibility inside the browser session. Push was built from the ground up for exactly that. The same foundational capability that detects AiTM phishing and ClickFix attacks also surfaces the exposure most security teams don't know they have: ",[],{},{"nodeType":1493,"data":7269,"content":7271},{"uri":7270},"https://pushsecurity.com/blog/how-many-vulnerable-identities-do-you-have/",[7272],{"nodeType":1482,"value":7273,"marks":7274,"data":7275},"across Push's customer base",[],{},{"nodeType":1482,"value":7277,"marks":7278,"data":7279},", 1 in 4 logins use passwords rather than SSO, 2 in 5 are unprotected by MFA, and 46.76% of browser extensions carry permissions sufficient to perform account takeover — none of it visible from the endpoint, network, or email layer.",[],{},{"nodeType":2449,"data":7281,"content":7282},{},[7283],{"nodeType":1482,"value":7284,"marks":7285,"data":7287},"Push detects high-fidelity attacker TTPs, not low-level IoCs",[7286],{"type":1519},{},{"nodeType":1498,"data":7289,"content":7290},{},[7291],{"nodeType":1482,"value":7292,"marks":7293,"data":7294},"Push's browser extension operates as a flight recorder inside the session, capturing every page load, credential submission, OAuth consent flow, and user action in real time. That telemetry surfaces attacker behavior — the page structure and script signatures of AiTM kits, the clipboard mechanics of ClickFix, the OAuth flow characteristics of ConsentFix — rather than infrastructure indicators that attackers rotate in minutes. This is how Push intercepts “zero-day” phishing using fresh infrastructure and domains every time, while most solutions are stuck playing known-bad whac-a-mole. ",[],{},{"nodeType":1507,"data":7296,"content":7300},{"target":7297},{"sys":7298},{"id":7299,"type":1504,"linkType":1505},"4ho5gOHl1loo9Jtv9nPoq1",[],{"nodeType":2449,"data":7302,"content":7303},{},[7304],{"nodeType":1482,"value":7305,"marks":7306,"data":7308},"Push’s research and agentic threat hunting keeps you ahead of attacker innovation",[7307],{"type":1519},{},{"nodeType":1498,"data":7310,"content":7311},{},[7312,7316,7322,7326,7332,7336,7344],{"nodeType":1482,"value":7313,"marks":7314,"data":7315},"Push named",[],{},{"nodeType":1493,"data":7317,"content":7318},{"uri":1840},[7319],{"nodeType":1482,"value":2007,"marks":7320,"data":7321},[],{},{"nodeType":1482,"value":7323,"marks":7324,"data":7325}," and",[],{},{"nodeType":1493,"data":7327,"content":7328},{"uri":1796},[7329],{"nodeType":1482,"value":5358,"marks":7330,"data":7331},[],{},{"nodeType":1482,"value":7333,"marks":7334,"data":7335}," before any other vendor detected either in production. That research feeds an",[],{},{"nodeType":1493,"data":7337,"content":7339},{"uri":7338},"https://pushsecurity.com/blog/can-ai-replace-a-threat-researcher-what-we-learned-building-an-agentic-threat-hunting-pipeline/",[7340],{"nodeType":1482,"value":7341,"marks":7342,"data":7343}," agentic detection pipeline",[],{},{"nodeType":1482,"value":7345,"marks":7346,"data":7347}," built on two learning loops — an inner loop for real-time detection of known techniques, and an outer loop where autonomous agents continuously hunt across 3 million deployed browsers for emerging threats, writing new detections and deploying them to customer environments in minutes. ",[],{},{"nodeType":1507,"data":7349,"content":7353},{"target":7350},{"sys":7351},{"id":7352,"type":1504,"linkType":1505},"17y3jchoPysKQTf2ra59Bv",[],{"nodeType":2449,"data":7355,"content":7356},{},[7357],{"nodeType":1482,"value":7358,"marks":7359,"data":7361},"Push solves more use cases than just stopping advanced attacks",[7360],{"type":1519},{},{"nodeType":1498,"data":7363,"content":7364},{},[7365,7369,7376],{"nodeType":1482,"value":7366,"marks":7367,"data":7368},"Push uses the same browser-layer visibility to surface every AI tool, agentic browser, extension, and OAuth integration in use across the organization — and enforce policy on what employees can do inside them in real time, including unsanctioned tools no other layer sees. The same technical capabilities provided by Push also harden the identity attack surface, prevent data loss, accelerate insider investigations, and let security teams write custom detections and policies for organization-specific risks. One extension, one deployment, ",[],{},{"nodeType":1493,"data":7370,"content":7371},{"uri":7149},[7372],{"nodeType":1482,"value":7373,"marks":7374,"data":7375},"multiple high-value use cases",[],{},{"nodeType":1482,"value":1576,"marks":7377,"data":7378},[],{},{"nodeType":2449,"data":7380,"content":7381},{},[7382],{"nodeType":1482,"value":7383,"marks":7384,"data":7386},"Push is built to be operationalized at scale, not just demoed",[7385],{"type":1519},{},{"nodeType":1498,"data":7388,"content":7389},{},[7390,7394,7402],{"nodeType":1482,"value":7391,"marks":7392,"data":7393},"Push deploys to",[],{},{"nodeType":1493,"data":7395,"content":7397},{"uri":7396},"https://pushsecurity.com/blog/push-deployed-to-100k-users-in-one-hour/",[7398],{"nodeType":1482,"value":7399,"marks":7400,"data":7401}," 100,000 users in under one hour on a normal workday",[],{},{"nodeType":1482,"value":7403,"marks":7404,"data":7405}," — no migration overhead or performance impact. The false positive rate is negligible, meaning no alert noise and no policy tuning overhead. And because Push is independent, it integrates into open ecosystems — feeding browser-layer telemetry into your SIEM, XDR, SOAR, and identity tools alongside the rest of your stack, without adding to your platform lock-in.",[],{},{"nodeType":1511,"data":7407,"content":7408},{},[],{"nodeType":1521,"data":7410,"content":7411},{},[7412],{"nodeType":1482,"value":7413,"marks":7414,"data":7416},"Final thoughts",[7415],{"type":1519},{},{"nodeType":1498,"data":7418,"content":7419},{},[7420],{"nodeType":1482,"value":7421,"marks":7422,"data":7423},"Three acquisitions in five months is a strong market signal, but a strong market signal about vendor interest in a category is not the same thing as a strong signal about capability. The attacker techniques and tooling behind breaches in 2026 are evolving faster than any acquired product with split engineering priorities can reasonably track. ",[],{},{"nodeType":1498,"data":7425,"content":7426},{},[7427],{"nodeType":1482,"value":7428,"marks":7429,"data":7430},"Security buyers who accept a bundled browser solution because it is included in an existing contract are making a procurement decision, not a security decision. The threats in the browser are serious and sophisticated enough to justify the investment in a tool built to stop them. If you agree, Push is worth a serious look.",[],{},{"nodeType":1498,"data":7432,"content":7433},{},[7434,7437,7444],{"nodeType":1482,"value":29,"marks":7435,"data":7436},[],{},{"nodeType":1493,"data":7438,"content":7439},{"uri":2043},[7440],{"nodeType":1482,"value":6509,"marks":7441,"data":7443},[7442],{"type":1491},{},{"nodeType":1482,"value":29,"marks":7445,"data":7446},[],{},{"entries":7448},{"hyperlink":7449,"inline":7450,"block":7451},[],[],[7452,7471],{"sys":7453,"__typename":7454,"content":7455,"name":7470,"title":62},{"id":7299},"InsightTextBlockComponent",{"json":7456},{"nodeType":2060,"data":7457,"content":7458},{},[7459],{"nodeType":1498,"data":7460,"content":7461},{},[7462,7467],{"nodeType":1482,"value":7463,"marks":7464,"data":7466},"In a 30-day POV at a ~4,500-employee financial services organization with a mature existing stack, Push detected 6 ClickFix attacks and 10 AiTM phishing attempts that were invisible to every other tool in place",[7465],{"type":1519},{},{"nodeType":1482,"value":1576,"marks":7468,"data":7469},[],{},"Best of breed blog IB1",{"sys":7472,"__typename":7454,"content":7473,"name":7504,"title":62},{"id":7352},{"json":7474},{"nodeType":2060,"data":7475,"content":7476},{},[7477],{"nodeType":1498,"data":7478,"content":7479},{},[7480,7484,7491,7495,7500],{"nodeType":1482,"value":7481,"marks":7482,"data":7483},"Our ",[],{},{"nodeType":1493,"data":7485,"content":7486},{"uri":7338},[7487],{"nodeType":1482,"value":7488,"marks":7489,"data":7490},"agentic threat hunting pipeline",[],{},{"nodeType":1482,"value":7492,"marks":7493,"data":7494}," has ",[],{},{"nodeType":1482,"value":7496,"marks":7497,"data":7499},"tripled the new detections shipped per month",[7498],{"type":1519},{},{"nodeType":1482,"value":7501,"marks":7502,"data":7503}," — and as a dedicated browser security vendor, that's where every research dollar goes. When attackers are harnessing AI to develop tooling, deploy and tear-down infrastructure, and operate campaigns at scale, this capability is essential to stay ahead of the increased volume and variation in threats that users are encountering in the browser. ",[],{},"Best of breed blog IB2",{},"The case for best-of-breed browser security",{"items":7508},[7509,8296,9017],{"__typename":2080,"sys":7510,"content":7512,"title":8280,"synopsis":8281,"hashTags":62,"publishedDate":8282,"slug":8283,"tagsCollection":8284,"authorsCollection":8292},{"id":7511},"2V130uMePtxAaefYQAKInb",{"json":7513},{"data":7514,"content":7515,"nodeType":2060},{},[7516,7522,7529,7536,7543,7546,7554,7561,7573,7585,7590,7597,7600,7608,7615,7621,7628,7635,7744,7751,7754,7762,7769,7832,7848,7854,7861,7864,7872,7879,7887,7894,7901,7932,7939,7947,7954,7961,7968,7976,7983,7990,7997,8000,8008,8020,8027,8034,8042,8049,8056,8064,8071,8134,8150,8169,8177,8184,8192,8199,8206,8213,8219,8227,8234,8241,8247,8254,8261,8268,8274],{"data":7517,"content":7521,"nodeType":1507},{"target":7518},{"sys":7519},{"id":7520,"type":1504,"linkType":1505},"5CPZ96xixlhgh6oqQ2rfmO",[],{"data":7523,"content":7524,"nodeType":1498},{},[7525],{"data":7526,"marks":7527,"value":7528,"nodeType":1482},{},[],"When a security team evaluates browser security solutions, they're usually asking the right question: “How do we protect our users as they work in the browser?”",{"data":7530,"content":7531,"nodeType":1498},{},[7532],{"data":7533,"marks":7534,"value":7535,"nodeType":1482},{},[],"But the answer they get from many vendors is shaped by a fundamentally different threat model — one that treats the browser as a piece of software to be hardened against exploitation, rather than as the arena where your users’ identities get stolen.",{"data":7537,"content":7538,"nodeType":1498},{},[7539],{"data":7540,"marks":7541,"value":7542,"nodeType":1482},{},[],"This distinction has enormous consequences for your security posture and the return you can expect from your investment in a new solution.",{"data":7544,"content":7545,"nodeType":1511},{},[],{"data":7547,"content":7548,"nodeType":1521},{},[7549],{"data":7550,"marks":7551,"value":7553,"nodeType":1482},{},[7552],{"type":1519},"Two different problems, dressed the same",{"data":7555,"content":7556,"nodeType":1498},{},[7557],{"data":7558,"marks":7559,"value":7560,"nodeType":1482},{},[],"When it comes to protecting users as they work in the browser, security tools typically fall into one of two camps:",{"data":7562,"content":7563,"nodeType":1498},{},[7564,7569],{"data":7565,"marks":7566,"value":7568,"nodeType":1482},{},[7567],{"type":1519},"The first camp:",{"data":7570,"marks":7571,"value":7572,"nodeType":1482},{},[]," represented by solutions like Seraphic (now CrowdStrike) — is built around the threat of attacking the browser itself. The architecture is designed to scramble the browser’s JavaScript runtime and prevent exploits from detonating and breaking out of the browser sandbox. This is browser hardening: defending the browser as software against exploitation by attackers who want to compromise the underlying device.",{"data":7574,"content":7575,"nodeType":1498},{},[7576,7581],{"data":7577,"marks":7578,"value":7580,"nodeType":1482},{},[7579],{"type":1519},"The second camp:",{"data":7582,"marks":7583,"value":7584,"nodeType":1482},{},[]," and the one Push Security occupies uniquely, focuses on what happens inside the browser when a user is working normally. Phishing pages harvesting credentials. Session tokens being stolen. Malicious OAuth applications being granted access through social engineering. Adversary-in-the-middle proxies intercepting authentication flows. These attacks don't exploit the browser. They exploit the human — and now agents — using it via the browser's legitimate capabilities (think of it as LOTL, browser edition).",{"data":7586,"content":7589,"nodeType":1507},{"target":7587},{"sys":7588},{"id":5227,"type":1504,"linkType":1505},[],{"data":7591,"content":7592,"nodeType":1498},{},[7593],{"data":7594,"marks":7595,"value":7596,"nodeType":1482},{},[],"The question for any security team evaluating this space: which of these threat models presents the greatest risks to my organization?",{"data":7598,"content":7599,"nodeType":1511},{},[],{"data":7601,"content":7602,"nodeType":1521},{},[7603],{"data":7604,"marks":7605,"value":7607,"nodeType":1482},{},[7606],{"type":1519},"How organizations are actually being breached",{"data":7609,"content":7610,"nodeType":1498},{},[7611],{"data":7612,"marks":7613,"value":7614,"nodeType":1482},{},[],"Let's look at the major breach campaigns of the last three years without the marketing filter and a pattern emerges immediately. Scattered Spider and its successors breached MGM Resorts, Caesars, M&S, JLR, and Salesforce customers — not through browser exploits, but through social engineering, phishing and Adversary-in-the-Middle attacks that stole session tokens and SSO credentials. ",{"data":7616,"content":7620,"nodeType":1507},{"target":7617},{"sys":7618},{"id":7619,"type":1504,"linkType":1505},"2qIMTiyyIsQFAyGJ9Ikyej",[],{"data":7622,"content":7623,"nodeType":1498},{},[7624],{"data":7625,"marks":7626,"value":7627,"nodeType":1482},{},[],"In every case, the attack happened in the browser — using stolen identities to log into legitimate cloud services — not on the browser through exploitation of the browser engine itself.",{"data":7629,"content":7630,"nodeType":1498},{},[7631],{"data":7632,"marks":7633,"value":7634,"nodeType":1482},{},[],"The data from major threat intelligence sources is unambiguous:",{"data":7636,"content":7637,"nodeType":2295},{},[7638,7657,7676,7695,7714,7729],{"data":7639,"content":7640,"nodeType":2299},{},[7641],{"data":7642,"content":7643,"nodeType":1498},{},[7644,7648,7653],{"data":7645,"marks":7646,"value":7647,"nodeType":1482},{},[],"Identity weaknesses played a material role in ",{"data":7649,"marks":7650,"value":7652,"nodeType":1482},{},[7651],{"type":1519},"almost 90% of Unit 42 incident response investigations",{"data":7654,"marks":7655,"value":7656,"nodeType":1482},{},[]," (Palo Alto Networks Unit 42 IR Report)",{"data":7658,"content":7659,"nodeType":2299},{},[7660],{"data":7661,"content":7662,"nodeType":1498},{},[7663,7667,7672],{"data":7664,"marks":7665,"value":7666,"nodeType":1482},{},[],"Credential abuse and phishing combined accounted for ",{"data":7668,"marks":7669,"value":7671,"nodeType":1482},{},[7670],{"type":1519},"38% of all breaches",{"data":7673,"marks":7674,"value":7675,"nodeType":1482},{},[],", making identity the single largest breach vector (Verizon DBIR 2025)",{"data":7677,"content":7678,"nodeType":2299},{},[7679],{"data":7680,"content":7681,"nodeType":1498},{},[7682,7686,7691],{"data":7683,"marks":7684,"value":7685,"nodeType":1482},{},[],"Cloud-conscious intrusions — attackers using stolen identities to access cloud services — rose ",{"data":7687,"marks":7688,"value":7690,"nodeType":1482},{},[7689],{"type":1519},"37% in 2025",{"data":7692,"marks":7693,"value":7694,"nodeType":1482},{},[],", up 266% among state-nexus actors (CrowdStrike 2026 Global Threat Report)",{"data":7696,"content":7697,"nodeType":2299},{},[7698],{"data":7699,"content":7700,"nodeType":1498},{},[7701,7705,7710],{"data":7702,"marks":7703,"value":7704,"nodeType":1482},{},[],"In cloud-related incidents, identity issues drove initial access in ",{"data":7706,"marks":7707,"value":7709,"nodeType":1482},{},[7708],{"type":1519},"83% of cases",{"data":7711,"marks":7712,"value":7713,"nodeType":1482},{},[]," (Mandiant / Google Cloud Threat Horizons H1 2026)",{"data":7715,"content":7716,"nodeType":2299},{},[7717],{"data":7718,"content":7719,"nodeType":1498},{},[7720,7725],{"data":7721,"marks":7722,"value":7724,"nodeType":1482},{},[7723],{"type":1519},"82% of attack detections are now malware-free",{"data":7726,"marks":7727,"value":7728,"nodeType":1482},{},[]," — they don't touch the endpoint and abuse legitimate access and functionality (CrowdStrike 2026 Global Threat Report)",{"data":7730,"content":7731,"nodeType":2299},{},[7732],{"data":7733,"content":7734,"nodeType":1498},{},[7735,7740],{"data":7736,"marks":7737,"value":7739,"nodeType":1482},{},[7738],{"type":1519},"49% of organizations",{"data":7741,"marks":7742,"value":7743,"nodeType":1482},{},[]," suffered a successful browser-based attack in the last 12 months (Omdia 2026)",{"data":7745,"content":7746,"nodeType":1498},{},[7747],{"data":7748,"marks":7749,"value":7750,"nodeType":1482},{},[],"These aren't edge cases. This is now the primary attack playbook.",{"data":7752,"content":7753,"nodeType":1511},{},[],{"data":7755,"content":7756,"nodeType":2449},{},[7757],{"data":7758,"marks":7759,"value":7761,"nodeType":1482},{},[7760],{"type":1519},"The economics of attack choice",{"data":7763,"content":7764,"nodeType":1498},{},[7765],{"data":7766,"marks":7767,"value":7768,"nodeType":1482},{},[],"Attackers are rational actors. They pick the cheapest, most reliable path to their objective. The economics of browser exploitation versus identity theft tell the whole story:",{"data":7770,"content":7771,"nodeType":2295},{},[7772,7787,7802,7817],{"data":7773,"content":7774,"nodeType":2299},{},[7775],{"data":7776,"content":7777,"nodeType":1498},{},[7778,7782],{"data":7779,"marks":7780,"value":7781,"nodeType":1482},{},[],"Chrome sandbox RCE exploit (bug bounty value): ",{"data":7783,"marks":7784,"value":7786,"nodeType":1482},{},[7785],{"type":1519},"$250,000",{"data":7788,"content":7789,"nodeType":2299},{},[7790],{"data":7791,"content":7792,"nodeType":1498},{},[7793,7797],{"data":7794,"marks":7795,"value":7796,"nodeType":1482},{},[],"IAB-provided IdP admin account: ",{"data":7798,"marks":7799,"value":7801,"nodeType":1482},{},[7800],{"type":1519},"~$3,000",{"data":7803,"content":7804,"nodeType":2299},{},[7805],{"data":7806,"content":7807,"nodeType":1498},{},[7808,7812],{"data":7809,"marks":7810,"value":7811,"nodeType":1482},{},[],"1-year phishing kit rental (PhaaS): ",{"data":7813,"marks":7814,"value":7816,"nodeType":1482},{},[7815],{"type":1519},"~$1,000",{"data":7818,"content":7819,"nodeType":2299},{},[7820],{"data":7821,"content":7822,"nodeType":1498},{},[7823,7827],{"data":7824,"marks":7825,"value":7826,"nodeType":1482},{},[],"Bulk stolen credential list: ",{"data":7828,"marks":7829,"value":7831,"nodeType":1482},{},[7830],{"type":1519},"~$15",{"data":7833,"content":7834,"nodeType":1498},{},[7835,7839,7844],{"data":7836,"marks":7837,"value":7838,"nodeType":1482},{},[],"Browser zero-days accounted for just ",{"data":7840,"marks":7841,"value":7843,"nodeType":1482},{},[7842],{"type":1519},"9% of all zero-days reported to Google in 2025",{"data":7845,"marks":7846,"value":7847,"nodeType":1482},{},[]," — described by Google's own researchers as a \"historic low.\" Chrome's sandbox architecture, site isolation, and hardware-backed security features are the result of years of sustained hardening investment. When a browser vulnerability is discovered, Google typically deploys a patch within days.",{"data":7849,"content":7853,"nodeType":1507},{"target":7850},{"sys":7851},{"id":7852,"type":1504,"linkType":1505},"5XWKHTT5J06yWcgZIOL95t",[],{"data":7855,"content":7856,"nodeType":1498},{},[7857],{"data":7858,"marks":7859,"value":7860,"nodeType":1482},{},[],"The bottom line: browser exploits are extraordinarily expensive to develop, increasingly difficult to execute reliably against a hardened modern browser, and patched rapidly when discovered. In sharp contrast, identity attacks are cheap to run, highly scalable, and have a low technical barrier to adoption — that’s why they’re responsible for the overwhelming majority of enterprise breaches. Attackers have voted with their resources.",{"data":7862,"content":7863,"nodeType":1511},{},[],{"data":7865,"content":7866,"nodeType":1521},{},[7867],{"data":7868,"marks":7869,"value":7871,"nodeType":1482},{},[7870],{"type":1519},"What you're actually buying with each vendor",{"data":7873,"content":7874,"nodeType":1498},{},[7875],{"data":7876,"marks":7877,"value":7878,"nodeType":1482},{},[],"Understanding the core architectural choice each vendor has made helps decode what their solution can and cannot protect you from.",{"data":7880,"content":7881,"nodeType":2449},{},[7882],{"data":7883,"marks":7884,"value":7886,"nodeType":1482},{},[7885],{"type":1519},"Seraphic (CrowdStrike)",{"data":7888,"content":7889,"nodeType":1498},{},[7890],{"data":7891,"marks":7892,"value":7893,"nodeType":1482},{},[],"Seraphic's architecture is built to inject into the browser's JavaScript runtime at the OS layer, scrambling browser internals to prevent exploits from executing. This is a technically sophisticated approach to a technically interesting problem that is, by every threat intelligence measure, not the problem causing enterprise breaches at scale.",{"data":7895,"content":7896,"nodeType":1498},{},[7897],{"data":7898,"marks":7899,"value":7900,"nodeType":1482},{},[],"Beyond the threat model mismatch, there are structural concerns with the approach itself. Injecting an agent into the browser's JS runtime is a technique with well-documented stability consequences. This is the same approach antivirus vendors have used for years, often at the cost of system stability. Seraphic now runs alongside the CrowdStrike Falcon sensor on managed devices, combining two heavyweight agents on the same machine. For any organization with CrowdStrike already deployed, the question isn't theoretical: how has that combination been validated in production environments?",{"data":7902,"content":7903,"nodeType":1498},{},[7904,7908,7915,7919,7928],{"data":7905,"marks":7906,"value":7907,"nodeType":1482},{},[],"There's also the managed-device limitation. Seraphic requires a kernel-level agent, which means it loses meaningful capability on unmanaged devices, BYOD machines, and contractor endpoints. This is not a niche concern: according to ",{"data":7909,"content":7910,"nodeType":1493},{"uri":6870},[7911],{"data":7912,"marks":7913,"value":7914,"nodeType":1482},{},[],"Omdia's 2026 browser security survey",{"data":7916,"marks":7917,"value":7918,"nodeType":1482},{},[],", 32% of users access corporate applications from unmanaged devices at least occasionally. Agent-based solutions are blind to nearly a third of your actual attack surface by design. The Okta breach began on a support engineer's personal device, where ",{"data":7920,"content":7922,"nodeType":1493},{"uri":7921},"https://pushsecurity.com/blog/browser-sync-attacks-where-personal-account-hacks-lead-to-corporate-breaches/",[7923],{"data":7924,"marks":7925,"value":7927,"nodeType":1482},{},[7926],{"type":1491},"corporate credentials had synced",{"data":7929,"marks":7930,"value":7931,"nodeType":1482},{},[]," via Chrome's built-in profile sync. No agent, no visibility.",{"data":7933,"content":7934,"nodeType":1498},{},[7935],{"data":7936,"marks":7937,"value":7938,"nodeType":1482},{},[],"Teams evaluating Seraphic today are also buying into an integration roadmap, not a shipped capability. The acquisition by CrowdStrike closed in early 2026. The work of wiring browser telemetry into Falcon Fusion and correlating it with endpoint signals is currently a promise, not a production feature.",{"data":7940,"content":7941,"nodeType":2449},{},[7942],{"data":7943,"marks":7944,"value":7946,"nodeType":1482},{},[7945],{"type":1519},"SquareX (Zscaler)",{"data":7948,"content":7949,"nodeType":1498},{},[7950],{"data":7951,"marks":7952,"value":7953,"nodeType":1482},{},[],"SquareX's core capability is sandboxing suspicious file downloads inside disposable browser containers before they reach the endpoint. This is a legitimate approach to a real but declining problem. 82% of attack detections are now malware-free (CrowdStrike 2026 Global Threat Report) — attacks don't arrive as files to be sandboxed, they arrive as authenticated sessions. And the delivery channel shift makes the picture even starker: across Push's customer base, 1 in 3 phishing payloads are now delivered outside of email entirely — via social media, ads, and messaging platforms — and 4 in 5 ClickFix payloads arrive through search engines, not email. The threat that SquareX was architecturally designed to address is a shrinking share of the actual attack surface, and it's shrinking fast.",{"data":7955,"content":7956,"nodeType":1498},{},[7957],{"data":7958,"marks":7959,"value":7960,"nodeType":1482},{},[],"Zscaler already has sandboxing built into ZIA. For an existing Zscaler customer evaluating SquareX, the honest question is: what does this add beyond some extension analysis capability and what you already have? The AiTM phishing campaign that stole your user's credentials and accessed your cloud applications generates no malicious file, triggers no sandbox, and produces no network signal for Zscaler's traffic inspection to catch — because it happened entirely inside a browser session using legitimate authentication flows.",{"data":7962,"content":7963,"nodeType":1498},{},[7964],{"data":7965,"marks":7966,"value":7967,"nodeType":1482},{},[],"The acquisition also raises product focus questions. Being absorbed into a network-centric platform means SquareX is now optimized for Zscaler's priorities, not for standalone browser detection and response. Teams that care about investigation, threat hunting, and incident response should ask specifically what SquareX adds in those workflows under Zscaler ownership.",{"data":7969,"content":7970,"nodeType":2449},{},[7971],{"data":7972,"marks":7973,"value":7975,"nodeType":1482},{},[7974],{"type":1519},"LayerX",{"data":7977,"content":7978,"nodeType":1498},{},[7979],{"data":7980,"marks":7981,"value":7982,"nodeType":1482},{},[],"LayerX is primarily a policy enforcement and risk scoring platform focused on internal governance — controlling which applications employees access, what data moves through the browser, and whether behavior complies with internal rules.",{"data":7984,"content":7985,"nodeType":1498},{},[7986],{"data":7987,"marks":7988,"value":7989,"nodeType":1482},{},[],"Push Security covers that ground too. Push provides full visibility over AI tool usage, shadow SaaS, unmanaged identities, and data loss vectors — including sensitive data submitted through AI prompts, file uploads to personal cloud destinations, and OAuth grants to third-party applications. The same browser telemetry that detects external attacks also surfaces insider risks and powers DLP controls and compliance audit evidence, all from a single extension.",{"data":7991,"content":7992,"nodeType":1498},{},[7993],{"data":7994,"marks":7995,"value":7996,"nodeType":1482},{},[],"The critical difference is that Push goes significantly further. Where LayerX scores risk and enforces policy, Push detects active external attack techniques in real time: AiTM phishing kits as they execute, session tokens being stolen, ClickFix lures through behavioral analysis of page structure. These are the attacks causing the most damaging breaches today, and they don't surface on a risk score until after the damage is done. Push addresses both the governance problem and the external threat problem from the same platform. LayerX addresses only the first.",{"data":7998,"content":7999,"nodeType":1511},{},[],{"data":8001,"content":8002,"nodeType":1521},{},[8003],{"data":8004,"marks":8005,"value":8007,"nodeType":1482},{},[8006],{"type":1519},"Securing the organization via the browser: Push Security",{"data":8009,"content":8010,"nodeType":1498},{},[8011,8016],{"data":8012,"marks":8013,"value":8015,"nodeType":1482},{},[8014],{"type":1519},"Push Security is built on a different architectural premise:",{"data":8017,"marks":8018,"value":8019,"nodeType":1482},{},[]," the browser is not primarily a piece of software to harden against exploitation. It is the primary workplace, the primary SaaS access point, and the arena where the majority of modern identity attacks play out. The goal is to secure the organization via the browser — not just to secure the browser itself.",{"data":8021,"content":8022,"nodeType":1498},{},[8023],{"data":8024,"marks":8025,"value":8026,"nodeType":1482},{},[],"This means Push's detection surface is built around the attacks that are actually causing breaches: adversary-in-the-middle phishing, ClickFix and its many variants, credential stuffing against shadow identities, session token theft and replay, OAuth consent abuse, and the full spectrum of identity-based initial access techniques that dominate the modern threat landscape.",{"data":8028,"content":8029,"nodeType":1498},{},[8030],{"data":8031,"marks":8032,"value":8033,"nodeType":1482},{},[],"The deployment model reflects the threat model. Push deploys as a lightweight browser extension — no kernel-level agent, no device dependency, no migration to a new browser. It works on managed and unmanaged devices, across every traditional, enterprise and AI browser where employees are doing work and attackers are targeting them. The operational overhead is minimal by design: Push has been deployed to 100,000 users in under one hour during normal business hours.",{"data":8035,"content":8036,"nodeType":2449},{},[8037],{"data":8038,"marks":8039,"value":8041,"nodeType":1482},{},[8040],{"type":1519},"Detection philosophy: targeting what attackers can't change",{"data":8043,"content":8044,"nodeType":1498},{},[8045],{"data":8046,"marks":8047,"value":8048,"nodeType":1482},{},[],"Push's detection approach targets attacker TTPs rather than indicators of compromise that attackers can rotate in minutes. 95% of attacks detected by Push used some form of bot protection service — meaning the specific domain and IP were deliberately obscured. If your primary detection relies on blocklists, recent reports tell us that 89% of phishing domains will evade you: because they're active for less than two days, they can be spun up, down, and replaced faster than blocklists can keep up.",{"data":8050,"content":8051,"nodeType":1498},{},[8052],{"data":8053,"marks":8054,"value":8055,"nodeType":1482},{},[],"Behavioral detection of the attack technique — the AiTM relay structure, the credential entry on a cloned login page, the anomalous session context — remains valid regardless of what domain the attack is hosted on or which PhaaS kit was used to build it.",{"data":8057,"content":8058,"nodeType":2449},{},[8059],{"data":8060,"marks":8061,"value":8063,"nodeType":1482},{},[8062],{"type":1519},"Measuring the identity attack surface (it's bigger than you realize)",{"data":8065,"content":8066,"nodeType":1498},{},[8067],{"data":8068,"marks":8069,"value":8070,"nodeType":1482},{},[],"Because Push has visibility into actual login behavior across thousands of organizations, it can quantify the attack surface that identity-based attacks exploit. Of the last million logins observed by Push:",{"data":8072,"content":8073,"nodeType":2295},{},[8074,8089,8104,8119],{"data":8075,"content":8076,"nodeType":2299},{},[8077],{"data":8078,"content":8079,"nodeType":1498},{},[8080,8085],{"data":8081,"marks":8082,"value":8084,"nodeType":1482},{},[8083],{"type":1519},"15 corporate identities were identified per employee",{"data":8086,"marks":8087,"value":8088,"nodeType":1482},{},[]," used to access cloud apps",{"data":8090,"content":8091,"nodeType":2299},{},[8092],{"data":8093,"content":8094,"nodeType":1498},{},[8095,8100],{"data":8096,"marks":8097,"value":8099,"nodeType":1482},{},[8098],{"type":1519},"1 in 4",{"data":8101,"marks":8102,"value":8103,"nodeType":1482},{},[]," were password logins, not SSO",{"data":8105,"content":8106,"nodeType":2299},{},[8107],{"data":8108,"content":8109,"nodeType":1498},{},[8110,8115],{"data":8111,"marks":8112,"value":8114,"nodeType":1482},{},[8113],{"type":1519},"2 in 5",{"data":8116,"marks":8117,"value":8118,"nodeType":1482},{},[]," were not protected by MFA",{"data":8120,"content":8121,"nodeType":2299},{},[8122],{"data":8123,"content":8124,"nodeType":1498},{},[8125,8130],{"data":8126,"marks":8127,"value":8129,"nodeType":1482},{},[8128],{"type":1519},"1 in 5",{"data":8131,"marks":8132,"value":8133,"nodeType":1482},{},[]," used a weak, breached, or reused password",{"data":8135,"content":8136,"nodeType":1498},{},[8137,8141,8146],{"data":8138,"marks":8139,"value":8140,"nodeType":1482},{},[],"And it's not just login hygiene. Across Push's customer base, ",{"data":8142,"marks":8143,"value":8145,"nodeType":1482},{},[8144],{"type":1519},"46%+ of browser extensions in corporate environments have the permission combinations required for direct account takeover via session theft if they are malicious or compromised by an attacker",{"data":8147,"marks":8148,"value":8149,"nodeType":1482},{},[],". Most organizations have no inventory of what's running in their employees' browsers, let alone visibility into what those extensions can access.",{"data":8151,"content":8152,"nodeType":1498},{},[8153,8157,8165],{"data":8154,"marks":8155,"value":8156,"nodeType":1482},{},[],"These aren't theoretical vulnerabilities. They're the specific weaknesses that browser-native identity attacks are designed to exploit. ",{"data":8158,"content":8160,"nodeType":1493},{"uri":8159},"https://pushsecurity.com/blog/the-cisos-data-problem-and-how-browser-telemetry-can-help/",[8161],{"data":8162,"marks":8163,"value":8164,"nodeType":1482},{},[],"This visibility turns browser security from a reactive posture into a proactive one",{"data":8166,"marks":8167,"value":8168,"nodeType":1482},{},[]," — you can see and remediate the identity weaknesses before an attacker exploits them, not just detect the attack while it's in progress.",{"data":8170,"content":8171,"nodeType":2449},{},[8172],{"data":8173,"marks":8174,"value":8176,"nodeType":1482},{},[8175],{"type":1519},"The ROI case",{"data":8178,"content":8179,"nodeType":1498},{},[8180],{"data":8181,"marks":8182,"value":8183,"nodeType":1482},{},[],"The ROI question for any security investment is: what quantum of real risk does this tool address, at what cost in money and operational friction?",{"data":8185,"content":8186,"nodeType":1498},{},[8187],{"data":8188,"marks":8189,"value":8191,"nodeType":1482},{},[8190],{"type":1519},"That calculation looks very different depending on your threat model.",{"data":8193,"content":8194,"nodeType":1498},{},[8195],{"data":8196,"marks":8197,"value":8198,"nodeType":1482},{},[],"A solution focused on browser engine exploits and sandbox escapes is defending against an attack category that represents a tiny fraction of actual enterprise breaches, requires extraordinary attacker resources to execute, and is increasingly mitigated by browser vendors themselves through hardening and rapid patching. Chrome's automatic update cycle means that even when a browser vulnerability is discovered and disclosed, it is typically in front of users as a patch within days. The defenders here are Google, Mozilla, and Microsoft — with multi-billion dollar security teams and full access to the browser internals.",{"data":8200,"content":8201,"nodeType":1498},{},[8202],{"data":8203,"marks":8204,"value":8205,"nodeType":1482},{},[],"A solution focused on identity attacks via the browser — phishing, credential theft, session hijacking, OAuth abuse, malicious browser extensions — is defending against the primary cause of enterprise breaches, one that is accelerating (cloud-conscious intrusions up 37% in 2025, browser-based attacks increasing at 68% of organizations over the past two years per Omdia) and increasingly automated through PhaaS infrastructure that gives low-skill attackers enterprise-grade capability for $1,000 a year.",{"data":8207,"content":8208,"nodeType":1498},{},[8209],{"data":8210,"marks":8211,"value":8212,"nodeType":1482},{},[],"There's also a forward-looking dimension. The threat landscape isn't moving toward more browser exploitation. It's moving further into identity abuse. AI-powered phishing lowers the social engineering barrier. Agentic browsers will automate credential stuffing and account takeover at a scale that wasn't previously possible. And attackers are already adapting to authentication improvements: device code phishing has increased 37x since the start of 2026, a technique specifically designed to circumvent passkeys by bypassing the authentication flow entirely — the attacker never encounters a login page. The investment in identity-centric browser detection compounds over time as the attack surface evolves in the same direction.",{"data":8214,"content":8218,"nodeType":1507},{"target":8215},{"sys":8216},{"id":8217,"type":1504,"linkType":1505},"cQ6WPV2NMYvDMZXifqzK1",[],{"data":8220,"content":8221,"nodeType":2449},{},[8222],{"data":8223,"marks":8224,"value":8226,"nodeType":1482},{},[8225],{"type":1519},"The verdict",{"data":8228,"content":8229,"nodeType":1498},{},[8230],{"data":8231,"marks":8232,"value":8233,"nodeType":1482},{},[],"Browser security is a real and growing priority — according to Omdia Research, it is now a top-five priority for 88% of security leaders and the top priority for 26% of them. 85% expect their browser security spending to increase over the next 12–24 months. The question isn't whether to invest. It's what to invest in.",{"data":8235,"content":8236,"nodeType":1498},{},[8237],{"data":8238,"marks":8239,"value":8240,"nodeType":1482},{},[],"The browser is where your users work, where attackers target them, and where the identity attacks causing the majority of enterprise breaches play out. But not all browser security investments address the same problem.",{"data":8242,"content":8246,"nodeType":1507},{"target":8243},{"sys":8244},{"id":8245,"type":1504,"linkType":1505},"4nGzT9cNG0Yid93uUCCuTt",[],{"data":8248,"content":8249,"nodeType":1498},{},[8250],{"data":8251,"marks":8252,"value":8253,"nodeType":1482},{},[],"Solutions like Seraphic are built to defend against a browser being exploited by an attacker trying to break out of the sandbox — an attack that represents a historic low as a share of enterprise incidents, and one that Google's own hardening and rapid patching increasingly mitigates automatically. SquareX is built around malware sandboxing — a legitimate but declining share of the initial access landscape, and a capability Zscaler's existing customers already partially have. LayerX focuses on internal governance rather than external threats.",{"data":8255,"content":8256,"nodeType":1498},{},[8257],{"data":8258,"marks":8259,"value":8260,"nodeType":1482},{},[],"Push Security is built to defend against the attacks that are behind the major breaches hitting the headlines: identity theft, credential abuse, session hijacking, and the full identity attack kill chain that plays out inside the browser every time an attacker logs in as your user. Every major threat intelligence report points to these as the primary breach vectors. The economics of attack choice guarantee they'll remain so.",{"data":8262,"content":8263,"nodeType":1498},{},[8264],{"data":8265,"marks":8266,"value":8267,"nodeType":1482},{},[],"The security team that deploys Push gets the greatest coverage of the highest-impact threats, on managed and unmanaged devices, with the lightest operational footprint. That is the browser security investment that moves the needle on real organizational risk — not the browser security investment that defends the software nobody's actually attacking.",{"data":8269,"content":8273,"nodeType":1507},{"target":8270},{"sys":8271},{"id":8272,"type":1504,"linkType":1505},"3a2sEWgWKZulGLCFfODwk0",[],{"data":8275,"content":8276,"nodeType":1498},{},[8277],{"data":8278,"marks":8279,"value":29,"nodeType":1482},{},[],"How to avoid the browser security buyer's trap","Securing the browser vs. securing the organization via the browser — what's the difference?","2026-05-13T00:00:00.000Z","how-to-avoid-the-browser-security-buyers-trap",{"items":8285},[8286,8288],{"sys":8287,"name":6837},{"id":6836},{"sys":8289,"name":8291},{"id":8290},"1gZi8NrRy2v9OqPV7C4dwD","Risk management",{"items":8293},[8294],{"fullName":6845,"firstName":6846,"jobTitle":6847,"profilePicture":8295},{"url":6849},{"__typename":2080,"sys":8297,"content":8298,"title":5917,"synopsis":5918,"hashTags":62,"publishedDate":5919,"slug":5920,"tagsCollection":9007,"authorsCollection":9013},{"id":5077},{"json":8299},{"nodeType":2060,"data":8300,"content":8301},{},[8302,8317,8332,8347,8352,8355,8362,8368,8374,8380,8386,8393,8396,8403,8409,8415,8421,8426,8433,8448,8454,8460,8473,8480,8504,8517,8523,8547,8554,8578,8584,8591,8606,8612,8618,8623,8629,8636,8651,8657,8673,8679,8682,8689,8695,8770,8776,8789,8792,8817,8832,8838,8844,8847,8854,8869,8875,8881,8896,8899,8906,8912,8942,8948,8963,8978,8983,8986,8992],{"nodeType":1498,"data":8303,"content":8304},{},[8305,8308,8314],{"nodeType":1482,"value":5086,"marks":8306,"data":8307},[],{},{"nodeType":1493,"data":8309,"content":8310},{"uri":5091},[8311],{"nodeType":1482,"value":5094,"marks":8312,"data":8313},[],{},{"nodeType":1482,"value":5098,"marks":8315,"data":8316},[],{},{"nodeType":1498,"data":8318,"content":8319},{},[8320,8323,8329],{"nodeType":1482,"value":5105,"marks":8321,"data":8322},[],{},{"nodeType":1493,"data":8324,"content":8325},{"uri":5110},[8326],{"nodeType":1482,"value":5113,"marks":8327,"data":8328},[],{},{"nodeType":1482,"value":5117,"marks":8330,"data":8331},[],{},{"nodeType":1498,"data":8333,"content":8334},{},[8335,8338,8344],{"nodeType":1482,"value":5124,"marks":8336,"data":8337},[],{},{"nodeType":1493,"data":8339,"content":8340},{"uri":61},[8341],{"nodeType":1482,"value":5131,"marks":8342,"data":8343},[],{},{"nodeType":1482,"value":5135,"marks":8345,"data":8346},[],{},{"nodeType":1507,"data":8348,"content":8351},{"target":8349},{"sys":8350},{"id":5142,"type":1504,"linkType":1505},[],{"nodeType":1511,"data":8353,"content":8354},{},[],{"nodeType":1521,"data":8356,"content":8357},{},[8358],{"nodeType":1482,"value":5151,"marks":8359,"data":8361},[8360],{"type":1519},{},{"nodeType":1498,"data":8363,"content":8364},{},[8365],{"nodeType":1482,"value":5159,"marks":8366,"data":8367},[],{},{"nodeType":1498,"data":8369,"content":8370},{},[8371],{"nodeType":1482,"value":5166,"marks":8372,"data":8373},[],{},{"nodeType":1498,"data":8375,"content":8376},{},[8377],{"nodeType":1482,"value":5173,"marks":8378,"data":8379},[],{},{"nodeType":1498,"data":8381,"content":8382},{},[8383],{"nodeType":1482,"value":5180,"marks":8384,"data":8385},[],{},{"nodeType":1498,"data":8387,"content":8388},{},[8389],{"nodeType":1482,"value":5187,"marks":8390,"data":8392},[8391],{"type":1519},{},{"nodeType":1511,"data":8394,"content":8395},{},[],{"nodeType":1521,"data":8397,"content":8398},{},[8399],{"nodeType":1482,"value":5198,"marks":8400,"data":8402},[8401],{"type":1519},{},{"nodeType":1498,"data":8404,"content":8405},{},[8406],{"nodeType":1482,"value":5206,"marks":8407,"data":8408},[],{},{"nodeType":1498,"data":8410,"content":8411},{},[8412],{"nodeType":1482,"value":5213,"marks":8413,"data":8414},[],{},{"nodeType":1498,"data":8416,"content":8417},{},[8418],{"nodeType":1482,"value":5220,"marks":8419,"data":8420},[],{},{"nodeType":1507,"data":8422,"content":8425},{"target":8423},{"sys":8424},{"id":5227,"type":1504,"linkType":1505},[],{"nodeType":2449,"data":8427,"content":8428},{},[8429],{"nodeType":1482,"value":5233,"marks":8430,"data":8432},[8431],{"type":1519},{},{"nodeType":1498,"data":8434,"content":8435},{},[8436,8439,8445],{"nodeType":1482,"value":5241,"marks":8437,"data":8438},[],{},{"nodeType":1493,"data":8440,"content":8441},{"uri":1531},[8442],{"nodeType":1482,"value":5248,"marks":8443,"data":8444},[],{},{"nodeType":1482,"value":5252,"marks":8446,"data":8447},[],{},{"nodeType":1498,"data":8449,"content":8450},{},[8451],{"nodeType":1482,"value":5259,"marks":8452,"data":8453},[],{},{"nodeType":1498,"data":8455,"content":8456},{},[8457],{"nodeType":1482,"value":5266,"marks":8458,"data":8459},[],{},{"nodeType":1498,"data":8461,"content":8462},{},[8463,8466,8470],{"nodeType":1482,"value":5273,"marks":8464,"data":8465},[],{},{"nodeType":1482,"value":5277,"marks":8467,"data":8469},[8468],{"type":1519},{},{"nodeType":1482,"value":5282,"marks":8471,"data":8472},[],{},{"nodeType":2449,"data":8474,"content":8475},{},[8476],{"nodeType":1482,"value":5289,"marks":8477,"data":8479},[8478],{"type":1519},{},{"nodeType":1498,"data":8481,"content":8482},{},[8483,8486,8492,8495,8501],{"nodeType":1482,"value":5297,"marks":8484,"data":8485},[],{},{"nodeType":1493,"data":8487,"content":8488},{"uri":5302},[8489],{"nodeType":1482,"value":5305,"marks":8490,"data":8491},[],{},{"nodeType":1482,"value":5309,"marks":8493,"data":8494},[],{},{"nodeType":1493,"data":8496,"content":8497},{"uri":5314},[8498],{"nodeType":1482,"value":5317,"marks":8499,"data":8500},[],{},{"nodeType":1482,"value":5321,"marks":8502,"data":8503},[],{},{"nodeType":1498,"data":8505,"content":8506},{},[8507,8510,8514],{"nodeType":1482,"value":5328,"marks":8508,"data":8509},[],{},{"nodeType":1482,"value":5332,"marks":8511,"data":8513},[8512],{"type":1519},{},{"nodeType":1482,"value":5337,"marks":8515,"data":8516},[],{},{"nodeType":1498,"data":8518,"content":8519},{},[8520],{"nodeType":1482,"value":5344,"marks":8521,"data":8522},[],{},{"nodeType":1498,"data":8524,"content":8525},{},[8526,8529,8535,8538,8544],{"nodeType":1482,"value":5351,"marks":8527,"data":8528},[],{},{"nodeType":1493,"data":8530,"content":8531},{"uri":1796},[8532],{"nodeType":1482,"value":5358,"marks":8533,"data":8534},[],{},{"nodeType":1482,"value":5362,"marks":8536,"data":8537},[],{},{"nodeType":1493,"data":8539,"content":8540},{"uri":1840},[8541],{"nodeType":1482,"value":2007,"marks":8542,"data":8543},[],{},{"nodeType":1482,"value":5372,"marks":8545,"data":8546},[],{},{"nodeType":2449,"data":8548,"content":8549},{},[8550],{"nodeType":1482,"value":5379,"marks":8551,"data":8553},[8552],{"type":1519},{},{"nodeType":1498,"data":8555,"content":8556},{},[8557,8560,8566,8569,8575],{"nodeType":1482,"value":5387,"marks":8558,"data":8559},[],{},{"nodeType":1493,"data":8561,"content":8562},{"uri":5392},[8563],{"nodeType":1482,"value":5395,"marks":8564,"data":8565},[],{},{"nodeType":1482,"value":5399,"marks":8567,"data":8568},[],{},{"nodeType":1493,"data":8570,"content":8571},{"uri":1567},[8572],{"nodeType":1482,"value":5406,"marks":8573,"data":8574},[],{},{"nodeType":1482,"value":5410,"marks":8576,"data":8577},[],{},{"nodeType":1498,"data":8579,"content":8580},{},[8581],{"nodeType":1482,"value":5417,"marks":8582,"data":8583},[],{},{"nodeType":2449,"data":8585,"content":8586},{},[8587],{"nodeType":1482,"value":5424,"marks":8588,"data":8590},[8589],{"type":1519},{},{"nodeType":1498,"data":8592,"content":8593},{},[8594,8597,8603],{"nodeType":1482,"value":5432,"marks":8595,"data":8596},[],{},{"nodeType":1493,"data":8598,"content":8599},{"uri":1555},[8600],{"nodeType":1482,"value":5439,"marks":8601,"data":8602},[],{},{"nodeType":1482,"value":5443,"marks":8604,"data":8605},[],{},{"nodeType":1498,"data":8607,"content":8608},{},[8609],{"nodeType":1482,"value":5450,"marks":8610,"data":8611},[],{},{"nodeType":1498,"data":8613,"content":8614},{},[8615],{"nodeType":1482,"value":5457,"marks":8616,"data":8617},[],{},{"nodeType":1507,"data":8619,"content":8622},{"target":8620},{"sys":8621},{"id":5464,"type":1504,"linkType":1505},[],{"nodeType":1498,"data":8624,"content":8625},{},[8626],{"nodeType":1482,"value":5470,"marks":8627,"data":8628},[],{},{"nodeType":2449,"data":8630,"content":8631},{},[8632],{"nodeType":1482,"value":5477,"marks":8633,"data":8635},[8634],{"type":1519},{},{"nodeType":1498,"data":8637,"content":8638},{},[8639,8642,8648],{"nodeType":1482,"value":5485,"marks":8640,"data":8641},[],{},{"nodeType":1493,"data":8643,"content":8644},{"uri":5490},[8645],{"nodeType":1482,"value":5493,"marks":8646,"data":8647},[],{},{"nodeType":1482,"value":5497,"marks":8649,"data":8650},[],{},{"nodeType":1498,"data":8652,"content":8653},{},[8654],{"nodeType":1482,"value":5504,"marks":8655,"data":8656},[],{},{"nodeType":1498,"data":8658,"content":8659},{},[8660,8663,8670],{"nodeType":1482,"value":5511,"marks":8661,"data":8662},[],{},{"nodeType":1493,"data":8664,"content":8665},{"uri":5490},[8666],{"nodeType":1482,"value":5518,"marks":8667,"data":8669},[8668],{"type":1491},{},{"nodeType":1482,"value":5523,"marks":8671,"data":8672},[],{},{"nodeType":1498,"data":8674,"content":8675},{},[8676],{"nodeType":1482,"value":5530,"marks":8677,"data":8678},[],{},{"nodeType":1511,"data":8680,"content":8681},{},[],{"nodeType":1521,"data":8683,"content":8684},{},[8685],{"nodeType":1482,"value":5540,"marks":8686,"data":8688},[8687],{"type":1519},{},{"nodeType":1498,"data":8690,"content":8691},{},[8692],{"nodeType":1482,"value":5548,"marks":8693,"data":8694},[],{},{"nodeType":2295,"data":8696,"content":8697},{},[8698,8716,8734,8752],{"nodeType":2299,"data":8699,"content":8700},{},[8701],{"nodeType":1498,"data":8702,"content":8703},{},[8704,8707,8713],{"nodeType":1482,"value":5561,"marks":8705,"data":8706},[],{},{"nodeType":1493,"data":8708,"content":8709},{"uri":2344},[8710],{"nodeType":1482,"value":5568,"marks":8711,"data":8712},[],{},{"nodeType":1482,"value":5572,"marks":8714,"data":8715},[],{},{"nodeType":2299,"data":8717,"content":8718},{},[8719],{"nodeType":1498,"data":8720,"content":8721},{},[8722,8725,8731],{"nodeType":1482,"value":5582,"marks":8723,"data":8724},[],{},{"nodeType":1493,"data":8726,"content":8727},{"uri":5587},[8728],{"nodeType":1482,"value":5590,"marks":8729,"data":8730},[],{},{"nodeType":1482,"value":5594,"marks":8732,"data":8733},[],{},{"nodeType":2299,"data":8735,"content":8736},{},[8737],{"nodeType":1498,"data":8738,"content":8739},{},[8740,8743,8749],{"nodeType":1482,"value":5561,"marks":8741,"data":8742},[],{},{"nodeType":1493,"data":8744,"content":8745},{"uri":1840},[8746],{"nodeType":1482,"value":5610,"marks":8747,"data":8748},[],{},{"nodeType":1482,"value":5614,"marks":8750,"data":8751},[],{},{"nodeType":2299,"data":8753,"content":8754},{},[8755],{"nodeType":1498,"data":8756,"content":8757},{},[8758,8761,8767],{"nodeType":1482,"value":5624,"marks":8759,"data":8760},[],{},{"nodeType":1493,"data":8762,"content":8763},{"uri":5629},[8764],{"nodeType":1482,"value":5632,"marks":8765,"data":8766},[],{},{"nodeType":1482,"value":5636,"marks":8768,"data":8769},[],{},{"nodeType":1498,"data":8771,"content":8772},{},[8773],{"nodeType":1482,"value":5643,"marks":8774,"data":8775},[],{},{"nodeType":1498,"data":8777,"content":8778},{},[8779,8782,8786],{"nodeType":1482,"value":5650,"marks":8780,"data":8781},[],{},{"nodeType":1482,"value":5654,"marks":8783,"data":8785},[8784],{"type":1519},{},{"nodeType":1482,"value":5659,"marks":8787,"data":8788},[],{},{"nodeType":1511,"data":8790,"content":8791},{},[],{"nodeType":1521,"data":8793,"content":8794},{},[8795,8799,8804,8808,8813],{"nodeType":1482,"value":5669,"marks":8796,"data":8798},[8797],{"type":1519},{},{"nodeType":1482,"value":5674,"marks":8800,"data":8803},[8801,8802],{"type":274},{"type":1519},{},{"nodeType":1482,"value":5680,"marks":8805,"data":8807},[8806],{"type":1519},{},{"nodeType":1482,"value":5685,"marks":8809,"data":8812},[8810,8811],{"type":274},{"type":1519},{},{"nodeType":1482,"value":5691,"marks":8814,"data":8816},[8815],{"type":1519},{},{"nodeType":1498,"data":8818,"content":8819},{},[8820,8823,8829],{"nodeType":1482,"value":5699,"marks":8821,"data":8822},[],{},{"nodeType":1493,"data":8824,"content":8825},{"uri":5704},[8826],{"nodeType":1482,"value":5707,"marks":8827,"data":8828},[],{},{"nodeType":1482,"value":5711,"marks":8830,"data":8831},[],{},{"nodeType":1498,"data":8833,"content":8834},{},[8835],{"nodeType":1482,"value":5718,"marks":8836,"data":8837},[],{},{"nodeType":1498,"data":8839,"content":8840},{},[8841],{"nodeType":1482,"value":5725,"marks":8842,"data":8843},[],{},{"nodeType":1511,"data":8845,"content":8846},{},[],{"nodeType":1521,"data":8848,"content":8849},{},[8850],{"nodeType":1482,"value":5735,"marks":8851,"data":8853},[8852],{"type":1519},{},{"nodeType":1498,"data":8855,"content":8856},{},[8857,8860,8866],{"nodeType":1482,"value":5743,"marks":8858,"data":8859},[],{},{"nodeType":1493,"data":8861,"content":8862},{"uri":5748},[8863],{"nodeType":1482,"value":5751,"marks":8864,"data":8865},[],{},{"nodeType":1482,"value":5755,"marks":8867,"data":8868},[],{},{"nodeType":1498,"data":8870,"content":8871},{},[8872],{"nodeType":1482,"value":5762,"marks":8873,"data":8874},[],{},{"nodeType":1498,"data":8876,"content":8877},{},[8878],{"nodeType":1482,"value":5769,"marks":8879,"data":8880},[],{},{"nodeType":1498,"data":8882,"content":8883},{},[8884,8887,8893],{"nodeType":1482,"value":5776,"marks":8885,"data":8886},[],{},{"nodeType":1493,"data":8888,"content":8889},{"uri":5781},[8890],{"nodeType":1482,"value":4838,"marks":8891,"data":8892},[],{},{"nodeType":1482,"value":1576,"marks":8894,"data":8895},[],{},{"nodeType":1511,"data":8897,"content":8898},{},[],{"nodeType":1521,"data":8900,"content":8901},{},[8902],{"nodeType":1482,"value":5796,"marks":8903,"data":8905},[8904],{"type":1519},{},{"nodeType":1498,"data":8907,"content":8908},{},[8909],{"nodeType":1482,"value":5804,"marks":8910,"data":8911},[],{},{"nodeType":2295,"data":8913,"content":8914},{},[8915,8924,8933],{"nodeType":2299,"data":8916,"content":8917},{},[8918],{"nodeType":1498,"data":8919,"content":8920},{},[8921],{"nodeType":1482,"value":5817,"marks":8922,"data":8923},[],{},{"nodeType":2299,"data":8925,"content":8926},{},[8927],{"nodeType":1498,"data":8928,"content":8929},{},[8930],{"nodeType":1482,"value":5827,"marks":8931,"data":8932},[],{},{"nodeType":2299,"data":8934,"content":8935},{},[8936],{"nodeType":1498,"data":8937,"content":8938},{},[8939],{"nodeType":1482,"value":5837,"marks":8940,"data":8941},[],{},{"nodeType":1498,"data":8943,"content":8944},{},[8945],{"nodeType":1482,"value":5844,"marks":8946,"data":8947},[],{},{"nodeType":1498,"data":8949,"content":8950},{},[8951,8954,8960],{"nodeType":1482,"value":5851,"marks":8952,"data":8953},[],{},{"nodeType":1493,"data":8955,"content":8956},{"uri":61},[8957],{"nodeType":1482,"value":5858,"marks":8958,"data":8959},[],{},{"nodeType":1482,"value":1576,"marks":8961,"data":8962},[],{},{"nodeType":1498,"data":8964,"content":8965},{},[8966,8969,8975],{"nodeType":1482,"value":5868,"marks":8967,"data":8968},[],{},{"nodeType":1493,"data":8970,"content":8971},{"uri":5873},[8972],{"nodeType":1482,"value":5876,"marks":8973,"data":8974},[],{},{"nodeType":1482,"value":5880,"marks":8976,"data":8977},[],{},{"nodeType":1507,"data":8979,"content":8982},{"target":8980},{"sys":8981},{"id":5887,"type":1504,"linkType":1505},[],{"nodeType":1511,"data":8984,"content":8985},{},[],{"nodeType":1498,"data":8987,"content":8988},{},[8989],{"nodeType":1482,"value":5896,"marks":8990,"data":8991},[],{},{"nodeType":1498,"data":8993,"content":8994},{},[8995,8998,9004],{"nodeType":1482,"value":5903,"marks":8996,"data":8997},[],{},{"nodeType":1493,"data":8999,"content":9000},{"uri":2043},[9001],{"nodeType":1482,"value":5910,"marks":9002,"data":9003},[],{},{"nodeType":1482,"value":5914,"marks":9005,"data":9006},[],{},{"items":9008},[9009,9011],{"sys":9010,"name":5062},{"id":5061},{"sys":9012,"name":5066},{"id":5065},{"items":9014},[9015],{"fullName":5930,"firstName":5931,"jobTitle":5932,"profilePicture":9016},{"url":5934},{"__typename":2080,"sys":9018,"content":9020,"title":10250,"synopsis":10251,"hashTags":62,"publishedDate":10252,"slug":10253,"tagsCollection":10254,"authorsCollection":10260},{"id":9019},"6MoHWfQlVildcFYKSbfMcE",{"json":9021},{"nodeType":2060,"data":9022,"content":9023},{},[9024,9040,9046,9053,9060,9066,9069,9077,9085,9104,9150,9156,9171,9174,9182,9189,9217,9258,9265,9268,9276,9284,9291,9297,9304,9307,9315,9322,9364,9400,9407,9410,9418,9425,9450,9457,9500,9507,9510,9518,9526,9571,9578,9584,9587,9595,9603,9635,9642,9648,9655,9658,9666,9674,9703,9710,9717,9724,9727,9735,9743,9750,9756,9763,9786,9815,9818,9826,9834,9841,9848,9851,9859,9922,9925,9933,9940,10230,10233],{"nodeType":1498,"data":9025,"content":9026},{},[9027,9031,9036],{"nodeType":1482,"value":9028,"marks":9029,"data":9030},"Browser security solutions are one of the most significant additions to the enterprise security stack in recent years — and the data shows it. The browser is where ",[],{},{"nodeType":1482,"value":9032,"marks":9033,"data":9035},"85% of work now happens",[9034],{"type":1519},{},{"nodeType":1482,"value":9037,"marks":9038,"data":9039},", where AI tools are accessed, and where attackers increasingly choose to strike.",[],{},{"nodeType":1507,"data":9041,"content":9045},{"target":9042},{"sys":9043},{"id":9044,"type":1504,"linkType":1505},"5P6PyFbn4EakRNlIWtNzyL",[],{"nodeType":1498,"data":9047,"content":9048},{},[9049],{"nodeType":1482,"value":9050,"marks":9051,"data":9052},"But browser security is a nascent category. Getting a clear picture of which solution is right for your team, and how to get the most out of it, isn't straightforward. Current solutions on the market serve a wide range of IT and security use cases, with varying degrees of depth and differentiation across them. Not all use cases are equal in terms of their security value, and not all of them are best addressed in the browser.",[],{},{"nodeType":1498,"data":9054,"content":9055},{},[9056],{"nodeType":1482,"value":9057,"marks":9058,"data":9059},"This article ranks the security problems that browser security solutions can address by the value they deliver: a combination of the risk reduction on offer, and the degree to which the browser is genuinely the best (or only) layer to solve the problem. ",[],{},{"nodeType":1507,"data":9061,"content":9065},{"target":9062},{"sys":9063},{"id":9064,"type":1504,"linkType":1505},"6SJPvEHizSYk29lEvVVNj",[],{"nodeType":1511,"data":9067,"content":9068},{},[],{"nodeType":1521,"data":9070,"content":9071},{},[9072],{"nodeType":1482,"value":9073,"marks":9074,"data":9076},"#1 — Account takeover prevention: detecting credential attacks across all vectors",[9075],{"type":1519},{},{"nodeType":1498,"data":9078,"content":9079},{},[9080],{"nodeType":1482,"value":9081,"marks":9082,"data":9084},"Security value: Very high | Browser fit: Uniquely suited",[9083],{"type":1519},{},{"nodeType":1498,"data":9086,"content":9087},{},[9088,9092,9100],{"nodeType":1482,"value":9089,"marks":9090,"data":9091},"Account takeover (ATO) is the dominant entry point for enterprise breaches:",[],{},{"nodeType":1493,"data":9093,"content":9095},{"uri":9094},"https://www.crowdstrike.com/en-gb/resources/infographics/identity-security-risk-review/",[9096],{"nodeType":1482,"value":9097,"marks":9098,"data":9099}," 80% of all modern breaches involve compromised or stolen identities",[],{},{"nodeType":1482,"value":9101,"marks":9102,"data":9103},". The attack surface is far wider than most identity tooling can see: credential stuffing, password spraying, ghost logins (password-based fallback authentication that persists after SSO is configured), weak or reused credentials on shadow SaaS apps, and accounts where MFA was never enforced.",[],{},{"nodeType":1498,"data":9105,"content":9106},{},[9107,9111,9119,9122,9127,9130,9135,9139,9146],{"nodeType":1482,"value":9108,"marks":9109,"data":9110},"According to",[],{},{"nodeType":1493,"data":9112,"content":9114},{"uri":9113},"https://cf-assets.www.cloudflare.com/slt3lc6tev37/sWDBUMNVtEJB9ZFLt1dUU/8d69e92de2edfb3bf59e7d21d57e7e1a/Cloudflare-2026-threat-report.pdf",[9115],{"nodeType":1482,"value":9116,"marks":9117,"data":9118}," Cloudflare's 2026 Threat Report",[],{},{"nodeType":1482,"value":2471,"marks":9120,"data":9121},[],{},{"nodeType":1482,"value":9123,"marks":9124,"data":9126},"63% of all human logins involve credentials already compromised elsewhere",[9125],{"type":1519},{},{"nodeType":1482,"value":2386,"marks":9128,"data":9129},[],{},{"nodeType":1482,"value":9131,"marks":9132,"data":9134},"94% of all login attempts originate from bots",[9133],{"type":1519},{},{"nodeType":1482,"value":9136,"marks":9137,"data":9138},". The",[],{},{"nodeType":1493,"data":9140,"content":9142},{"uri":9141},"https://pushsecurity.com/blog/snowflake-retro/",[9143],{"nodeType":1482,"value":5632,"marks":9144,"data":9145},[],{},{"nodeType":1482,"value":9147,"marks":9148,"data":9149}," — 165+ organizations compromised, 1 billion+ records stolen — was powered almost entirely by ghost logins: accounts missing MFA that were susceptible to credential stuffing. It's particularly telling that 80% of the accounts impacted had prior breach exposure.",[],{},{"nodeType":1507,"data":9151,"content":9155},{"target":9152},{"sys":9153},{"id":9154,"type":1504,"linkType":1505},"HbZ66kp5DiAZtwNGFJK7d",[],{"nodeType":1498,"data":9157,"content":9158},{},[9159,9163,9168],{"nodeType":1482,"value":9160,"marks":9161,"data":9162},"For organizations with contractors and BYOD users, the browser extension is also the only enterprise control deployable on devices that can't be MDM-enrolled — extending ATO detection to exactly the place where, per Verizon DBIR 2025, ",[],{},{"nodeType":1482,"value":9164,"marks":9165,"data":9167},"46% of infostealer infections originate",[9166],{"type":1519},{},{"nodeType":1482,"value":1576,"marks":9169,"data":9170},[],{},{"nodeType":1511,"data":9172,"content":9173},{},[],{"nodeType":1521,"data":9175,"content":9176},{},[9177],{"nodeType":1482,"value":9178,"marks":9179,"data":9181},"#2 — Detecting and stopping advanced phishing: AiTM, multi-channel delivery, and zero-day lures",[9180],{"type":1519},{},{"nodeType":1498,"data":9183,"content":9184},{},[9185],{"nodeType":1482,"value":9081,"marks":9186,"data":9188},[9187],{"type":1519},{},{"nodeType":1498,"data":9190,"content":9191},{},[9192,9196,9204,9208,9213],{"nodeType":1482,"value":9193,"marks":9194,"data":9195},"Adversary-in-the-Middle (AiTM) phishing — where an attacker's reverse proxy intercepts credentials and session tokens in real time — has become the standard technique for bypassing MFA at scale.",[],{},{"nodeType":1493,"data":9197,"content":9199},{"uri":9198},"https://www.esentire.com/resources/library/2026-threat-report",[9200],{"nodeType":1482,"value":9201,"marks":9202,"data":9203}," eSentire's 2026 Threat Report",[],{},{"nodeType":1482,"value":9205,"marks":9206,"data":9207}," attributes ",[],{},{"nodeType":1482,"value":9209,"marks":9210,"data":9212},"63% of account compromise incidents to PhaaS kits",[9211],{"type":1519},{},{"nodeType":1482,"value":9214,"marks":9215,"data":9216},", with account compromise surging 389% year-over-year.",[],{},{"nodeType":1498,"data":9218,"content":9219},{},[9220,9224,9232,9236,9241,9245,9254],{"nodeType":1482,"value":9221,"marks":9222,"data":9223},"Traditional phishing controls are also no longer in the right place to intercept these attacks. The delivery channel has shifted decisively away from email:",[],{},{"nodeType":1493,"data":9225,"content":9227},{"uri":9226},"https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2026",[9228],{"nodeType":1482,"value":9229,"marks":9230,"data":9231}," Mandiant M-Trends 2026",[],{},{"nodeType":1482,"value":9233,"marks":9234,"data":9235}," found email phishing dropped from 14% to 6% as an infection vector, and Push data shows ",[],{},{"nodeType":1482,"value":9237,"marks":9238,"data":9240},"roughly 1 in 3 phishing payloads intercepted were delivered outside email entirely",[9239],{"type":1519},{},{"nodeType":1482,"value":9242,"marks":9243,"data":9244}," — via search engine malvertising, social platforms, and compromised websites. Meanwhile, ",[],{},{"nodeType":1493,"data":9246,"content":9248},{"uri":9247},"https://www.spamhaus.com/resource-center/supporting-researchers-with-passive-dns/",[9249],{"nodeType":1482,"value":9250,"marks":9251,"data":9253},"89% of phishing domains are active for less than two days",[9252],{"type":1519},{},{"nodeType":1482,"value":9255,"marks":9256,"data":9257},", making blocklist-based detection structurally too slow — attackers can spin up, tear down, and move on before blocklists can catch up.",[],{},{"nodeType":1498,"data":9259,"content":9260},{},[9261],{"nodeType":1482,"value":9262,"marks":9263,"data":9264},"Modern phishing plays out entirely inside the browser session. The only detection layer that can see the phishing page structure, the credential entry, and the anomalous token context is the browser itself. Browser-native detection analyses page behavior rather than matching known-bad domains, which means it fires on zero-day kits regardless of how recently the infrastructure was stood up. Controls like credential entry guardrails add an additional layer — blocking corporate passwords from being submitted to unauthorized domains independently of content and behavior-based detections.",[],{},{"nodeType":1511,"data":9266,"content":9267},{},[],{"nodeType":1521,"data":9269,"content":9270},{},[9271],{"nodeType":1482,"value":9272,"marks":9273,"data":9275},"#3 — Identity posture hardening: enforcing security across the apps your IdP doesn't manage",[9274],{"type":1519},{},{"nodeType":1498,"data":9277,"content":9278},{},[9279],{"nodeType":1482,"value":9280,"marks":9281,"data":9283},"Security value: High | Browser fit: Uniquely suited",[9282],{"type":1519},{},{"nodeType":1498,"data":9285,"content":9286},{},[9287],{"nodeType":1482,"value":9288,"marks":9289,"data":9290},"The first challenge is knowing what you're protecting. Every identity an employee creates — every app they sign up to, every password they set, every login that bypasses SSO — is an authentication event that happens inside a browser session. The browser is the only layer that observes all of these events regardless of whether the app is sanctioned, managed, or even known to IT. Solutions that rely on API-level integrations with known apps, network traffic inspection, or email sign-up notifications can only ever build a partial picture, because they can only see apps they already know about. The browser sees the login itself, which means it discovers the identity at the moment it's created or used — authentication method, password strength, MFA status, and all.",[],{},{"nodeType":1507,"data":9292,"content":9296},{"target":9293},{"sys":9294},{"id":9295,"type":1504,"linkType":1505},"HETvBCPsKGkqLVtaasXH0",[],{"nodeType":1498,"data":9298,"content":9299},{},[9300],{"nodeType":1482,"value":9301,"marks":9302,"data":9303},"But discovery without enforcement is just an inventory problem. Being in the browser means that you're in a great position to act on what it finds at the moment of authentication. Browser-native guardrails that prompt MFA enrollment, guide users toward stronger credentials, and redirect to SSO login paths close the gap at scale, on every app, including those the IdP has never seen. They also produce the continuous, auditable evidence of MFA coverage and credential hygiene across the full application estate that regulators, insurers, and auditors increasingly require — evidence that no IdP-centric tool can provide for apps outside its scope.",[],{},{"nodeType":1511,"data":9305,"content":9306},{},[],{"nodeType":1521,"data":9308,"content":9309},{},[9310],{"nodeType":1482,"value":9311,"marks":9312,"data":9314},"#4 — Browser extension security",[9313],{"type":1519},{},{"nodeType":1498,"data":9316,"content":9317},{},[9318],{"nodeType":1482,"value":9280,"marks":9319,"data":9321},[9320],{"type":1519},{},{"nodeType":1498,"data":9323,"content":9324},{},[9325,9329,9338,9341,9349,9352,9360],{"nodeType":1482,"value":9326,"marks":9327,"data":9328},"Browser extensions have become one of the most talked-about attack surfaces in security over the past 18 months, and understandably so — a string of high-profile supply chain compromises have collectively impacted tens of millions of users since late 2024 (",[],{},{"nodeType":1493,"data":9330,"content":9332},{"uri":9331},"https://www.cyberhaven.com/blog/cyberhavens-chrome-extension-security-incident-and-what-were-doing-about-it",[9333],{"nodeType":1482,"value":9334,"marks":9335,"data":9337},"Cyberhaven",[9336],{"type":1491},{},{"nodeType":1482,"value":1609,"marks":9339,"data":9340},[],{},{"nodeType":1493,"data":9342,"content":9344},{"uri":9343},"https://thehackernews.com/2025/12/darkspectre-browser-extension-campaigns.html",[9345],{"nodeType":1482,"value":9346,"marks":9347,"data":9348}," DarkSpectre",[],{},{"nodeType":1482,"value":1609,"marks":9350,"data":9351},[],{},{"nodeType":1493,"data":9353,"content":9355},{"uri":9354},"https://thehackernews.com/2025/12/trust-wallet-chrome-extension-hack.html",[9356],{"nodeType":1482,"value":9357,"marks":9358,"data":9359}," Trust Wallet",[],{},{"nodeType":1482,"value":9361,"marks":9362,"data":9363},", among many others).",[],{},{"nodeType":1498,"data":9365,"content":9366},{},[9367,9370,9378,9382,9387,9391,9396],{"nodeType":1482,"value":29,"marks":9368,"data":9369},[],{},{"nodeType":1493,"data":9371,"content":9372},{"uri":5490},[9373],{"nodeType":1482,"value":9374,"marks":9375,"data":9377},"Analysis of 20,000+ extensions across Push customers",[9376],{"type":1491},{},{"nodeType":1482,"value":9379,"marks":9380,"data":9381}," found ",[],{},{"nodeType":1482,"value":9383,"marks":9384,"data":9386},"46.76% have the permission combinations needed to perform account takeover with no user interaction",[9385],{"type":1519},{},{"nodeType":1482,"value":9388,"marks":9389,"data":9390},", making permissions-based risk scoring effectively useless as a triage tool. The real threat model is not malicious extensions at install time — it's legitimate extensions that ",[],{},{"nodeType":1482,"value":9392,"marks":9393,"data":9395},"become",[9394],{"type":274},{},{"nodeType":1482,"value":9397,"marks":9398,"data":9399}," malicious after an ownership transfer, developer account compromise, or silent update push. Every major extension supply chain breach of the past 18 months scored as low-risk immediately before compromise.",[],{},{"nodeType":1498,"data":9401,"content":9402},{},[9403],{"nodeType":1482,"value":9404,"marks":9405,"data":9406},"SWGs and network tools are structurally blind to this attack surface: a malicious extension exfiltrating session tokens generates no anomalous network signal — its traffic is indistinguishable from normal browsing. Endpoint agents have no visibility into extension behavior at the session level. Extension inventory, supply chain change monitoring — ownership transfers, permission escalations, developer contact changes — and enforcement all require browser-layer access by definition.",[],{},{"nodeType":1511,"data":9408,"content":9409},{},[],{"nodeType":1521,"data":9411,"content":9412},{},[9413],{"nodeType":1482,"value":9414,"marks":9415,"data":9417},"#5 — Shadow SaaS discovery and OAuth integration governance",[9416],{"type":1519},{},{"nodeType":1498,"data":9419,"content":9420},{},[9421],{"nodeType":1482,"value":9280,"marks":9422,"data":9424},[9423],{"type":1519},{},{"nodeType":1498,"data":9426,"content":9427},{},[9428,9432,9437,9441,9446],{"nodeType":1482,"value":9429,"marks":9430,"data":9431},"Shadow SaaS discovery shares DNA with identity posture hardening (#3) — both start with the same browser-native visibility into login events that no other layer can replicate. Where identity posture focuses on hardening ",[],{},{"nodeType":1482,"value":9433,"marks":9434,"data":9436},"how",[9435],{"type":274},{},{"nodeType":1482,"value":9438,"marks":9439,"data":9440}," employees authenticate, shadow SaaS discovery focuses on ",[],{},{"nodeType":1482,"value":9442,"marks":9443,"data":9445},"what",[9444],{"type":274},{},{"nodeType":1482,"value":9447,"marks":9448,"data":9449}," they authenticate to: surfacing the full estate of applications in use across the organization, including those that IT has never sanctioned or even heard of.",[],{},{"nodeType":1498,"data":9451,"content":9452},{},[9453],{"nodeType":1482,"value":9454,"marks":9455,"data":9456},"OAuth integration governance is the component of shadow SaaS that is both the most potentially damaging and the hardest to surface through other means. The SaaS-to-SaaS OAuth pivot is now an industrialized attack pattern.",[],{},{"nodeType":2295,"data":9458,"content":9459},{},[9460,9480],{"nodeType":2299,"data":9461,"content":9462},{},[9463],{"nodeType":1498,"data":9464,"content":9465},{},[9466,9469,9476],{"nodeType":1482,"value":5624,"marks":9467,"data":9468},[],{},{"nodeType":1493,"data":9470,"content":9471},{"uri":1946},[9472],{"nodeType":1482,"value":9473,"marks":9474,"data":9475}," ShinyHunters",[],{},{"nodeType":1482,"value":9477,"marks":9478,"data":9479}," Salesforce campaign — which compromised 1,000+ organizations and 1.5 billion records — demonstrated the full chain: the attacker didn't stop at stealing customer data but harvested OAuth tokens, AWS access keys, and Snowflake tokens from breached tenants and pivoted through connected services like Salesloft, Drift, and Gainsight to reach hundreds more organizations.",[],{},{"nodeType":2299,"data":9481,"content":9482},{},[9483],{"nodeType":1498,"data":9484,"content":9485},{},[9486,9489,9496],{"nodeType":1482,"value":5624,"marks":9487,"data":9488},[],{},{"nodeType":1493,"data":9490,"content":9491},{"uri":6335},[9492],{"nodeType":1482,"value":9493,"marks":9494,"data":9495}," Context.ai → Vercel",[],{},{"nodeType":1482,"value":9497,"marks":9498,"data":9499}," chain followed the same logic — stored OAuth tokens from a forgotten AI app trial provided the bridge into Google Workspace, internal dashboards, and API keys. These are not isolated incidents; they are the repeatable playbook for extracting maximum value from a single compromise through the trust relationships that OAuth connections encode.",[],{},{"nodeType":1498,"data":9501,"content":9502},{},[9503],{"nodeType":1482,"value":9504,"marks":9505,"data":9506},"Every OAuth consent grant transits the browser — the authorization prompt, the scope disclosure, the user's approval click, and the redirect that completes the grant all happen inside a browser session — which makes the browser the only layer where an unwanted grant can be intercepted before the token is issued and the persistent access path is created. Once a token exists, the damage is done: it survives password resets, MFA changes, and session revocations, and revoking it after the fact requires first knowing it was granted, which most organizations do not.",[],{},{"nodeType":1511,"data":9508,"content":9509},{},[],{"nodeType":1521,"data":9511,"content":9512},{},[9513],{"nodeType":1482,"value":9514,"marks":9515,"data":9517},"#6 — Blocking ClickFix and social engineering-based malware delivery",[9516],{"type":1519},{},{"nodeType":1498,"data":9519,"content":9520},{},[9521],{"nodeType":1482,"value":9522,"marks":9523,"data":9525},"Security value: High | Browser fit: Strong for interception — shared with endpoint security for execution. ConsentFix is a browser-native exception that is T1-aligned.",[9524],{"type":1519},{},{"nodeType":1498,"data":9527,"content":9528},{},[9529,9533,9538,9542,9549,9553,9558,9562,9567],{"nodeType":1482,"value":9530,"marks":9531,"data":9532},"ClickFix was the most common initial access vector reported by Microsoft in 2025, accounting for ",[],{},{"nodeType":1482,"value":9534,"marks":9535,"data":9537},"47% of observed attacks",[9536],{"type":1519},{},{"nodeType":1482,"value":9539,"marks":9540,"data":9541},". CrowdStrike's",[],{},{"nodeType":1493,"data":9543,"content":9544},{"uri":5314},[9545],{"nodeType":1482,"value":9546,"marks":9547,"data":9548}," 2026 Global Threat Report",[],{},{"nodeType":1482,"value":9550,"marks":9551,"data":9552}," identified fake CAPTCHA lures as the most common malware download type, increasing ",[],{},{"nodeType":1482,"value":9554,"marks":9555,"data":9557},"563% year-over-year",[9556],{"type":1519},{},{"nodeType":1482,"value":9559,"marks":9560,"data":9561},". The technique writes a malicious command to the victim's clipboard and social-engineers them into executing it. It is fileless (bypassing download scanning), user-executed (bypassing endpoint behavioral detections), and ",[],{},{"nodeType":1482,"value":9563,"marks":9564,"data":9566},"4 in 5 ClickFix payloads intercepted by Push arrived via search engines",[9565],{"type":1519},{},{"nodeType":1482,"value":9568,"marks":9569,"data":9570}," — not email (bypassing email anti-phishing controls).",[],{},{"nodeType":1498,"data":9572,"content":9573},{},[9574],{"nodeType":1482,"value":9575,"marks":9576,"data":9577},"The browser is the earliest and most effective intervention point — detecting the clipboard injection and social engineering lure before anything reaches the endpoint in executable form. But the problem doesn't end at the browser boundary: once the command has been pasted and run, detection and remediation become endpoint problems, and a mature defense requires both layers. The broader *Fix family — FileFix, InstallFix, and similar derivatives — follows the same pattern, with the browser providing the critical early-warning layer within a defense that spans browser and endpoint.",[],{},{"nodeType":1507,"data":9579,"content":9583},{"target":9580},{"sys":9581},{"id":9582,"type":1504,"linkType":1505},"39alMHtw9FPHbQINqbAgBN",[],{"nodeType":1511,"data":9585,"content":9586},{},[],{"nodeType":1521,"data":9588,"content":9589},{},[9590],{"nodeType":1482,"value":9591,"marks":9592,"data":9594},"#7 — AI visibility and control: enforcing which AI tools employees can use and how",[9593],{"type":1519},{},{"nodeType":1498,"data":9596,"content":9597},{},[9598],{"nodeType":1482,"value":9599,"marks":9600,"data":9602},"Security value: High | Browser fit: Strong for access enforcement — but AI governance is not a new security problem so much as a force multiplier on existing ones",[9601],{"type":1519},{},{"nodeType":1498,"data":9604,"content":9605},{},[9606,9610,9618,9622,9631],{"nodeType":1482,"value":9607,"marks":9608,"data":9609},"AI adoption is outpacing security governance at nearly every organization, and ",[],{},{"nodeType":1493,"data":9611,"content":9612},{"uri":6870},[9613],{"nodeType":1482,"value":9614,"marks":9615,"data":9617},"71% of organizations are concerned about data leakage via unsanctioned AI apps",[9616],{"type":1519},{},{"nodeType":1482,"value":9619,"marks":9620,"data":9621},". But the security problems that AI creates are not, for the most part, novel — they are existing Tier 1 problems amplified by a new category of tooling. Shadow AI apps are shadow SaaS (#5). AI OAuth integrations are OAuth governance (#5). AI browser extensions are extension security (#4). The risk of employees using personal AI accounts — ",[],{},{"nodeType":1493,"data":9623,"content":9625},{"uri":9624},"https://keepaware.com/blog/46-of-sensitive-data-bypasses-your-dlp",[9626],{"nodeType":1482,"value":9627,"marks":9628,"data":9630},"46% of sensitive inputs to AI tools are sent via personal accounts",[9629],{"type":1519},{},{"nodeType":1482,"value":9632,"marks":9633,"data":9634}," — is an identity posture problem (#3).",[],{},{"nodeType":1498,"data":9636,"content":9637},{},[9638],{"nodeType":1482,"value":9639,"marks":9640,"data":9641},"The component parts that allow you to govern AI are individually Tier 1 capabilities, and the browser is the best single layer for gaining visibility and control over AI usage — it sees the apps, the OAuth grants, the extensions, and the account context. But a complete end-to-end solution also requires a presence on the endpoint layer (for local AI tools, IDE-integrated agents, and API-level usage that never touches the browser), and prompt-level DLP on sanctioned tools is better handled by platform-native controls than by browser-layer observation.",[],{},{"nodeType":1507,"data":9643,"content":9647},{"target":9644},{"sys":9645},{"id":9646,"type":1504,"linkType":1505},"6Py3z9VgjhKrchmYvhmbsq",[],{"nodeType":1498,"data":9649,"content":9650},{},[9651],{"nodeType":1482,"value":9652,"marks":9653,"data":9654},"The browser is what makes platform controls effective — if employees are using personal accounts, there are no enterprise audit logs to inspect. And for the growing category of AI agents, agentic browsers, and MCP-connected tools that operate through OAuth grants rather than direct user interaction, the browser is where the consent decisions that authorize those agents are made.",[],{},{"nodeType":1511,"data":9656,"content":9657},{},[],{"nodeType":1521,"data":9659,"content":9660},{},[9661],{"nodeType":1482,"value":9662,"marks":9663,"data":9665},"#8 — Investigation acceleration and incident response: closing the missing middle",[9664],{"type":1519},{},{"nodeType":1498,"data":9667,"content":9668},{},[9669],{"nodeType":1482,"value":9670,"marks":9671,"data":9673},"Security value: High | Browser fit: Strong — fills a structural gap complementary to endpoint, network, and identity telemetry",[9672],{"type":1519},{},{"nodeType":1498,"data":9675,"content":9676},{},[9677,9681,9686,9690,9699],{"nodeType":1482,"value":9678,"marks":9679,"data":9680},"Endpoint logs show what processes executed. Network logs show traffic destinations. IdP logs show authentication events. None of them show what happened ",[],{},{"nodeType":1482,"value":9682,"marks":9683,"data":9685},"inside the browser session",[9684],{"type":274},{},{"nodeType":1482,"value":9687,"marks":9688,"data":9689}," — the phishing page the user saw, the credentials they entered, the malicious OAuth consent grant, the data uploaded or pasted to an unsanctioned service. This is the missing middle of modern incident investigations, and for the ",[],{},{"nodeType":1493,"data":9691,"content":9693},{"uri":9692},"https://www.paloaltonetworks.co.uk/resources/research/unit-42-incident-response-report",[9694],{"nodeType":1482,"value":9695,"marks":9696,"data":9698},"48% of intrusions involving browser-based activity",[9697],{"type":1519},{},{"nodeType":1482,"value":9700,"marks":9701,"data":9702},", the absence of browser telemetry is a significant investigative gap.",[],{},{"nodeType":1498,"data":9704,"content":9705},{},[9706],{"nodeType":1482,"value":9707,"marks":9708,"data":9709},"Browser-layer telemetry fills that gap with a fundamentally different quality of signal: what users actually clicked, what pages loaded and how they behaved, what credentials were entered, what session activity followed — structured, high-fidelity data from inside the session where the attack played out. That's the difference between inferring what happened and seeing it directly, and it determines scope, drives containment decisions, and provides the direct evidential record that neither endpoint DLP nor network monitoring can supply for browser-native attacks.",[],{},{"nodeType":1498,"data":9711,"content":9712},{},[9713],{"nodeType":1482,"value":9714,"marks":9715,"data":9716},"Browser telemetry is a key addition to the investigative picture. Investigations are inherently multi-source — without browser data, reconstructing an incident from EDR, network, and IdP logs won't tell you the full picture (particularly when attacks are increasingly delivered outside of email, intercepting users as they browse the internet normally).",[],{},{"nodeType":1498,"data":9718,"content":9719},{},[9720],{"nodeType":1482,"value":9721,"marks":9722,"data":9723},"The browser provides the causal link that other sources miss: the bridge between \"a user visited a URL\" and \"credentials were submitted to a phishing page that issued a session token now being replayed from an attacker-controlled browser.\" Integrated with SIEM and SOAR platforms, that signal enables automated response workflows to execute on high-confidence detections without waiting for manual triage.",[],{},{"nodeType":1511,"data":9725,"content":9726},{},[],{"nodeType":1521,"data":9728,"content":9729},{},[9730],{"nodeType":1482,"value":9731,"marks":9732,"data":9734},"#9 — Infostealer defense: detecting exposure and blocking delivery",[9733],{"type":1519},{},{"nodeType":1498,"data":9736,"content":9737},{},[9738],{"nodeType":1482,"value":9739,"marks":9740,"data":9742},"Security value: High | Browser fit: Strong for delivery interception and stolen factor detection — complementary to endpoint security for execution",[9741],{"type":1519},{},{"nodeType":1498,"data":9744,"content":9745},{},[9746],{"nodeType":1482,"value":9747,"marks":9748,"data":9749},"Infostealers are the upstream supply chain for a disproportionate share of the most damaging enterprise attacks — harvesting credentials, session cookies, and browser profile data en masse from infected devices, then selling the outputs on infostealer markets for use in credential stuffing, ATO, and ransomware campaigns.",[],{},{"nodeType":1507,"data":9751,"content":9755},{"target":9752},{"sys":9753},{"id":9754,"type":1504,"linkType":1505},"5NF1afwu3zFGThZTtStVQA",[],{"nodeType":1498,"data":9757,"content":9758},{},[9759],{"nodeType":1482,"value":9760,"marks":9761,"data":9762},"The browser is relevant at two points in the infostealer kill chain. First, delivery interception: ClickFix (covered in #6) is now the primary infostealer delivery mechanism, and the browser is the only layer that can intercept it before execution. Second, detecting stolen factors when attackers attempt to use them — and infostealers produce two categories of stolen factor that the browser can guard against.",[],{},{"nodeType":2295,"data":9764,"content":9765},{},[9766,9776],{"nodeType":2299,"data":9767,"content":9768},{},[9769],{"nodeType":1498,"data":9770,"content":9771},{},[9772],{"nodeType":1482,"value":9773,"marks":9774,"data":9775},"Stolen credentials can be identified at the point of login: browser-layer detection flags credentials that appear in known breach datasets, catching infostealer-harvested passwords being replayed in credential stuffing campaigns before the account is compromised.",[],{},{"nodeType":2299,"data":9777,"content":9778},{},[9779],{"nodeType":1498,"data":9780,"content":9781},{},[9782],{"nodeType":1482,"value":9783,"marks":9784,"data":9785},"Stolen session tokens are caught through a different mechanism: sessions originating in instrumented browsers carry a marker, and when a token subsequently appears in an un-instrumented browser it is a confirmed stolen session — catching infostealer-harvested cookies being replayed regardless of how or where the token was originally harvested.",[],{},{"nodeType":1498,"data":9787,"content":9788},{},[9789,9793,9802,9806,9811],{"nodeType":1482,"value":9790,"marks":9791,"data":9792},"This is particularly critical for the ",[],{},{"nodeType":1493,"data":9794,"content":9796},{"uri":9795},"https://www.verizon.com/business/en-gb/resources/reports/dbir/",[9797],{"nodeType":1482,"value":9798,"marks":9799,"data":9801},"46% of infected devices that are unmanaged",[9800],{"type":1519},{},{"nodeType":1482,"value":9803,"marks":9804,"data":9805}," where EDR is absent and the stolen credentials and session tokens will never be detected at the endpoint. Infostealer ",[],{},{"nodeType":1482,"value":9807,"marks":9808,"data":9810},"execution",[9809],{"type":274},{},{"nodeType":1482,"value":9812,"marks":9813,"data":9814}," remains an endpoint problem; the browser closes the delivery and replay gaps that endpoint tools miss.",[],{},{"nodeType":1511,"data":9816,"content":9817},{},[],{"nodeType":1521,"data":9819,"content":9820},{},[9821],{"nodeType":1482,"value":9822,"marks":9823,"data":9825},"#10 — Data loss prevention: a key component of effective DLP, but not the full picture",[9824],{"type":1519},{},{"nodeType":1498,"data":9827,"content":9828},{},[9829],{"nodeType":1482,"value":9830,"marks":9831,"data":9833},"Security value: Medium-high | Browser fit: Partial — complementary to dedicated DLP",[9832],{"type":1519},{},{"nodeType":1498,"data":9835,"content":9836},{},[9837],{"nodeType":1482,"value":9838,"marks":9839,"data":9840},"File uploads to unsanctioned services, sensitive data pasted into AI tools, and exfiltration through personal accounts are genuine and growing risks that traditional email and endpoint-centric DLP tools were not designed to catch. Browser-layer controls provide real value here — particularly for BYOD users and contractors, where endpoint DLP agents cannot be deployed and the browser is the only available data loss visibility.",[],{},{"nodeType":1498,"data":9842,"content":9843},{},[9844],{"nodeType":1482,"value":9845,"marks":9846,"data":9847},"The honest scope: browser-layer DLP does not cover email-based loss, endpoint-to-endpoint transfers, or cloud API exfiltration. It closes specific and important gaps within a broader DLP strategy, not a replacement for one. A further distinction for organizations evaluating browser DLP for secure third-party access: full-stack enterprise browsers can enforce deeper output controls — watermarking, obfuscation, screenshot and print restrictions — at the OS rendering level that browser extensions cannot reliably replicate. Extension-based browser DLP is strongest for upload, input, and access control use cases rather than OS-level output restriction.",[],{},{"nodeType":1511,"data":9849,"content":9850},{},[],{"nodeType":1521,"data":9852,"content":9853},{},[9854],{"nodeType":1482,"value":9855,"marks":9856,"data":9858},"Tier 3 — Lower Value: A problem best addressed outside of the browser",[9857],{"type":1519},{},{"nodeType":2295,"data":9860,"content":9861},{},[9862,9877,9892,9907],{"nodeType":2299,"data":9863,"content":9864},{},[9865],{"nodeType":1498,"data":9866,"content":9867},{},[9868,9873],{"nodeType":1482,"value":9869,"marks":9870,"data":9872},"Browser exploit protection",[9871],{"type":1519},{},{"nodeType":1482,"value":9874,"marks":9875,"data":9876}," (narrow RCE/sandbox sense) ranks lower because browser zero-days represent just 9% of all zero-days reported to Google, and 82% of attack detections are now malware-free (CrowdStrike 2026). This is a problem for browser vendors to solve, and it's not a big enough problem to warrant enterprises investing in additional mitigating controls.",[],{},{"nodeType":2299,"data":9878,"content":9879},{},[9880],{"nodeType":1498,"data":9881,"content":9882},{},[9883,9888],{"nodeType":1482,"value":9884,"marks":9885,"data":9887},"Domain and URL category controls",[9886],{"type":1519},{},{"nodeType":1482,"value":9889,"marks":9890,"data":9891}," offer genuine browser-layer value but are commoditized by SWG and DNS filtering tools most organizations already operate. This can be provided in the browser, sure (and it's something we do at Push) but offers limited security value in terms of making a difference against modern attacks that quickly rotate these kinds of indicators and are designed to blend in.",[],{},{"nodeType":2299,"data":9893,"content":9894},{},[9895],{"nodeType":1498,"data":9896,"content":9897},{},[9898,9903],{"nodeType":1482,"value":9899,"marks":9900,"data":9902},"Access management",[9901],{"type":1519},{},{"nodeType":1482,"value":9904,"marks":9905,"data":9906}," — ZTNA, VPN replacement, PAM, BYOD access control — is an IT infrastructure and access architecture problem, not a security operations problem, and belongs to a different buyer with a different evaluation frame. There are numerous (typically full-stack) Enterprise Browser solutions on the market that address IT use cases like this well.",[],{},{"nodeType":2299,"data":9908,"content":9909},{},[9910],{"nodeType":1498,"data":9911,"content":9912},{},[9913,9918],{"nodeType":1482,"value":9914,"marks":9915,"data":9917},"Remote browser isolation",[9916],{"type":1519},{},{"nodeType":1482,"value":9919,"marks":9920,"data":9921}," addresses browser exploit risk rather than the identity-first attacks that represent the majority of current enterprise browser risk, and introduces UX friction that limits deployment at scale. When it triggers, it introduces latency but still fails to detect and stop browser-native attacks.",[],{},{"nodeType":1511,"data":9923,"content":9924},{},[],{"nodeType":1521,"data":9926,"content":9927},{},[9928],{"nodeType":1482,"value":9929,"marks":9930,"data":9932},"How Push Security maps to the highest-value security use cases",[9931],{"type":1519},{},{"nodeType":1498,"data":9934,"content":9935},{},[9936],{"nodeType":1482,"value":9937,"marks":9938,"data":9939},"Push is purpose-built to address all of these problems using a flexible browser extension — plug into any browser with no migration, no host agent deployment, and no IT overhead — that delivers telemetry and control from day one, and extends coverage to every enrolled browser regardless of device ownership.",[],{},{"nodeType":2601,"data":9941,"content":9942},{},[9943,9968,9992,10016,10040,10063,10087,10111,10135,10159,10183,10207],{"nodeType":2605,"data":9944,"content":9945},{},[9946,9957],{"nodeType":2609,"data":9947,"content":9948},{},[9949],{"nodeType":1498,"data":9950,"content":9951},{},[9952],{"nodeType":1482,"value":9953,"marks":9954,"data":9956},"Security use case",[9955],{"type":1519},{},{"nodeType":2609,"data":9958,"content":9959},{},[9960],{"nodeType":1498,"data":9961,"content":9962},{},[9963],{"nodeType":1482,"value":9964,"marks":9965,"data":9967},"How Push addresses it",[9966],{"type":1519},{},{"nodeType":2605,"data":9969,"content":9970},{},[9971,9982],{"nodeType":2609,"data":9972,"content":9973},{},[9974],{"nodeType":1498,"data":9975,"content":9976},{},[9977],{"nodeType":1482,"value":9978,"marks":9979,"data":9981},"Account takeover prevention",[9980],{"type":1519},{},{"nodeType":2609,"data":9983,"content":9984},{},[9985],{"nodeType":1498,"data":9986,"content":9987},{},[9988],{"nodeType":1482,"value":9989,"marks":9990,"data":9991},"Surfaces and fixes ghost logins, weak and breached credentials and missing MFA controls across every app and device — including shadow SaaS and unmanaged devices invisible to the IdP. Push also detects and stops the attack techniques that typically lead to ATO early in the kill chain and before an account can be compromised.",[],{},{"nodeType":2605,"data":9993,"content":9994},{},[9995,10006],{"nodeType":2609,"data":9996,"content":9997},{},[9998],{"nodeType":1498,"data":9999,"content":10000},{},[10001],{"nodeType":1482,"value":10002,"marks":10003,"data":10005},"Advanced phishing detection",[10004],{"type":1519},{},{"nodeType":2609,"data":10007,"content":10008},{},[10009],{"nodeType":1498,"data":10010,"content":10011},{},[10012],{"nodeType":1482,"value":10013,"marks":10014,"data":10015},"Behavioral page analysis detects phishing kits regardless of whether the domain is known-bad. Credential entry guardrails block corporate passwords from being submitted to unauthorized domains. TTP-based detection remains effective as attacker infrastructure rotates.",[],{},{"nodeType":2605,"data":10017,"content":10018},{},[10019,10030],{"nodeType":2609,"data":10020,"content":10021},{},[10022],{"nodeType":1498,"data":10023,"content":10024},{},[10025],{"nodeType":1482,"value":10026,"marks":10027,"data":10029},"Identity posture hardening",[10028],{"type":1519},{},{"nodeType":2609,"data":10031,"content":10032},{},[10033],{"nodeType":1498,"data":10034,"content":10035},{},[10036],{"nodeType":1482,"value":10037,"marks":10038,"data":10039},"Enforces MFA, strong credentials, and SSO adoption across every app the IdP doesn't manage. Produces continuous, auditable MFA coverage and credential hygiene evidence across the full application and device estate.",[],{},{"nodeType":2605,"data":10041,"content":10042},{},[10043,10053],{"nodeType":2609,"data":10044,"content":10045},{},[10046],{"nodeType":1498,"data":10047,"content":10048},{},[10049],{"nodeType":1482,"value":406,"marks":10050,"data":10052},[10051],{"type":1519},{},{"nodeType":2609,"data":10054,"content":10055},{},[10056],{"nodeType":1498,"data":10057,"content":10058},{},[10059],{"nodeType":1482,"value":10060,"marks":10061,"data":10062},"Live extension inventory with supply chain change event monitoring — ownership transfers, permission escalations, developer contact changes — rather than static risk scoring. Supports default-deny allowlisting and remote extension removal. Blocks known-bad malicious extensions automatically.",[],{},{"nodeType":2605,"data":10064,"content":10065},{},[10066,10077],{"nodeType":2609,"data":10067,"content":10068},{},[10069],{"nodeType":1498,"data":10070,"content":10071},{},[10072],{"nodeType":1482,"value":10073,"marks":10074,"data":10076},"Shadow SaaS and OAuth governance",[10075],{"type":1519},{},{"nodeType":2609,"data":10078,"content":10079},{},[10080],{"nodeType":1498,"data":10081,"content":10082},{},[10083],{"nodeType":1482,"value":10084,"marks":10085,"data":10086},"Discovers shadow SaaS from actual login events with full authentication context. Monitors and blocks OAuth consent flows — including AI and MCP integrations — in real time before persistent access paths are created.",[],{},{"nodeType":2605,"data":10088,"content":10089},{},[10090,10101],{"nodeType":2609,"data":10091,"content":10092},{},[10093],{"nodeType":1498,"data":10094,"content":10095},{},[10096],{"nodeType":1482,"value":10097,"marks":10098,"data":10100},"ClickFix and the *Fix family",[10099],{"type":1519},{},{"nodeType":2609,"data":10102,"content":10103},{},[10104],{"nodeType":1498,"data":10105,"content":10106},{},[10107],{"nodeType":1482,"value":10108,"marks":10109,"data":10110},"Detects and blocks ClickFix lures, clipboard injection, and browser-native variants like ConsentFix in real time — before the payload executes or OAuth key material is captured.",[],{},{"nodeType":2605,"data":10112,"content":10113},{},[10114,10125],{"nodeType":2609,"data":10115,"content":10116},{},[10117],{"nodeType":1498,"data":10118,"content":10119},{},[10120],{"nodeType":1482,"value":10121,"marks":10122,"data":10124},"AI visibility & control",[10123],{"type":1519},{},{"nodeType":2609,"data":10126,"content":10127},{},[10128],{"nodeType":1498,"data":10129,"content":10130},{},[10131],{"nodeType":1482,"value":10132,"marks":10133,"data":10134},"Enforces which AI tools employees can access and routes usage to corporate tenants. Governs AI browser extensions and blocks OAuth consent grants to unapproved AI applications — drawing on the same Tier 1 capabilities (OAuth governance, extension security, shadow SaaS discovery) that make this possible.",[],{},{"nodeType":2605,"data":10136,"content":10137},{},[10138,10149],{"nodeType":2609,"data":10139,"content":10140},{},[10141],{"nodeType":1498,"data":10142,"content":10143},{},[10144],{"nodeType":1482,"value":10145,"marks":10146,"data":10148},"Security investigations & incident response",[10147],{"type":1519},{},{"nodeType":2609,"data":10150,"content":10151},{},[10152],{"nodeType":1498,"data":10153,"content":10154},{},[10155],{"nodeType":1482,"value":10156,"marks":10157,"data":10158},"High-fidelity session telemetry — page loads, credential entries, DOM changes, OAuth grants — fills the missing middle that endpoint, network, and IdP logs leave open. Feeds directly into SIEM and SOAR for automated response.",[],{},{"nodeType":2605,"data":10160,"content":10161},{},[10162,10173],{"nodeType":2609,"data":10163,"content":10164},{},[10165],{"nodeType":1498,"data":10166,"content":10167},{},[10168],{"nodeType":1482,"value":10169,"marks":10170,"data":10172},"Infostealer defense",[10171],{"type":1519},{},{"nodeType":2609,"data":10174,"content":10175},{},[10176],{"nodeType":1498,"data":10177,"content":10178},{},[10179],{"nodeType":1482,"value":10180,"marks":10181,"data":10182},"Intercepts ClickFix-based infostealer delivery before execution. Detects token replay in unenrolled browser contexts — catching post-theft abuse from AiTM-sourced tokens and infostealer-harvested cookies, including from unmanaged devices.",[],{},{"nodeType":2605,"data":10184,"content":10185},{},[10186,10197],{"nodeType":2609,"data":10187,"content":10188},{},[10189],{"nodeType":1498,"data":10190,"content":10191},{},[10192],{"nodeType":1482,"value":10193,"marks":10194,"data":10196},"Data loss prevention",[10195],{"type":1519},{},{"nodeType":2609,"data":10198,"content":10199},{},[10200],{"nodeType":1498,"data":10201,"content":10202},{},[10203],{"nodeType":1482,"value":10204,"marks":10205,"data":10206},"Observes file uploads, downloads, and sensitive data inputs across all applications. Extends data loss visibility to BYOD and contractor devices where endpoint DLP cannot reach.",[],{},{"nodeType":2605,"data":10208,"content":10209},{},[10210,10220],{"nodeType":2609,"data":10211,"content":10212},{},[10213],{"nodeType":1498,"data":10214,"content":10215},{},[10216],{"nodeType":1482,"value":9884,"marks":10217,"data":10219},[10218],{"type":1519},{},{"nodeType":2609,"data":10221,"content":10222},{},[10223],{"nodeType":1498,"data":10224,"content":10225},{},[10226],{"nodeType":1482,"value":10227,"marks":10228,"data":10229},"Custom URL blocklists with wildcard support and REST API management for threat intelligence feed sync. Application category blocking restricts access to classes of apps (file-sharing, unsanctioned AI tools) configurable by user group. Domain categorization bringing SWG-style category blocking natively to the browser without a network proxy.",[],{},{"nodeType":1511,"data":10231,"content":10232},{},[],{"nodeType":1498,"data":10234,"content":10235},{},[10236,10240,10247],{"nodeType":1482,"value":10237,"marks":10238,"data":10239},"Push Security is the most powerful AI-native security tool in the browser. Think EDR, but for the browser — high-fidelity telemetry and real-time control across every session, on every device, with no browser migration required.",[],{},{"nodeType":1493,"data":10241,"content":10242},{"uri":2043},[10243],{"nodeType":1482,"value":10244,"marks":10245,"data":10246}," Book a live demo to learn more.",[],{},{"nodeType":1482,"value":29,"marks":10248,"data":10249},[],{},"The top 10 security problems you can solve in the browser — ranked by value","Ranking the security problems you can solve in the browser by security value and browser fit.","2026-05-14T00:00:00.000Z","the-top-10-security-problems-you-can-solve-in-the-browser-ranked-by-value",{"items":10255},[10256,10258],{"sys":10257,"name":6837},{"id":6836},{"sys":10259,"name":8291},{"id":8290},{"items":10261},[10262],{"fullName":6845,"firstName":6846,"jobTitle":6847,"profilePicture":10263},{"url":6849},"the-case-for-best-of-breed-browser-security","blog/the-case-for-best-of-breed-browser-security",{"json":10267},{"data":10268,"content":10269,"nodeType":2060},{},[10270],{"data":10271,"content":10272,"nodeType":1498},{},[10273],{"data":10274,"marks":10275,"value":10276,"nodeType":1482},{},[],"Why \"good enough\" isn’t enough when it comes to browser security, and a best-of-breed approach is needed to tackle emerging threats.",{"id":10278,"publishedAt":10279},"LlTjdYp5ALHM3YIvsCibZ","2026-05-19T12:17:38.563Z",{"items":10281},[10282,10284],{"sys":10283,"name":6837},{"id":6836},{"sys":10285,"name":5062},{"id":5061},"A9csX-crueui2gaiHRVOus5jvekWCUogRrkFKoeHZoY",{"id":10288,"title":10250,"authorsCollection":10289,"content":10293,"extension":2073,"hashTags":62,"meta":11568,"metaTitle":11569,"ogImage":62,"publishedDate":10252,"relatedBlogPostsCollection":11570,"slug":10253,"stem":13363,"subtitle":62,"summary":13364,"synopsis":10251,"sys":13375,"tagsCollection":13377,"__hash__":13383},"blog/blog/the-top-10-security-problems-you-can-solve-in-the-browser-ranked-by-value.json",{"items":10290},[10291],{"fullName":6845,"firstName":6846,"jobTitle":6847,"profilePicture":10292},{"url":6849},{"json":10294,"links":11362},{"nodeType":2060,"data":10295,"content":10296},{},[10297,10310,10315,10321,10327,10332,10335,10342,10349,10364,10402,10407,10420,10423,10430,10437,10459,10491,10497,10500,10507,10514,10520,10525,10531,10534,10541,10548,10582,10612,10618,10621,10628,10635,10655,10661,10700,10706,10709,10716,10723,10759,10765,10770,10773,10780,10787,10813,10819,10824,10830,10833,10840,10847,10870,10876,10882,10888,10891,10898,10905,10911,10916,10922,10943,10966,10969,10976,10983,10989,10995,10998,11005,11060,11063,11070,11076,11344,11347],{"nodeType":1498,"data":10298,"content":10299},{},[10300,10303,10307],{"nodeType":1482,"value":9028,"marks":10301,"data":10302},[],{},{"nodeType":1482,"value":9032,"marks":10304,"data":10306},[10305],{"type":1519},{},{"nodeType":1482,"value":9037,"marks":10308,"data":10309},[],{},{"nodeType":1507,"data":10311,"content":10314},{"target":10312},{"sys":10313},{"id":9044,"type":1504,"linkType":1505},[],{"nodeType":1498,"data":10316,"content":10317},{},[10318],{"nodeType":1482,"value":9050,"marks":10319,"data":10320},[],{},{"nodeType":1498,"data":10322,"content":10323},{},[10324],{"nodeType":1482,"value":9057,"marks":10325,"data":10326},[],{},{"nodeType":1507,"data":10328,"content":10331},{"target":10329},{"sys":10330},{"id":9064,"type":1504,"linkType":1505},[],{"nodeType":1511,"data":10333,"content":10334},{},[],{"nodeType":1521,"data":10336,"content":10337},{},[10338],{"nodeType":1482,"value":9073,"marks":10339,"data":10341},[10340],{"type":1519},{},{"nodeType":1498,"data":10343,"content":10344},{},[10345],{"nodeType":1482,"value":9081,"marks":10346,"data":10348},[10347],{"type":1519},{},{"nodeType":1498,"data":10350,"content":10351},{},[10352,10355,10361],{"nodeType":1482,"value":9089,"marks":10353,"data":10354},[],{},{"nodeType":1493,"data":10356,"content":10357},{"uri":9094},[10358],{"nodeType":1482,"value":9097,"marks":10359,"data":10360},[],{},{"nodeType":1482,"value":9101,"marks":10362,"data":10363},[],{},{"nodeType":1498,"data":10365,"content":10366},{},[10367,10370,10376,10379,10383,10386,10390,10393,10399],{"nodeType":1482,"value":9108,"marks":10368,"data":10369},[],{},{"nodeType":1493,"data":10371,"content":10372},{"uri":9113},[10373],{"nodeType":1482,"value":9116,"marks":10374,"data":10375},[],{},{"nodeType":1482,"value":2471,"marks":10377,"data":10378},[],{},{"nodeType":1482,"value":9123,"marks":10380,"data":10382},[10381],{"type":1519},{},{"nodeType":1482,"value":2386,"marks":10384,"data":10385},[],{},{"nodeType":1482,"value":9131,"marks":10387,"data":10389},[10388],{"type":1519},{},{"nodeType":1482,"value":9136,"marks":10391,"data":10392},[],{},{"nodeType":1493,"data":10394,"content":10395},{"uri":9141},[10396],{"nodeType":1482,"value":5632,"marks":10397,"data":10398},[],{},{"nodeType":1482,"value":9147,"marks":10400,"data":10401},[],{},{"nodeType":1507,"data":10403,"content":10406},{"target":10404},{"sys":10405},{"id":9154,"type":1504,"linkType":1505},[],{"nodeType":1498,"data":10408,"content":10409},{},[10410,10413,10417],{"nodeType":1482,"value":9160,"marks":10411,"data":10412},[],{},{"nodeType":1482,"value":9164,"marks":10414,"data":10416},[10415],{"type":1519},{},{"nodeType":1482,"value":1576,"marks":10418,"data":10419},[],{},{"nodeType":1511,"data":10421,"content":10422},{},[],{"nodeType":1521,"data":10424,"content":10425},{},[10426],{"nodeType":1482,"value":9178,"marks":10427,"data":10429},[10428],{"type":1519},{},{"nodeType":1498,"data":10431,"content":10432},{},[10433],{"nodeType":1482,"value":9081,"marks":10434,"data":10436},[10435],{"type":1519},{},{"nodeType":1498,"data":10438,"content":10439},{},[10440,10443,10449,10452,10456],{"nodeType":1482,"value":9193,"marks":10441,"data":10442},[],{},{"nodeType":1493,"data":10444,"content":10445},{"uri":9198},[10446],{"nodeType":1482,"value":9201,"marks":10447,"data":10448},[],{},{"nodeType":1482,"value":9205,"marks":10450,"data":10451},[],{},{"nodeType":1482,"value":9209,"marks":10453,"data":10455},[10454],{"type":1519},{},{"nodeType":1482,"value":9214,"marks":10457,"data":10458},[],{},{"nodeType":1498,"data":10460,"content":10461},{},[10462,10465,10471,10474,10478,10481,10488],{"nodeType":1482,"value":9221,"marks":10463,"data":10464},[],{},{"nodeType":1493,"data":10466,"content":10467},{"uri":9226},[10468],{"nodeType":1482,"value":9229,"marks":10469,"data":10470},[],{},{"nodeType":1482,"value":9233,"marks":10472,"data":10473},[],{},{"nodeType":1482,"value":9237,"marks":10475,"data":10477},[10476],{"type":1519},{},{"nodeType":1482,"value":9242,"marks":10479,"data":10480},[],{},{"nodeType":1493,"data":10482,"content":10483},{"uri":9247},[10484],{"nodeType":1482,"value":9250,"marks":10485,"data":10487},[10486],{"type":1519},{},{"nodeType":1482,"value":9255,"marks":10489,"data":10490},[],{},{"nodeType":1498,"data":10492,"content":10493},{},[10494],{"nodeType":1482,"value":9262,"marks":10495,"data":10496},[],{},{"nodeType":1511,"data":10498,"content":10499},{},[],{"nodeType":1521,"data":10501,"content":10502},{},[10503],{"nodeType":1482,"value":9272,"marks":10504,"data":10506},[10505],{"type":1519},{},{"nodeType":1498,"data":10508,"content":10509},{},[10510],{"nodeType":1482,"value":9280,"marks":10511,"data":10513},[10512],{"type":1519},{},{"nodeType":1498,"data":10515,"content":10516},{},[10517],{"nodeType":1482,"value":9288,"marks":10518,"data":10519},[],{},{"nodeType":1507,"data":10521,"content":10524},{"target":10522},{"sys":10523},{"id":9295,"type":1504,"linkType":1505},[],{"nodeType":1498,"data":10526,"content":10527},{},[10528],{"nodeType":1482,"value":9301,"marks":10529,"data":10530},[],{},{"nodeType":1511,"data":10532,"content":10533},{},[],{"nodeType":1521,"data":10535,"content":10536},{},[10537],{"nodeType":1482,"value":9311,"marks":10538,"data":10540},[10539],{"type":1519},{},{"nodeType":1498,"data":10542,"content":10543},{},[10544],{"nodeType":1482,"value":9280,"marks":10545,"data":10547},[10546],{"type":1519},{},{"nodeType":1498,"data":10549,"content":10550},{},[10551,10554,10561,10564,10570,10573,10579],{"nodeType":1482,"value":9326,"marks":10552,"data":10553},[],{},{"nodeType":1493,"data":10555,"content":10556},{"uri":9331},[10557],{"nodeType":1482,"value":9334,"marks":10558,"data":10560},[10559],{"type":1491},{},{"nodeType":1482,"value":1609,"marks":10562,"data":10563},[],{},{"nodeType":1493,"data":10565,"content":10566},{"uri":9343},[10567],{"nodeType":1482,"value":9346,"marks":10568,"data":10569},[],{},{"nodeType":1482,"value":1609,"marks":10571,"data":10572},[],{},{"nodeType":1493,"data":10574,"content":10575},{"uri":9354},[10576],{"nodeType":1482,"value":9357,"marks":10577,"data":10578},[],{},{"nodeType":1482,"value":9361,"marks":10580,"data":10581},[],{},{"nodeType":1498,"data":10583,"content":10584},{},[10585,10588,10595,10598,10602,10605,10609],{"nodeType":1482,"value":29,"marks":10586,"data":10587},[],{},{"nodeType":1493,"data":10589,"content":10590},{"uri":5490},[10591],{"nodeType":1482,"value":9374,"marks":10592,"data":10594},[10593],{"type":1491},{},{"nodeType":1482,"value":9379,"marks":10596,"data":10597},[],{},{"nodeType":1482,"value":9383,"marks":10599,"data":10601},[10600],{"type":1519},{},{"nodeType":1482,"value":9388,"marks":10603,"data":10604},[],{},{"nodeType":1482,"value":9392,"marks":10606,"data":10608},[10607],{"type":274},{},{"nodeType":1482,"value":9397,"marks":10610,"data":10611},[],{},{"nodeType":1498,"data":10613,"content":10614},{},[10615],{"nodeType":1482,"value":9404,"marks":10616,"data":10617},[],{},{"nodeType":1511,"data":10619,"content":10620},{},[],{"nodeType":1521,"data":10622,"content":10623},{},[10624],{"nodeType":1482,"value":9414,"marks":10625,"data":10627},[10626],{"type":1519},{},{"nodeType":1498,"data":10629,"content":10630},{},[10631],{"nodeType":1482,"value":9280,"marks":10632,"data":10634},[10633],{"type":1519},{},{"nodeType":1498,"data":10636,"content":10637},{},[10638,10641,10645,10648,10652],{"nodeType":1482,"value":9429,"marks":10639,"data":10640},[],{},{"nodeType":1482,"value":9433,"marks":10642,"data":10644},[10643],{"type":274},{},{"nodeType":1482,"value":9438,"marks":10646,"data":10647},[],{},{"nodeType":1482,"value":9442,"marks":10649,"data":10651},[10650],{"type":274},{},{"nodeType":1482,"value":9447,"marks":10653,"data":10654},[],{},{"nodeType":1498,"data":10656,"content":10657},{},[10658],{"nodeType":1482,"value":9454,"marks":10659,"data":10660},[],{},{"nodeType":2295,"data":10662,"content":10663},{},[10664,10682],{"nodeType":2299,"data":10665,"content":10666},{},[10667],{"nodeType":1498,"data":10668,"content":10669},{},[10670,10673,10679],{"nodeType":1482,"value":5624,"marks":10671,"data":10672},[],{},{"nodeType":1493,"data":10674,"content":10675},{"uri":1946},[10676],{"nodeType":1482,"value":9473,"marks":10677,"data":10678},[],{},{"nodeType":1482,"value":9477,"marks":10680,"data":10681},[],{},{"nodeType":2299,"data":10683,"content":10684},{},[10685],{"nodeType":1498,"data":10686,"content":10687},{},[10688,10691,10697],{"nodeType":1482,"value":5624,"marks":10689,"data":10690},[],{},{"nodeType":1493,"data":10692,"content":10693},{"uri":6335},[10694],{"nodeType":1482,"value":9493,"marks":10695,"data":10696},[],{},{"nodeType":1482,"value":9497,"marks":10698,"data":10699},[],{},{"nodeType":1498,"data":10701,"content":10702},{},[10703],{"nodeType":1482,"value":9504,"marks":10704,"data":10705},[],{},{"nodeType":1511,"data":10707,"content":10708},{},[],{"nodeType":1521,"data":10710,"content":10711},{},[10712],{"nodeType":1482,"value":9514,"marks":10713,"data":10715},[10714],{"type":1519},{},{"nodeType":1498,"data":10717,"content":10718},{},[10719],{"nodeType":1482,"value":9522,"marks":10720,"data":10722},[10721],{"type":1519},{},{"nodeType":1498,"data":10724,"content":10725},{},[10726,10729,10733,10736,10742,10745,10749,10752,10756],{"nodeType":1482,"value":9530,"marks":10727,"data":10728},[],{},{"nodeType":1482,"value":9534,"marks":10730,"data":10732},[10731],{"type":1519},{},{"nodeType":1482,"value":9539,"marks":10734,"data":10735},[],{},{"nodeType":1493,"data":10737,"content":10738},{"uri":5314},[10739],{"nodeType":1482,"value":9546,"marks":10740,"data":10741},[],{},{"nodeType":1482,"value":9550,"marks":10743,"data":10744},[],{},{"nodeType":1482,"value":9554,"marks":10746,"data":10748},[10747],{"type":1519},{},{"nodeType":1482,"value":9559,"marks":10750,"data":10751},[],{},{"nodeType":1482,"value":9563,"marks":10753,"data":10755},[10754],{"type":1519},{},{"nodeType":1482,"value":9568,"marks":10757,"data":10758},[],{},{"nodeType":1498,"data":10760,"content":10761},{},[10762],{"nodeType":1482,"value":9575,"marks":10763,"data":10764},[],{},{"nodeType":1507,"data":10766,"content":10769},{"target":10767},{"sys":10768},{"id":9582,"type":1504,"linkType":1505},[],{"nodeType":1511,"data":10771,"content":10772},{},[],{"nodeType":1521,"data":10774,"content":10775},{},[10776],{"nodeType":1482,"value":9591,"marks":10777,"data":10779},[10778],{"type":1519},{},{"nodeType":1498,"data":10781,"content":10782},{},[10783],{"nodeType":1482,"value":9599,"marks":10784,"data":10786},[10785],{"type":1519},{},{"nodeType":1498,"data":10788,"content":10789},{},[10790,10793,10800,10803,10810],{"nodeType":1482,"value":9607,"marks":10791,"data":10792},[],{},{"nodeType":1493,"data":10794,"content":10795},{"uri":6870},[10796],{"nodeType":1482,"value":9614,"marks":10797,"data":10799},[10798],{"type":1519},{},{"nodeType":1482,"value":9619,"marks":10801,"data":10802},[],{},{"nodeType":1493,"data":10804,"content":10805},{"uri":9624},[10806],{"nodeType":1482,"value":9627,"marks":10807,"data":10809},[10808],{"type":1519},{},{"nodeType":1482,"value":9632,"marks":10811,"data":10812},[],{},{"nodeType":1498,"data":10814,"content":10815},{},[10816],{"nodeType":1482,"value":9639,"marks":10817,"data":10818},[],{},{"nodeType":1507,"data":10820,"content":10823},{"target":10821},{"sys":10822},{"id":9646,"type":1504,"linkType":1505},[],{"nodeType":1498,"data":10825,"content":10826},{},[10827],{"nodeType":1482,"value":9652,"marks":10828,"data":10829},[],{},{"nodeType":1511,"data":10831,"content":10832},{},[],{"nodeType":1521,"data":10834,"content":10835},{},[10836],{"nodeType":1482,"value":9662,"marks":10837,"data":10839},[10838],{"type":1519},{},{"nodeType":1498,"data":10841,"content":10842},{},[10843],{"nodeType":1482,"value":9670,"marks":10844,"data":10846},[10845],{"type":1519},{},{"nodeType":1498,"data":10848,"content":10849},{},[10850,10853,10857,10860,10867],{"nodeType":1482,"value":9678,"marks":10851,"data":10852},[],{},{"nodeType":1482,"value":9682,"marks":10854,"data":10856},[10855],{"type":274},{},{"nodeType":1482,"value":9687,"marks":10858,"data":10859},[],{},{"nodeType":1493,"data":10861,"content":10862},{"uri":9692},[10863],{"nodeType":1482,"value":9695,"marks":10864,"data":10866},[10865],{"type":1519},{},{"nodeType":1482,"value":9700,"marks":10868,"data":10869},[],{},{"nodeType":1498,"data":10871,"content":10872},{},[10873],{"nodeType":1482,"value":9707,"marks":10874,"data":10875},[],{},{"nodeType":1498,"data":10877,"content":10878},{},[10879],{"nodeType":1482,"value":9714,"marks":10880,"data":10881},[],{},{"nodeType":1498,"data":10883,"content":10884},{},[10885],{"nodeType":1482,"value":9721,"marks":10886,"data":10887},[],{},{"nodeType":1511,"data":10889,"content":10890},{},[],{"nodeType":1521,"data":10892,"content":10893},{},[10894],{"nodeType":1482,"value":9731,"marks":10895,"data":10897},[10896],{"type":1519},{},{"nodeType":1498,"data":10899,"content":10900},{},[10901],{"nodeType":1482,"value":9739,"marks":10902,"data":10904},[10903],{"type":1519},{},{"nodeType":1498,"data":10906,"content":10907},{},[10908],{"nodeType":1482,"value":9747,"marks":10909,"data":10910},[],{},{"nodeType":1507,"data":10912,"content":10915},{"target":10913},{"sys":10914},{"id":9754,"type":1504,"linkType":1505},[],{"nodeType":1498,"data":10917,"content":10918},{},[10919],{"nodeType":1482,"value":9760,"marks":10920,"data":10921},[],{},{"nodeType":2295,"data":10923,"content":10924},{},[10925,10934],{"nodeType":2299,"data":10926,"content":10927},{},[10928],{"nodeType":1498,"data":10929,"content":10930},{},[10931],{"nodeType":1482,"value":9773,"marks":10932,"data":10933},[],{},{"nodeType":2299,"data":10935,"content":10936},{},[10937],{"nodeType":1498,"data":10938,"content":10939},{},[10940],{"nodeType":1482,"value":9783,"marks":10941,"data":10942},[],{},{"nodeType":1498,"data":10944,"content":10945},{},[10946,10949,10956,10959,10963],{"nodeType":1482,"value":9790,"marks":10947,"data":10948},[],{},{"nodeType":1493,"data":10950,"content":10951},{"uri":9795},[10952],{"nodeType":1482,"value":9798,"marks":10953,"data":10955},[10954],{"type":1519},{},{"nodeType":1482,"value":9803,"marks":10957,"data":10958},[],{},{"nodeType":1482,"value":9807,"marks":10960,"data":10962},[10961],{"type":274},{},{"nodeType":1482,"value":9812,"marks":10964,"data":10965},[],{},{"nodeType":1511,"data":10967,"content":10968},{},[],{"nodeType":1521,"data":10970,"content":10971},{},[10972],{"nodeType":1482,"value":9822,"marks":10973,"data":10975},[10974],{"type":1519},{},{"nodeType":1498,"data":10977,"content":10978},{},[10979],{"nodeType":1482,"value":9830,"marks":10980,"data":10982},[10981],{"type":1519},{},{"nodeType":1498,"data":10984,"content":10985},{},[10986],{"nodeType":1482,"value":9838,"marks":10987,"data":10988},[],{},{"nodeType":1498,"data":10990,"content":10991},{},[10992],{"nodeType":1482,"value":9845,"marks":10993,"data":10994},[],{},{"nodeType":1511,"data":10996,"content":10997},{},[],{"nodeType":1521,"data":10999,"content":11000},{},[11001],{"nodeType":1482,"value":9855,"marks":11002,"data":11004},[11003],{"type":1519},{},{"nodeType":2295,"data":11006,"content":11007},{},[11008,11021,11034,11047],{"nodeType":2299,"data":11009,"content":11010},{},[11011],{"nodeType":1498,"data":11012,"content":11013},{},[11014,11018],{"nodeType":1482,"value":9869,"marks":11015,"data":11017},[11016],{"type":1519},{},{"nodeType":1482,"value":9874,"marks":11019,"data":11020},[],{},{"nodeType":2299,"data":11022,"content":11023},{},[11024],{"nodeType":1498,"data":11025,"content":11026},{},[11027,11031],{"nodeType":1482,"value":9884,"marks":11028,"data":11030},[11029],{"type":1519},{},{"nodeType":1482,"value":9889,"marks":11032,"data":11033},[],{},{"nodeType":2299,"data":11035,"content":11036},{},[11037],{"nodeType":1498,"data":11038,"content":11039},{},[11040,11044],{"nodeType":1482,"value":9899,"marks":11041,"data":11043},[11042],{"type":1519},{},{"nodeType":1482,"value":9904,"marks":11045,"data":11046},[],{},{"nodeType":2299,"data":11048,"content":11049},{},[11050],{"nodeType":1498,"data":11051,"content":11052},{},[11053,11057],{"nodeType":1482,"value":9914,"marks":11054,"data":11056},[11055],{"type":1519},{},{"nodeType":1482,"value":9919,"marks":11058,"data":11059},[],{},{"nodeType":1511,"data":11061,"content":11062},{},[],{"nodeType":1521,"data":11064,"content":11065},{},[11066],{"nodeType":1482,"value":9929,"marks":11067,"data":11069},[11068],{"type":1519},{},{"nodeType":1498,"data":11071,"content":11072},{},[11073],{"nodeType":1482,"value":9937,"marks":11074,"data":11075},[],{},{"nodeType":2601,"data":11077,"content":11078},{},[11079,11102,11124,11146,11168,11190,11212,11234,11256,11278,11300,11322],{"nodeType":2605,"data":11080,"content":11081},{},[11082,11092],{"nodeType":2609,"data":11083,"content":11084},{},[11085],{"nodeType":1498,"data":11086,"content":11087},{},[11088],{"nodeType":1482,"value":9953,"marks":11089,"data":11091},[11090],{"type":1519},{},{"nodeType":2609,"data":11093,"content":11094},{},[11095],{"nodeType":1498,"data":11096,"content":11097},{},[11098],{"nodeType":1482,"value":9964,"marks":11099,"data":11101},[11100],{"type":1519},{},{"nodeType":2605,"data":11103,"content":11104},{},[11105,11115],{"nodeType":2609,"data":11106,"content":11107},{},[11108],{"nodeType":1498,"data":11109,"content":11110},{},[11111],{"nodeType":1482,"value":9978,"marks":11112,"data":11114},[11113],{"type":1519},{},{"nodeType":2609,"data":11116,"content":11117},{},[11118],{"nodeType":1498,"data":11119,"content":11120},{},[11121],{"nodeType":1482,"value":9989,"marks":11122,"data":11123},[],{},{"nodeType":2605,"data":11125,"content":11126},{},[11127,11137],{"nodeType":2609,"data":11128,"content":11129},{},[11130],{"nodeType":1498,"data":11131,"content":11132},{},[11133],{"nodeType":1482,"value":10002,"marks":11134,"data":11136},[11135],{"type":1519},{},{"nodeType":2609,"data":11138,"content":11139},{},[11140],{"nodeType":1498,"data":11141,"content":11142},{},[11143],{"nodeType":1482,"value":10013,"marks":11144,"data":11145},[],{},{"nodeType":2605,"data":11147,"content":11148},{},[11149,11159],{"nodeType":2609,"data":11150,"content":11151},{},[11152],{"nodeType":1498,"data":11153,"content":11154},{},[11155],{"nodeType":1482,"value":10026,"marks":11156,"data":11158},[11157],{"type":1519},{},{"nodeType":2609,"data":11160,"content":11161},{},[11162],{"nodeType":1498,"data":11163,"content":11164},{},[11165],{"nodeType":1482,"value":10037,"marks":11166,"data":11167},[],{},{"nodeType":2605,"data":11169,"content":11170},{},[11171,11181],{"nodeType":2609,"data":11172,"content":11173},{},[11174],{"nodeType":1498,"data":11175,"content":11176},{},[11177],{"nodeType":1482,"value":406,"marks":11178,"data":11180},[11179],{"type":1519},{},{"nodeType":2609,"data":11182,"content":11183},{},[11184],{"nodeType":1498,"data":11185,"content":11186},{},[11187],{"nodeType":1482,"value":10060,"marks":11188,"data":11189},[],{},{"nodeType":2605,"data":11191,"content":11192},{},[11193,11203],{"nodeType":2609,"data":11194,"content":11195},{},[11196],{"nodeType":1498,"data":11197,"content":11198},{},[11199],{"nodeType":1482,"value":10073,"marks":11200,"data":11202},[11201],{"type":1519},{},{"nodeType":2609,"data":11204,"content":11205},{},[11206],{"nodeType":1498,"data":11207,"content":11208},{},[11209],{"nodeType":1482,"value":10084,"marks":11210,"data":11211},[],{},{"nodeType":2605,"data":11213,"content":11214},{},[11215,11225],{"nodeType":2609,"data":11216,"content":11217},{},[11218],{"nodeType":1498,"data":11219,"content":11220},{},[11221],{"nodeType":1482,"value":10097,"marks":11222,"data":11224},[11223],{"type":1519},{},{"nodeType":2609,"data":11226,"content":11227},{},[11228],{"nodeType":1498,"data":11229,"content":11230},{},[11231],{"nodeType":1482,"value":10108,"marks":11232,"data":11233},[],{},{"nodeType":2605,"data":11235,"content":11236},{},[11237,11247],{"nodeType":2609,"data":11238,"content":11239},{},[11240],{"nodeType":1498,"data":11241,"content":11242},{},[11243],{"nodeType":1482,"value":10121,"marks":11244,"data":11246},[11245],{"type":1519},{},{"nodeType":2609,"data":11248,"content":11249},{},[11250],{"nodeType":1498,"data":11251,"content":11252},{},[11253],{"nodeType":1482,"value":10132,"marks":11254,"data":11255},[],{},{"nodeType":2605,"data":11257,"content":11258},{},[11259,11269],{"nodeType":2609,"data":11260,"content":11261},{},[11262],{"nodeType":1498,"data":11263,"content":11264},{},[11265],{"nodeType":1482,"value":10145,"marks":11266,"data":11268},[11267],{"type":1519},{},{"nodeType":2609,"data":11270,"content":11271},{},[11272],{"nodeType":1498,"data":11273,"content":11274},{},[11275],{"nodeType":1482,"value":10156,"marks":11276,"data":11277},[],{},{"nodeType":2605,"data":11279,"content":11280},{},[11281,11291],{"nodeType":2609,"data":11282,"content":11283},{},[11284],{"nodeType":1498,"data":11285,"content":11286},{},[11287],{"nodeType":1482,"value":10169,"marks":11288,"data":11290},[11289],{"type":1519},{},{"nodeType":2609,"data":11292,"content":11293},{},[11294],{"nodeType":1498,"data":11295,"content":11296},{},[11297],{"nodeType":1482,"value":10180,"marks":11298,"data":11299},[],{},{"nodeType":2605,"data":11301,"content":11302},{},[11303,11313],{"nodeType":2609,"data":11304,"content":11305},{},[11306],{"nodeType":1498,"data":11307,"content":11308},{},[11309],{"nodeType":1482,"value":10193,"marks":11310,"data":11312},[11311],{"type":1519},{},{"nodeType":2609,"data":11314,"content":11315},{},[11316],{"nodeType":1498,"data":11317,"content":11318},{},[11319],{"nodeType":1482,"value":10204,"marks":11320,"data":11321},[],{},{"nodeType":2605,"data":11323,"content":11324},{},[11325,11335],{"nodeType":2609,"data":11326,"content":11327},{},[11328],{"nodeType":1498,"data":11329,"content":11330},{},[11331],{"nodeType":1482,"value":9884,"marks":11332,"data":11334},[11333],{"type":1519},{},{"nodeType":2609,"data":11336,"content":11337},{},[11338],{"nodeType":1498,"data":11339,"content":11340},{},[11341],{"nodeType":1482,"value":10227,"marks":11342,"data":11343},[],{},{"nodeType":1511,"data":11345,"content":11346},{},[],{"nodeType":1498,"data":11348,"content":11349},{},[11350,11353,11359],{"nodeType":1482,"value":10237,"marks":11351,"data":11352},[],{},{"nodeType":1493,"data":11354,"content":11355},{"uri":2043},[11356],{"nodeType":1482,"value":10244,"marks":11357,"data":11358},[],{},{"nodeType":1482,"value":29,"marks":11360,"data":11361},[],{},{"entries":11363},{"hyperlink":11364,"inline":11365,"block":11366},[],[],[11367,11409,11418,11452,11488,11512,11526],{"sys":11368,"__typename":7454,"content":11369,"name":11408,"title":62},{"id":9044},{"json":11370},{"nodeType":2060,"data":11371,"content":11372},{},[11373],{"nodeType":1498,"data":11374,"content":11375},{},[11376,11379,11386,11390,11395,11399,11404],{"nodeType":1482,"value":9108,"marks":11377,"data":11378},[],{},{"nodeType":1493,"data":11380,"content":11381},{"uri":6870},[11382],{"nodeType":1482,"value":11383,"marks":11384,"data":11385}," Omdia's 2026 research",[],{},{"nodeType":1482,"value":11387,"marks":11388,"data":11389},", browser security is already a top-five priority for ",[],{},{"nodeType":1482,"value":11391,"marks":11392,"data":11394},"88% of organizations",[11393],{"type":1519},{},{"nodeType":1482,"value":11396,"marks":11397,"data":11398},", and the top priority for ",[],{},{"nodeType":1482,"value":11400,"marks":11401,"data":11403},"26%",[11402],{"type":1519},{},{"nodeType":1482,"value":11405,"marks":11406,"data":11407},". Of those that have deployed browser security solutions, the results speak for themselves: security leaders consistently report high satisfaction with the visibility and control they gain at a layer that was previously a blind spot.",[],{},"Top 10 Browser Problems IB1",{"sys":11410,"__typename":11411,"title":11412,"caption":11413,"layoutMode":62,"file":11414},{"id":9064},"Image","top 10 browser security infographic","The top 10 security problems you can solve in the browser, ranked by security value and browser fit.",{"url":11415,"width":11416,"height":11417},"https://images.ctfassets.net/y1cdw1ablpvd/1ARDI5m8UJTN9QXXfbyyeO/ad04834463f3537a724ecfcaa0054fb0/top10_browser_security_infographic_4x__14_.png",2080,2484,{"sys":11419,"__typename":7454,"content":11420,"name":11451,"title":62},{"id":9154},{"json":11421},{"data":11422,"content":11423,"nodeType":2060},{},[11424],{"data":11425,"content":11426,"nodeType":1498},{},[11427,11431,11438,11442,11447],{"data":11428,"marks":11429,"value":11430,"nodeType":1482},{},[],"Every login, regardless of method or app, happens inside a browser session. That makes the browser the only layer capable of observing the complete authentication picture.",{"data":11432,"content":11433,"nodeType":1493},{"uri":7270},[11434],{"data":11435,"marks":11436,"value":11437,"nodeType":1482},{},[]," Push's telemetry illustrates the gap",{"data":11439,"marks":11440,"value":11441,"nodeType":1482},{},[],": of the last million logins observed, ",{"data":11443,"marks":11444,"value":11446,"nodeType":1482},{},[11445],{"type":1519},"1 in 4 were password logins rather than SSO, 2 in 5 lacked MFA, and 1 in 5 used a weak, breached, or reused credential",{"data":11448,"marks":11449,"value":11450,"nodeType":1482},{},[]," — none of which is visible to an IdP that only surfaces authentications flowing through it. ","Top 10 Browser Problems IB2",{"sys":11453,"__typename":7454,"content":11454,"name":11487,"title":62},{"id":9295},{"json":11455},{"data":11456,"content":11457,"nodeType":2060},{},[11458],{"data":11459,"content":11460,"nodeType":1498},{},[11461,11465,11470,11474,11483],{"data":11462,"marks":11463,"value":11464,"nodeType":1482},{},[],"The average employee logs into more than 15 applications, the majority with logins outside SSO coverage. IdP policies and SSPM findings have no mechanism to intervene in authentication flows they don't control. ",{"data":11466,"marks":11467,"value":11469,"nodeType":1482},{},[11468],{"type":1519},"47% of BEC victims had not enforced MFA in their Microsoft 365 environment",{"data":11471,"marks":11472,"value":11473,"nodeType":1482},{},[]," (",{"data":11475,"content":11477,"nodeType":1493},{"uri":11476},"https://www.s-rminform.com/cyber-insights-report-2026",[11478],{"data":11479,"marks":11480,"value":11482,"nodeType":1482},{},[11481],{"type":1491},"S-RM Cyber Insights 2026",{"data":11484,"marks":11485,"value":11486,"nodeType":1482},{},[],") — and the gap is larger still once you consider shadow SaaS.","Top 10 Browser Problems IB3",{"sys":11489,"__typename":7454,"content":11490,"name":11511,"title":62},{"id":9582},{"json":11491},{"data":11492,"content":11493,"nodeType":2060},{},[11494],{"data":11495,"content":11496,"nodeType":1498},{},[11497,11500,11507],{"data":11498,"marks":11499,"value":29,"nodeType":1482},{},[],{"data":11501,"content":11502,"nodeType":1493},{"uri":1567},[11503],{"data":11504,"marks":11505,"value":1846,"nodeType":1482},{},[11506],{"type":1491},{"data":11508,"marks":11509,"value":11510,"nodeType":1482},{},[],", a novel technique discovered by Push researchers when we intercepted a live campaign attributed to Russian state-linked APT29, is a notable exception: it is fully browser-native with no endpoint component, using a manipulated OAuth consent flow rather than clipboard-injected malware. ConsentFix is better understood as an OAuth attack than a malware delivery technique — it signals the direction of travel as attackers seek to eliminate the endpoint detection surface entirely and operate purely within browser-native mechanisms like OAuth. ","Top 10 Browser Problems IB4",{"sys":11513,"__typename":7454,"content":11514,"name":11525,"title":62},{"id":9646},{"json":11515},{"data":11516,"content":11517,"nodeType":2060},{},[11518],{"data":11519,"content":11520,"nodeType":1498},{},[11521],{"data":11522,"marks":11523,"value":11524,"nodeType":1482},{},[],"Enterprise AI platforms — Claude, ChatGPT Enterprise, Microsoft Copilot, Gemini for Workspace — increasingly provide native prompt logging and DLP controls on their enterprise plans, and these are richer and more reliable for sanctioned tools than browser session-layer monitoring. The right architecture is complementary: use the browser to enforce which AI tools employees can access and ensure they reach the corporate tenant rather than a personal account, then rely on platform-native controls to govern activity within that environment.","Top 10 Browser Problems IB5",{"sys":11527,"__typename":7454,"content":11528,"name":11567,"title":62},{"id":9754},{"json":11529},{"data":11530,"content":11531,"nodeType":2060},{},[11532],{"data":11533,"content":11534,"nodeType":1498},{},[11535,11539,11544,11548,11553,11557,11563],{"data":11536,"marks":11537,"value":11538,"nodeType":1482},{},[],"The 2025 Verizon DBIR found ",{"data":11540,"marks":11541,"value":11543,"nodeType":1482},{},[11542],{"type":1519},"54% of ransomware attacks traced back to infostealer-enabled credential theft",{"data":11545,"marks":11546,"value":11547,"nodeType":1482},{},[],". Microsoft reports ",{"data":11549,"marks":11550,"value":11552,"nodeType":1482},{},[11551],{"type":1519},"39,000 session token attacks per day",{"data":11554,"marks":11555,"value":11556,"nodeType":1482},{},[],", the majority sourced from infostealer-harvested cookies. The",{"data":11558,"content":11559,"nodeType":1493},{"uri":9141},[11560],{"data":11561,"marks":11562,"value":5632,"nodeType":1482},{},[],{"data":11564,"marks":11565,"value":11566,"nodeType":1482},{},[]," we mentioned earlier was powered entirely by infostealer-harvested credentials: stolen years earlier, never rotated, and used to authenticate directly to tenants that lacked MFA. More than 80% of compromised accounts had prior credential exposure. The Okta breach followed the same pattern, beginning with an infostealer on an engineer's personal device harvesting credentials synced to their personal Google profile on a corporate browser. ","Top 10 Browser Problems IB6",{},"The top 10 security problems you can solve in the browser",{"items":11571},[11572,12163,12835],{"__typename":2080,"sys":11573,"content":11575,"title":12150,"synopsis":12151,"hashTags":62,"publishedDate":8282,"slug":12152,"tagsCollection":12153,"authorsCollection":12159},{"id":11574},"217s8zu5idSdX25TUgbPQ1",{"json":11576},{"data":11577,"content":11578,"nodeType":2060},{},[11579,11597,11604,11611,11617,11620,11628,11644,11651,11657,11664,11747,11754,11759,11766,11772,11775,11783,11795,11802,11814,11817,11825,11841,11848,11855,11858,11866,11873,11889,11895,11911,11918,11925,11932,11948,11955,11958,11966,11973,11989,11996,11999,12007,12023,12030,12050,12062,12065,12073,12089,12096,12103,12110,12117,12120,12127,12133],{"data":11580,"content":11581,"nodeType":1498},{},[11582,11585,11593],{"data":11583,"marks":11584,"value":5624,"nodeType":1482},{},[],{"data":11586,"content":11588,"nodeType":1493},{"uri":11587},"https://research.esg-global.com/reportaction/515202191/Marketing",[11589],{"data":11590,"marks":11591,"value":11592,"nodeType":1482},{},[]," Omdia Browser Management and Security report",{"data":11594,"marks":11595,"value":11596,"nodeType":1482},{},[],", based on a survey of 400 IT and security professionals across North America fielded in late 2025, is the most comprehensive industry data to date on how organizations are experiencing, prioritizing, and investing in the secure enterprise browser (SEB) market. ",{"data":11598,"content":11599,"nodeType":1498},{},[11600],{"data":11601,"marks":11602,"value":11603,"nodeType":1482},{},[],"For us at Push, it externally validates what we've known to be true for some time — the browser is where work happens, where attacks land, and where defenders need to be if they want to detect and stop threats before damage is done.",{"data":11605,"content":11606,"nodeType":1498},{},[11607],{"data":11608,"marks":11609,"value":11610,"nodeType":1482},{},[],"We pulled out seven findings that matter most for security teams evaluating their approach.",{"data":11612,"content":11616,"nodeType":1507},{"target":11613},{"sys":11614},{"id":11615,"type":1504,"linkType":1505},"4aM879egIFYmDvOhzyNI9A",[],{"data":11618,"content":11619,"nodeType":1511},{},[],{"data":11621,"content":11622,"nodeType":1521},{},[11623],{"data":11624,"marks":11625,"value":11627,"nodeType":1482},{},[11626],{"type":1519},"1. The attacks driving concern are the ones happening inside the browser session",{"data":11629,"content":11630,"nodeType":1498},{},[11631,11635,11640],{"data":11632,"marks":11633,"value":11634,"nodeType":1482},{},[],"The threat picture is driving everything else in this report, so it's the right place to start. ",{"data":11636,"marks":11637,"value":11639,"nodeType":1482},{},[11638],{"type":1519},"49% of organizations suffered a successful browser-based attack in the last 12 months.",{"data":11641,"marks":11642,"value":11643,"nodeType":1482},{},[]," Among those affected, browser-originated incidents account for roughly 37% of all security incidents — and 68% say that share has grown over the past two years. ",{"data":11645,"content":11646,"nodeType":1498},{},[11647],{"data":11648,"marks":11649,"value":11650,"nodeType":1482},{},[],"The browser is not an emerging threat vector. It’s worth noting here that these numbers are also likely lower than the reality, since many are only identified later in the kill chain. Without browser-level telemetry they can be difficult to trace back their source — which in the vast majority of cases, even for malware-driven attacks, is the browser. ",{"data":11652,"content":11656,"nodeType":1507},{"target":11653},{"sys":11654},{"id":11655,"type":1504,"linkType":1505},"6Kcz8oILKVHmhQIo5Du6V",[],{"data":11658,"content":11659,"nodeType":1498},{},[11660],{"data":11661,"marks":11662,"value":11663,"nodeType":1482},{},[],"What stands out is that every one of the top attack categories plays out inside the browser session itself — not against the browser as a piece of software, but within the sessions where users interact with applications:",{"data":11665,"content":11666,"nodeType":2295},{},[11667,11677,11687,11697,11707,11717,11727,11737],{"data":11668,"content":11669,"nodeType":2299},{},[11670],{"data":11671,"content":11672,"nodeType":1498},{},[11673],{"data":11674,"marks":11675,"value":11676,"nodeType":1482},{},[],"Phishing (40%)",{"data":11678,"content":11679,"nodeType":2299},{},[11680],{"data":11681,"content":11682,"nodeType":1498},{},[11683],{"data":11684,"marks":11685,"value":11686,"nodeType":1482},{},[],"Data loss or leakage (38%)",{"data":11688,"content":11689,"nodeType":2299},{},[11690],{"data":11691,"content":11692,"nodeType":1498},{},[11693],{"data":11694,"marks":11695,"value":11696,"nodeType":1482},{},[],"Malicious browser extensions (34%)",{"data":11698,"content":11699,"nodeType":2299},{},[11700],{"data":11701,"content":11702,"nodeType":1498},{},[11703],{"data":11704,"marks":11705,"value":11706,"nodeType":1482},{},[],"Vulnerable browser extensions (33%)",{"data":11708,"content":11709,"nodeType":2299},{},[11710],{"data":11711,"content":11712,"nodeType":1498},{},[11713],{"data":11714,"marks":11715,"value":11716,"nodeType":1482},{},[],"Malicious scripts (31%)",{"data":11718,"content":11719,"nodeType":2299},{},[11720],{"data":11721,"content":11722,"nodeType":1498},{},[11723],{"data":11724,"marks":11725,"value":11726,"nodeType":1482},{},[],"Credential theft via browser (28%)",{"data":11728,"content":11729,"nodeType":2299},{},[11730],{"data":11731,"content":11732,"nodeType":1498},{},[11733],{"data":11734,"marks":11735,"value":11736,"nodeType":1482},{},[],"Cookie theft (22%)",{"data":11738,"content":11739,"nodeType":2299},{},[11740],{"data":11741,"content":11742,"nodeType":1498},{},[11743],{"data":11744,"marks":11745,"value":11746,"nodeType":1482},{},[],"AiTM attacks (17%)",{"data":11748,"content":11749,"nodeType":1498},{},[11750],{"data":11751,"marks":11752,"value":11753,"nodeType":1482},{},[],"Phishing, credential theft, cookie theft, and AiTM are attacks that target the user's interaction with a web page — the credential entry, the session creation, the token exchange. Malicious and vulnerable extensions are supply chain risks that operate inside the browser's own execution environment. Data loss happens through the browser when employees upload files, paste data into AI tools, or share information with unsanctioned applications. ",{"data":11755,"content":11758,"nodeType":1507},{"target":11756},{"sys":11757},{"id":5227,"type":1504,"linkType":1505},[],{"data":11760,"content":11761,"nodeType":1498},{},[11762],{"data":11763,"marks":11764,"value":11765,"nodeType":1482},{},[],"None of these are attacks where network-layer traffic inspection, endpoint monitoring, or email scanning provides complete coverage, because the attack surface is the browser session itself.",{"data":11767,"content":11771,"nodeType":1507},{"target":11768},{"sys":11769},{"id":11770,"type":1504,"linkType":1505},"5kI5h4Z31ByD73er7voayF",[],{"data":11773,"content":11774,"nodeType":1511},{},[],{"data":11776,"content":11777,"nodeType":1521},{},[11778],{"data":11779,"marks":11780,"value":11782,"nodeType":1482},{},[11781],{"type":1519},"2. Browser security is now a board-level priority",{"data":11784,"content":11785,"nodeType":1498},{},[11786,11791],{"data":11787,"marks":11788,"value":11790,"nodeType":1482},{},[11789],{"type":1519},"88% of respondents rank browser security as at least a top-five security priority",{"data":11792,"marks":11793,"value":11794,"nodeType":1482},{},[],", with more than a quarter (26%) calling it their single top priority. For context, this is a survey that covers the full spectrum of security concerns — cloud, supply chain, AI, insider risk — and browser security has risen above most of them.",{"data":11796,"content":11797,"nodeType":1498},{},[11798],{"data":11799,"marks":11800,"value":11801,"nodeType":1482},{},[],"This is not aspirational interest. The correlation between priority level and investment is sharp: among those who rank browser security as their top priority, 72% have significantly increased their investment due to emerging threats. Among those who rank it in their top five, that figure is 26%. The organizations that care most are spending the most.",{"data":11803,"content":11804,"nodeType":1498},{},[11805,11810],{"data":11806,"marks":11807,"value":11809,"nodeType":1482},{},[11808],{"type":1519},"86% of respondents have increased their browser security investment in response to emerging threats",{"data":11811,"marks":11812,"value":11813,"nodeType":1482},{},[],", with 36% saying the increase was significant. When you ask what's driving that spend, the answer is the threat landscape: the attacks cataloged in the previous section are the reason budgets are moving.",{"data":11815,"content":11816,"nodeType":1511},{},[],{"data":11818,"content":11819,"nodeType":1521},{},[11820],{"data":11821,"marks":11822,"value":11824,"nodeType":1482},{},[11823],{"type":1519},"3. Real budget is being allocated — and it's growing",{"data":11826,"content":11827,"nodeType":1498},{},[11828,11832,11837],{"data":11829,"marks":11830,"value":11831,"nodeType":1482},{},[],"Secure enterprise browser solutions already take up ",{"data":11833,"marks":11834,"value":11836,"nodeType":1482},{},[11835],{"type":1519},"12.6% of the average security budget",{"data":11838,"marks":11839,"value":11840,"nodeType":1482},{},[]," — a substantial allocation for a category that didn't exist as a standalone line item a few years ago. And 85% of respondents expect to increase that spend over the next 12–24 months, with a quarter expecting significant increases.",{"data":11842,"content":11843,"nodeType":1498},{},[11844],{"data":11845,"marks":11846,"value":11847,"nodeType":1482},{},[],"Where the money comes from tells its own story. The most common funding model is a discrete line item within security program budgets (31%) or a dedicated secure browsing budget (30%). When organizations pull from an existing program budget, web security (26%) and endpoint security (21%) are the most common sources — while SASE/SSE accounts for just 9%, despite SASE vendors being the second most popular vendor category. That disconnect between vendor preference and budget origin suggests the SASE-bundled buying motion may be more aspirational than operational.",{"data":11849,"content":11850,"nodeType":1498},{},[11851],{"data":11852,"marks":11853,"value":11854,"nodeType":1482},{},[],"IT operations leadership is the top stakeholder in 82% of evaluations, with CISO and security leadership at 64% and CIOs at 42%. Day-to-day management sits primarily with IT Ops (77%) and SecOps (50%). This dual stakeholder picture — IT operations driving evaluation, security leadership providing strategic direction — shapes the competitive landscape in ways we'll come back to.",{"data":11856,"content":11857,"nodeType":1511},{},[],{"data":11859,"content":11860,"nodeType":1521},{},[11861],{"data":11862,"marks":11863,"value":11865,"nodeType":1482},{},[11864],{"type":1519},"4. AI is accelerating both the threat and the use case",{"data":11867,"content":11868,"nodeType":1498},{},[11869],{"data":11870,"marks":11871,"value":11872,"nodeType":1482},{},[],"AI shows up in this report from two directions, mirroring how it is reshaping the security landscape itself.",{"data":11874,"content":11875,"nodeType":1498},{},[11876,11880,11885],{"data":11877,"marks":11878,"value":11879,"nodeType":1482},{},[],"On the threat side, ",{"data":11881,"marks":11882,"value":11884,"nodeType":1482},{},[11883],{"type":1519},"AI-powered targeted phishing and social engineering is the top emerging concern",{"data":11886,"marks":11887,"value":11888,"nodeType":1482},{},[],", cited by 75% of respondents as either very concerning or concerning. Data leakage via unsanctioned AI applications comes second at 71%, followed by deepfake/AI-generated malicious content at 69% and credential harvesting via fake AI or SaaS login pages at 66%. Every one of these threat categories involves the browser — AI-enhanced phishing lands in the browser, AI data leakage happens through browser-based AI tools, and fake AI login pages are browser-based credential harvesting.",{"data":11890,"content":11894,"nodeType":1507},{"target":11891},{"sys":11892},{"id":11893,"type":1504,"linkType":1505},"2ajv2i5wn2GzKuyynQGlvq",[],{"data":11896,"content":11897,"nodeType":1498},{},[11898,11902,11907],{"data":11899,"marks":11900,"value":11901,"nodeType":1482},{},[],"On the adoption side, the picture is almost universal — and almost universally under-governed. ",{"data":11903,"marks":11904,"value":11906,"nodeType":1482},{},[11905],{"type":1519},"92% of organizations now allow employees to use public GenAI applications",{"data":11908,"marks":11909,"value":11910,"nodeType":1482},{},[],", and virtually every organization has some kind of policy position: 37% have sanctioned one public app (with everything else unsanctioned), 39% have sanctioned multiple public apps (with others unsanctioned), and 23% restrict employees to a corporate instance while the public versions are unsanctioned. ",{"data":11912,"content":11913,"nodeType":1498},{},[11914],{"data":11915,"marks":11916,"value":11917,"nodeType":1482},{},[],"Even the 8% who don't allow GenAI at all have taken a policy position. Essentially 100% of organizations have a GenAI policy — but for the vast majority, that policy designates a large portion of public AI tool usage as unsanctioned, which raises the immediate question of whether they have the tooling to actually enforce it.",{"data":11919,"content":11920,"nodeType":1498},{},[11921],{"data":11922,"marks":11923,"value":11924,"nodeType":1482},{},[],"The answer, based on the current tooling landscape, appears to be: not quite. When Omdia asked how organizations currently secure GenAI usage, 58% rely on secure web gateways — tools that see traffic metadata but cannot observe what a user actually does inside a GenAI session — while 57% use secure browsing solutions and 57% use SaaS security solutions. ",{"data":11926,"content":11927,"nodeType":1498},{},[11928],{"data":11929,"marks":11930,"value":11931,"nodeType":1482},{},[],"An SWG can tell you that a user visited ChatGPT, but it cannot tell you whether they pasted your company's source code into the prompt. That distinction — between knowing where data went and knowing what the user actually did — is the fundamental gap that browser-layer visibility exists to close, and it is exactly the gap that makes GenAI policies unenforceable without browser-layer tooling.",{"data":11933,"content":11934,"nodeType":1498},{},[11935,11939,11944],{"data":11936,"marks":11937,"value":11938,"nodeType":1482},{},[],"The use case data reflects this. When Omdia asked about the most important use cases for a secure browsing solution, ",{"data":11940,"marks":11941,"value":11943,"nodeType":1482},{},[11942],{"type":1519},"generative AI application security came in first at 59%",{"data":11945,"marks":11946,"value":11947,"nodeType":1482},{},[],", followed by data loss prevention at 51% and general web security enhancement at 42%. The feature priorities tell a consistent story: AI-powered threat detection and response (52%) and advanced GenAI usage controls and monitoring (41%) were the top two capabilities organizations said would be most important in a purchase decision. ",{"data":11949,"content":11950,"nodeType":1498},{},[11951],{"data":11952,"marks":11953,"value":11954,"nodeType":1482},{},[],"AI is both the top threat concern and the top use case for browser security — and it is a browser problem at both ends, because every LLM interaction, every prompt containing sensitive data, and every AI agent authorization happens inside a browser session.",{"data":11956,"content":11957,"nodeType":1511},{},[],{"data":11959,"content":11960,"nodeType":1521},{},[11961],{"data":11962,"marks":11963,"value":11965,"nodeType":1482},{},[11964],{"type":1519},"5. Organizations that have deployed secure enterprise browser solutions are seeing real results",{"data":11967,"content":11968,"nodeType":1498},{},[11969],{"data":11970,"marks":11971,"value":11972,"nodeType":1482},{},[],"One of the most useful sections in Omdia's report is the benefits data — what organizations that have deployed SEB solutions are actually getting out of them.",{"data":11974,"content":11975,"nodeType":1498},{},[11976,11980,11985],{"data":11977,"marks":11978,"value":11979,"nodeType":1482},{},[],"The top realized benefit is ",{"data":11981,"marks":11982,"value":11984,"nodeType":1482},{},[11983],{"type":1519},"improved data security, cited by 58% of respondents",{"data":11986,"marks":11987,"value":11988,"nodeType":1482},{},[],", followed by fewer security incidents (49%), better visibility and auditing (47%), improved user experience (44%), and simplified configuration and policy management (41%). The picture that emerges is not just a security story but an operational one: organizations are seeing fewer incidents, better visibility, and simpler management alongside the security outcomes.",{"data":11990,"content":11991,"nodeType":1498},{},[11992],{"data":11993,"marks":11994,"value":11995,"nodeType":1482},{},[],"The 49% who cite fewer security incidents as a realized benefit is the number that matters most here, because it directly connects SEB deployment to measurable risk reduction. Organizations aren't just buying tools and hoping — they're deploying them and seeing fewer successful attacks as a result.",{"data":11997,"content":11998,"nodeType":1511},{},[],{"data":12000,"content":12001,"nodeType":1521},{},[12002],{"data":12003,"marks":12004,"value":12006,"nodeType":1482},{},[12005],{"type":1519},"6. The market wants protection in existing browsers, not migration",{"data":12008,"content":12009,"nodeType":1498},{},[12010,12014,12019],{"data":12011,"marks":12012,"value":12013,"nodeType":1482},{},[],"When Omdia asked what attributes matter most in a secure enterprise browser solution, ",{"data":12015,"marks":12016,"value":12018,"nodeType":1482},{},[12017],{"type":1519},"\"ability to use existing browsers\" ranked as the fourth most important attribute at 48%",{"data":12020,"marks":12021,"value":12022,"nodeType":1482},{},[]," — behind only integration with other security tools (57%), controls over generative AI application usage (53%), and centralized policy enforcement (52%). ",{"data":12024,"content":12025,"nodeType":1498},{},[12026],{"data":12027,"marks":12028,"value":12029,"nodeType":1482},{},[],"That 48% figure, combined with 80% of respondents saying they expect to use an SEB solution as an integrated or alongside component rather than a replacement for existing tools, points to a clear market preference: organizations want browser security that works with their existing browser estate, not a migration to a new one.",{"data":12031,"content":12032,"nodeType":1498},{},[12033,12037,12046],{"data":12034,"marks":12035,"value":12036,"nodeType":1482},{},[],"This is consistent with what we hear from security leaders directly. As ",{"data":12038,"content":12040,"nodeType":1493},{"uri":12039},"https://pushsecurity.com/customer-stories",[12041],{"data":12042,"marks":12043,"value":12045,"nodeType":1482},{},[12044],{"type":1491},"Josh Lemos put it: ",{"data":12047,"marks":12048,"value":12049,"nodeType":1482},{},[],"\"We looked at the full-stack enterprise browser approach, but converging on a single platform was tough. Push gave me the security instrumentation and context I needed without onerous headwinds.\" The deployment model matters because it determines adoption velocity — and a tool that requires browser migration introduces friction that delays time to value.",{"data":12051,"content":12052,"nodeType":1498},{},[12053,12057],{"data":12054,"marks":12055,"value":12056,"nodeType":1482},{},[],"Push was built around this insight from day one. As the secure enterprise browser extension for security teams, Push turns any browser — managed or unmanaged, including agentic browsers — into a telemetry source and control point the moment it's installed. It has been rolled out to 100,000 users in under an hour during normal office hours with zero downtime. ",{"data":12058,"marks":12059,"value":12061,"nodeType":1482},{},[12060],{"type":1519},"That is a deployment model that matches what Omdia's respondents are asking for.",{"data":12063,"content":12064,"nodeType":1511},{},[],{"data":12066,"content":12067,"nodeType":1521},{},[12068],{"data":12069,"marks":12070,"value":12072,"nodeType":1482},{},[12071],{"type":1519},"7. Dedicated vendors lead over platform plays",{"data":12074,"content":12075,"nodeType":1498},{},[12076,12080,12085],{"data":12077,"marks":12078,"value":12079,"nodeType":1482},{},[],"When Omdia asked which category of vendor organizations primarily use or expect to use for secure enterprise browsing, ",{"data":12081,"marks":12082,"value":12084,"nodeType":1482},{},[12083],{"type":1519},"36% chose a dedicated SEB vendor",{"data":12086,"marks":12087,"value":12088,"nodeType":1482},{},[]," — the largest single category. SASE/network security vendors came second at 29%, followed by traditional VDI/desktop virtualization vendors at 19% and endpoint platform vendors at 15%.",{"data":12090,"content":12091,"nodeType":1498},{},[12092],{"data":12093,"marks":12094,"value":12095,"nodeType":1482},{},[],"The dedicated category leads, and the reason isn't just first-mover advantage — it's architectural. The alternative paths each come with structural constraints. SASE and SSE platforms are network-centric: they see traffic metadata and enforce URL categorization, but they can't observe the rendered page inside a browser tab — the DOM structure, the script behavior, the credential entry that distinguishes a legitimate login from an AiTM reverse-proxy kit. ",{"data":12097,"content":12098,"nodeType":1498},{},[12099],{"data":12100,"marks":12101,"value":12102,"nodeType":1482},{},[],"Endpoint platforms that bolt on browser visibility are still anchored to the OS layer, solving for browser exploit prevention rather than in-session behavioral detection of the attacks that actually dominate — phishing, credential theft, session hijacking, extension compromise. And when large platform vendors acquire browser security capabilities, the integration work takes years rather than months, during which detection depth sits in a transitional state. ",{"data":12104,"content":12105,"nodeType":1498},{},[12106],{"data":12107,"marks":12108,"value":12109,"nodeType":1482},{},[],"Dedicated browser-native vendors start from a different premise entirely: the browser isn't a supplementary signal feeding into someone else's SASE pipeline or XDR correlation engine — it is the telemetry source and the control point. The browser is the only place where you get simultaneous visibility into both the attacker's technique and the employee's action within the same session, because the phishing page, the credential submission, the token exchange, and the data exfiltration all happen inside the same tab. No network appliance, endpoint agent, or identity provider log can see all of that, because none of them are present where the interaction occurs.",{"data":12111,"content":12112,"nodeType":1498},{},[12113],{"data":12114,"marks":12115,"value":12116,"nodeType":1482},{},[],"For security teams evaluating SEB solutions, the architecture matters more than the vendor category label. The capabilities Omdia's respondents ranked highest — integration with existing tools, GenAI controls, centralized policy enforcement, and the ability to use existing browsers — all point toward solutions that deliver detection depth through a lightweight deployment model, without browser migration and without the integration debt of a platform acquisition.",{"data":12118,"content":12119,"nodeType":1511},{},[],{"data":12121,"content":12122,"nodeType":1498},{},[12123],{"data":12124,"marks":12125,"value":12126,"nodeType":1482},{},[],"Push Security is the most powerful AI-native security tool in the browser. Think EDR, but for the browser — high-fidelity telemetry and real-time control across every session, on every device, with no browser migration required. ",{"data":12128,"content":12129,"nodeType":1498},{},[12130],{"data":12131,"marks":12132,"value":6495,"nodeType":1482},{},[],{"data":12134,"content":12135,"nodeType":1498},{},[12136,12139,12147],{"data":12137,"marks":12138,"value":29,"nodeType":1482},{},[],{"data":12140,"content":12141,"nodeType":1493},{"uri":2043},[12142],{"data":12143,"marks":12144,"value":12146,"nodeType":1482},{},[12145],{"type":1491},"Book a live demo",{"data":12148,"marks":12149,"value":5914,"nodeType":1482},{},[],"7 things Omdia's latest report tells us about the secure enterprise browser market","Unpacking the latest research report from Omdia and what it means for the secure enterprise browser market.","7-things-omdias-latest-report-tells-us-about-the-secure-enterprise-browser-market",{"items":12154},[12155,12157],{"sys":12156,"name":6837},{"id":6836},{"sys":12158,"name":8291},{"id":8290},{"items":12160},[12161],{"fullName":5930,"firstName":5931,"jobTitle":5932,"profilePicture":12162},{"url":5934},{"__typename":2080,"sys":12164,"content":12165,"title":8280,"synopsis":8281,"hashTags":62,"publishedDate":8282,"slug":8283,"tagsCollection":12825,"authorsCollection":12831},{"id":7511},{"json":12166},{"data":12167,"content":12168,"nodeType":2060},{},[12169,12174,12180,12186,12192,12195,12202,12208,12218,12228,12233,12239,12242,12249,12255,12260,12266,12272,12365,12371,12374,12381,12387,12442,12455,12460,12466,12469,12476,12482,12489,12495,12501,12526,12532,12539,12545,12551,12557,12564,12570,12576,12582,12585,12592,12602,12608,12614,12621,12627,12633,12640,12646,12701,12714,12729,12736,12742,12749,12755,12761,12767,12772,12779,12785,12791,12796,12802,12808,12814,12819],{"data":12170,"content":12173,"nodeType":1507},{"target":12171},{"sys":12172},{"id":7520,"type":1504,"linkType":1505},[],{"data":12175,"content":12176,"nodeType":1498},{},[12177],{"data":12178,"marks":12179,"value":7528,"nodeType":1482},{},[],{"data":12181,"content":12182,"nodeType":1498},{},[12183],{"data":12184,"marks":12185,"value":7535,"nodeType":1482},{},[],{"data":12187,"content":12188,"nodeType":1498},{},[12189],{"data":12190,"marks":12191,"value":7542,"nodeType":1482},{},[],{"data":12193,"content":12194,"nodeType":1511},{},[],{"data":12196,"content":12197,"nodeType":1521},{},[12198],{"data":12199,"marks":12200,"value":7553,"nodeType":1482},{},[12201],{"type":1519},{"data":12203,"content":12204,"nodeType":1498},{},[12205],{"data":12206,"marks":12207,"value":7560,"nodeType":1482},{},[],{"data":12209,"content":12210,"nodeType":1498},{},[12211,12215],{"data":12212,"marks":12213,"value":7568,"nodeType":1482},{},[12214],{"type":1519},{"data":12216,"marks":12217,"value":7572,"nodeType":1482},{},[],{"data":12219,"content":12220,"nodeType":1498},{},[12221,12225],{"data":12222,"marks":12223,"value":7580,"nodeType":1482},{},[12224],{"type":1519},{"data":12226,"marks":12227,"value":7584,"nodeType":1482},{},[],{"data":12229,"content":12232,"nodeType":1507},{"target":12230},{"sys":12231},{"id":5227,"type":1504,"linkType":1505},[],{"data":12234,"content":12235,"nodeType":1498},{},[12236],{"data":12237,"marks":12238,"value":7596,"nodeType":1482},{},[],{"data":12240,"content":12241,"nodeType":1511},{},[],{"data":12243,"content":12244,"nodeType":1521},{},[12245],{"data":12246,"marks":12247,"value":7607,"nodeType":1482},{},[12248],{"type":1519},{"data":12250,"content":12251,"nodeType":1498},{},[12252],{"data":12253,"marks":12254,"value":7614,"nodeType":1482},{},[],{"data":12256,"content":12259,"nodeType":1507},{"target":12257},{"sys":12258},{"id":7619,"type":1504,"linkType":1505},[],{"data":12261,"content":12262,"nodeType":1498},{},[12263],{"data":12264,"marks":12265,"value":7627,"nodeType":1482},{},[],{"data":12267,"content":12268,"nodeType":1498},{},[12269],{"data":12270,"marks":12271,"value":7634,"nodeType":1482},{},[],{"data":12273,"content":12274,"nodeType":2295},{},[12275,12291,12307,12323,12339,12352],{"data":12276,"content":12277,"nodeType":2299},{},[12278],{"data":12279,"content":12280,"nodeType":1498},{},[12281,12284,12288],{"data":12282,"marks":12283,"value":7647,"nodeType":1482},{},[],{"data":12285,"marks":12286,"value":7652,"nodeType":1482},{},[12287],{"type":1519},{"data":12289,"marks":12290,"value":7656,"nodeType":1482},{},[],{"data":12292,"content":12293,"nodeType":2299},{},[12294],{"data":12295,"content":12296,"nodeType":1498},{},[12297,12300,12304],{"data":12298,"marks":12299,"value":7666,"nodeType":1482},{},[],{"data":12301,"marks":12302,"value":7671,"nodeType":1482},{},[12303],{"type":1519},{"data":12305,"marks":12306,"value":7675,"nodeType":1482},{},[],{"data":12308,"content":12309,"nodeType":2299},{},[12310],{"data":12311,"content":12312,"nodeType":1498},{},[12313,12316,12320],{"data":12314,"marks":12315,"value":7685,"nodeType":1482},{},[],{"data":12317,"marks":12318,"value":7690,"nodeType":1482},{},[12319],{"type":1519},{"data":12321,"marks":12322,"value":7694,"nodeType":1482},{},[],{"data":12324,"content":12325,"nodeType":2299},{},[12326],{"data":12327,"content":12328,"nodeType":1498},{},[12329,12332,12336],{"data":12330,"marks":12331,"value":7704,"nodeType":1482},{},[],{"data":12333,"marks":12334,"value":7709,"nodeType":1482},{},[12335],{"type":1519},{"data":12337,"marks":12338,"value":7713,"nodeType":1482},{},[],{"data":12340,"content":12341,"nodeType":2299},{},[12342],{"data":12343,"content":12344,"nodeType":1498},{},[12345,12349],{"data":12346,"marks":12347,"value":7724,"nodeType":1482},{},[12348],{"type":1519},{"data":12350,"marks":12351,"value":7728,"nodeType":1482},{},[],{"data":12353,"content":12354,"nodeType":2299},{},[12355],{"data":12356,"content":12357,"nodeType":1498},{},[12358,12362],{"data":12359,"marks":12360,"value":7739,"nodeType":1482},{},[12361],{"type":1519},{"data":12363,"marks":12364,"value":7743,"nodeType":1482},{},[],{"data":12366,"content":12367,"nodeType":1498},{},[12368],{"data":12369,"marks":12370,"value":7750,"nodeType":1482},{},[],{"data":12372,"content":12373,"nodeType":1511},{},[],{"data":12375,"content":12376,"nodeType":2449},{},[12377],{"data":12378,"marks":12379,"value":7761,"nodeType":1482},{},[12380],{"type":1519},{"data":12382,"content":12383,"nodeType":1498},{},[12384],{"data":12385,"marks":12386,"value":7768,"nodeType":1482},{},[],{"data":12388,"content":12389,"nodeType":2295},{},[12390,12403,12416,12429],{"data":12391,"content":12392,"nodeType":2299},{},[12393],{"data":12394,"content":12395,"nodeType":1498},{},[12396,12399],{"data":12397,"marks":12398,"value":7781,"nodeType":1482},{},[],{"data":12400,"marks":12401,"value":7786,"nodeType":1482},{},[12402],{"type":1519},{"data":12404,"content":12405,"nodeType":2299},{},[12406],{"data":12407,"content":12408,"nodeType":1498},{},[12409,12412],{"data":12410,"marks":12411,"value":7796,"nodeType":1482},{},[],{"data":12413,"marks":12414,"value":7801,"nodeType":1482},{},[12415],{"type":1519},{"data":12417,"content":12418,"nodeType":2299},{},[12419],{"data":12420,"content":12421,"nodeType":1498},{},[12422,12425],{"data":12423,"marks":12424,"value":7811,"nodeType":1482},{},[],{"data":12426,"marks":12427,"value":7816,"nodeType":1482},{},[12428],{"type":1519},{"data":12430,"content":12431,"nodeType":2299},{},[12432],{"data":12433,"content":12434,"nodeType":1498},{},[12435,12438],{"data":12436,"marks":12437,"value":7826,"nodeType":1482},{},[],{"data":12439,"marks":12440,"value":7831,"nodeType":1482},{},[12441],{"type":1519},{"data":12443,"content":12444,"nodeType":1498},{},[12445,12448,12452],{"data":12446,"marks":12447,"value":7838,"nodeType":1482},{},[],{"data":12449,"marks":12450,"value":7843,"nodeType":1482},{},[12451],{"type":1519},{"data":12453,"marks":12454,"value":7847,"nodeType":1482},{},[],{"data":12456,"content":12459,"nodeType":1507},{"target":12457},{"sys":12458},{"id":7852,"type":1504,"linkType":1505},[],{"data":12461,"content":12462,"nodeType":1498},{},[12463],{"data":12464,"marks":12465,"value":7860,"nodeType":1482},{},[],{"data":12467,"content":12468,"nodeType":1511},{},[],{"data":12470,"content":12471,"nodeType":1521},{},[12472],{"data":12473,"marks":12474,"value":7871,"nodeType":1482},{},[12475],{"type":1519},{"data":12477,"content":12478,"nodeType":1498},{},[12479],{"data":12480,"marks":12481,"value":7878,"nodeType":1482},{},[],{"data":12483,"content":12484,"nodeType":2449},{},[12485],{"data":12486,"marks":12487,"value":7886,"nodeType":1482},{},[12488],{"type":1519},{"data":12490,"content":12491,"nodeType":1498},{},[12492],{"data":12493,"marks":12494,"value":7893,"nodeType":1482},{},[],{"data":12496,"content":12497,"nodeType":1498},{},[12498],{"data":12499,"marks":12500,"value":7900,"nodeType":1482},{},[],{"data":12502,"content":12503,"nodeType":1498},{},[12504,12507,12513,12516,12523],{"data":12505,"marks":12506,"value":7907,"nodeType":1482},{},[],{"data":12508,"content":12509,"nodeType":1493},{"uri":6870},[12510],{"data":12511,"marks":12512,"value":7914,"nodeType":1482},{},[],{"data":12514,"marks":12515,"value":7918,"nodeType":1482},{},[],{"data":12517,"content":12518,"nodeType":1493},{"uri":7921},[12519],{"data":12520,"marks":12521,"value":7927,"nodeType":1482},{},[12522],{"type":1491},{"data":12524,"marks":12525,"value":7931,"nodeType":1482},{},[],{"data":12527,"content":12528,"nodeType":1498},{},[12529],{"data":12530,"marks":12531,"value":7938,"nodeType":1482},{},[],{"data":12533,"content":12534,"nodeType":2449},{},[12535],{"data":12536,"marks":12537,"value":7946,"nodeType":1482},{},[12538],{"type":1519},{"data":12540,"content":12541,"nodeType":1498},{},[12542],{"data":12543,"marks":12544,"value":7953,"nodeType":1482},{},[],{"data":12546,"content":12547,"nodeType":1498},{},[12548],{"data":12549,"marks":12550,"value":7960,"nodeType":1482},{},[],{"data":12552,"content":12553,"nodeType":1498},{},[12554],{"data":12555,"marks":12556,"value":7967,"nodeType":1482},{},[],{"data":12558,"content":12559,"nodeType":2449},{},[12560],{"data":12561,"marks":12562,"value":7975,"nodeType":1482},{},[12563],{"type":1519},{"data":12565,"content":12566,"nodeType":1498},{},[12567],{"data":12568,"marks":12569,"value":7982,"nodeType":1482},{},[],{"data":12571,"content":12572,"nodeType":1498},{},[12573],{"data":12574,"marks":12575,"value":7989,"nodeType":1482},{},[],{"data":12577,"content":12578,"nodeType":1498},{},[12579],{"data":12580,"marks":12581,"value":7996,"nodeType":1482},{},[],{"data":12583,"content":12584,"nodeType":1511},{},[],{"data":12586,"content":12587,"nodeType":1521},{},[12588],{"data":12589,"marks":12590,"value":8007,"nodeType":1482},{},[12591],{"type":1519},{"data":12593,"content":12594,"nodeType":1498},{},[12595,12599],{"data":12596,"marks":12597,"value":8015,"nodeType":1482},{},[12598],{"type":1519},{"data":12600,"marks":12601,"value":8019,"nodeType":1482},{},[],{"data":12603,"content":12604,"nodeType":1498},{},[12605],{"data":12606,"marks":12607,"value":8026,"nodeType":1482},{},[],{"data":12609,"content":12610,"nodeType":1498},{},[12611],{"data":12612,"marks":12613,"value":8033,"nodeType":1482},{},[],{"data":12615,"content":12616,"nodeType":2449},{},[12617],{"data":12618,"marks":12619,"value":8041,"nodeType":1482},{},[12620],{"type":1519},{"data":12622,"content":12623,"nodeType":1498},{},[12624],{"data":12625,"marks":12626,"value":8048,"nodeType":1482},{},[],{"data":12628,"content":12629,"nodeType":1498},{},[12630],{"data":12631,"marks":12632,"value":8055,"nodeType":1482},{},[],{"data":12634,"content":12635,"nodeType":2449},{},[12636],{"data":12637,"marks":12638,"value":8063,"nodeType":1482},{},[12639],{"type":1519},{"data":12641,"content":12642,"nodeType":1498},{},[12643],{"data":12644,"marks":12645,"value":8070,"nodeType":1482},{},[],{"data":12647,"content":12648,"nodeType":2295},{},[12649,12662,12675,12688],{"data":12650,"content":12651,"nodeType":2299},{},[12652],{"data":12653,"content":12654,"nodeType":1498},{},[12655,12659],{"data":12656,"marks":12657,"value":8084,"nodeType":1482},{},[12658],{"type":1519},{"data":12660,"marks":12661,"value":8088,"nodeType":1482},{},[],{"data":12663,"content":12664,"nodeType":2299},{},[12665],{"data":12666,"content":12667,"nodeType":1498},{},[12668,12672],{"data":12669,"marks":12670,"value":8099,"nodeType":1482},{},[12671],{"type":1519},{"data":12673,"marks":12674,"value":8103,"nodeType":1482},{},[],{"data":12676,"content":12677,"nodeType":2299},{},[12678],{"data":12679,"content":12680,"nodeType":1498},{},[12681,12685],{"data":12682,"marks":12683,"value":8114,"nodeType":1482},{},[12684],{"type":1519},{"data":12686,"marks":12687,"value":8118,"nodeType":1482},{},[],{"data":12689,"content":12690,"nodeType":2299},{},[12691],{"data":12692,"content":12693,"nodeType":1498},{},[12694,12698],{"data":12695,"marks":12696,"value":8129,"nodeType":1482},{},[12697],{"type":1519},{"data":12699,"marks":12700,"value":8133,"nodeType":1482},{},[],{"data":12702,"content":12703,"nodeType":1498},{},[12704,12707,12711],{"data":12705,"marks":12706,"value":8140,"nodeType":1482},{},[],{"data":12708,"marks":12709,"value":8145,"nodeType":1482},{},[12710],{"type":1519},{"data":12712,"marks":12713,"value":8149,"nodeType":1482},{},[],{"data":12715,"content":12716,"nodeType":1498},{},[12717,12720,12726],{"data":12718,"marks":12719,"value":8156,"nodeType":1482},{},[],{"data":12721,"content":12722,"nodeType":1493},{"uri":8159},[12723],{"data":12724,"marks":12725,"value":8164,"nodeType":1482},{},[],{"data":12727,"marks":12728,"value":8168,"nodeType":1482},{},[],{"data":12730,"content":12731,"nodeType":2449},{},[12732],{"data":12733,"marks":12734,"value":8176,"nodeType":1482},{},[12735],{"type":1519},{"data":12737,"content":12738,"nodeType":1498},{},[12739],{"data":12740,"marks":12741,"value":8183,"nodeType":1482},{},[],{"data":12743,"content":12744,"nodeType":1498},{},[12745],{"data":12746,"marks":12747,"value":8191,"nodeType":1482},{},[12748],{"type":1519},{"data":12750,"content":12751,"nodeType":1498},{},[12752],{"data":12753,"marks":12754,"value":8198,"nodeType":1482},{},[],{"data":12756,"content":12757,"nodeType":1498},{},[12758],{"data":12759,"marks":12760,"value":8205,"nodeType":1482},{},[],{"data":12762,"content":12763,"nodeType":1498},{},[12764],{"data":12765,"marks":12766,"value":8212,"nodeType":1482},{},[],{"data":12768,"content":12771,"nodeType":1507},{"target":12769},{"sys":12770},{"id":8217,"type":1504,"linkType":1505},[],{"data":12773,"content":12774,"nodeType":2449},{},[12775],{"data":12776,"marks":12777,"value":8226,"nodeType":1482},{},[12778],{"type":1519},{"data":12780,"content":12781,"nodeType":1498},{},[12782],{"data":12783,"marks":12784,"value":8233,"nodeType":1482},{},[],{"data":12786,"content":12787,"nodeType":1498},{},[12788],{"data":12789,"marks":12790,"value":8240,"nodeType":1482},{},[],{"data":12792,"content":12795,"nodeType":1507},{"target":12793},{"sys":12794},{"id":8245,"type":1504,"linkType":1505},[],{"data":12797,"content":12798,"nodeType":1498},{},[12799],{"data":12800,"marks":12801,"value":8253,"nodeType":1482},{},[],{"data":12803,"content":12804,"nodeType":1498},{},[12805],{"data":12806,"marks":12807,"value":8260,"nodeType":1482},{},[],{"data":12809,"content":12810,"nodeType":1498},{},[12811],{"data":12812,"marks":12813,"value":8267,"nodeType":1482},{},[],{"data":12815,"content":12818,"nodeType":1507},{"target":12816},{"sys":12817},{"id":8272,"type":1504,"linkType":1505},[],{"data":12820,"content":12821,"nodeType":1498},{},[12822],{"data":12823,"marks":12824,"value":29,"nodeType":1482},{},[],{"items":12826},[12827,12829],{"sys":12828,"name":6837},{"id":6836},{"sys":12830,"name":8291},{"id":8290},{"items":12832},[12833],{"fullName":6845,"firstName":6846,"jobTitle":6847,"profilePicture":12834},{"url":6849},{"__typename":2080,"sys":12836,"content":12838,"title":13345,"synopsis":13346,"hashTags":62,"publishedDate":13347,"slug":13348,"tagsCollection":13349,"authorsCollection":13355},{"id":12837},"2MWicW07sNEBp59wxYtAiC",{"json":12839},{"nodeType":2060,"data":12840,"content":12841},{},[12842,12850,12881,12887,12894,12913,12928,12931,12939,12954,12973,12998,13004,13020,13050,13056,13062,13078,13081,13089,13096,13104,13122,13138,13146,13171,13178,13186,13215,13222,13230,13237,13243,13246,13254,13261,13269,13275,13278,13286,13293,13300,13307,13319,13322,13328],{"nodeType":1521,"data":12843,"content":12844},{},[12845],{"nodeType":1482,"value":12846,"marks":12847,"data":12849},"The quantification problem nobody talks about",[12848],{"type":1519},{},{"nodeType":1498,"data":12851,"content":12852},{},[12853,12857,12865,12869,12877],{"nodeType":1482,"value":12854,"marks":12855,"data":12856},"I was recently teaching",[],{},{"nodeType":1493,"data":12858,"content":12860},{"uri":12859},"https://www.sans.org/cyber-security-courses/cybersecurity-leaders/",[12861],{"nodeType":1482,"value":12862,"marks":12863,"data":12864}," SANS LDR551",[],{},{"nodeType":1482,"value":12866,"marks":12867,"data":12868},", where we cover some of the flawed approaches used in risk measurement and prioritization — for example, presenting ordinal data in a risk matrix as ratio data, implying that the matrix represents quantitative analysis when it’s more of a best guess. We then look at modeling using",[],{},{"nodeType":1493,"data":12870,"content":12872},{"uri":12871},"https://en.wikipedia.org/wiki/Loss_exceedance_curve",[12873],{"nodeType":1482,"value":12874,"marks":12875,"data":12876}," Loss Exceedance Curves",[],{},{"nodeType":1482,"value":12878,"marks":12879,"data":12880}," as a more accurate, if much more difficult, approach to quantitative risk assessment.",[],{},{"nodeType":1507,"data":12882,"content":12886},{"target":12883},{"sys":12884},{"id":12885,"type":1504,"linkType":1505},"4S1wJUm6E1qvyZzwrl2DL",[],{"nodeType":1498,"data":12888,"content":12889},{},[12890],{"nodeType":1482,"value":12891,"marks":12892,"data":12893},"The only problem is, we rarely have the time or the data to construct such models. Ask a CISO how they measure risk for credential compromise and other account takeover attacks, and the answer will probably include one or more of the following: a risk assessment, a whiteboard, and a room full of smart people making educated guesses about attack frequency and control strength. ",[],{},{"nodeType":1498,"data":12895,"content":12896},{},[12897,12901,12909],{"nodeType":1482,"value":12898,"marks":12899,"data":12900},"That isn't a criticism — for most risk scenarios, expert elicitation is the best (and most convenient) available method. Breach cost data is sparse, threat actor behavior is unpredictable, and internal incident history is (ideally!) a limited sample. Quantitative risk frameworks like",[],{},{"nodeType":1493,"data":12902,"content":12904},{"uri":12903},"https://www.fairinstitute.org/",[12905],{"nodeType":1482,"value":12906,"marks":12907,"data":12908}," FAIR",[],{},{"nodeType":1482,"value":12910,"marks":12911,"data":12912}," give structure to that uncertainty, but they can't conjure data that just doesn't exist.",[],{},{"nodeType":1498,"data":12914,"content":12915},{},[12916,12920,12925],{"nodeType":1482,"value":12917,"marks":12918,"data":12919},"The results are usually estimates with wide confidence intervals and loss distributions that appear precise, but are hard to defend to a CFO or a board. Finance leaders have seen Monte Carlo simulations before; the capable ones will challenge the quality of the outputs if they doubt the quality of the inputs. ",[],{},{"nodeType":1482,"value":12921,"marks":12922,"data":12924},"But with the right telemetry, we can get both",[12923],{"type":1519},{},{"nodeType":1482,"value":1576,"marks":12926,"data":12927},[],{},{"nodeType":1511,"data":12929,"content":12930},{},[],{"nodeType":1521,"data":12932,"content":12933},{},[12934],{"nodeType":1482,"value":12935,"marks":12936,"data":12938},"Why the identity attack surface is uniquely measurable",[12937],{"type":1519},{},{"nodeType":1498,"data":12940,"content":12941},{},[12942,12946,12951],{"nodeType":1482,"value":12943,"marks":12944,"data":12945},"We've written extensively about the shift to identity as a primary attack vector — and the evidence continues to stack up. Credential phishing, device code phishing, ClickFix, adversary-in-the-middle attacks, session hijacking, and SaaS account compromise now account for the majority of breach entry points in most enterprise environments. But the silver lining here is that this shift has created something valuable for risk quantification: ",[],{},{"nodeType":1482,"value":12947,"marks":12948,"data":12950},"a highly observable threat surface",[12949],{"type":274},{},{"nodeType":1482,"value":1576,"marks":12952,"data":12953},[],{},{"nodeType":1498,"data":12955,"content":12956},{},[12957,12961,12969],{"nodeType":1482,"value":12958,"marks":12959,"data":12960},"Identity attacks execute ",[],{},{"nodeType":1493,"data":12962,"content":12963},{"uri":1543},[12964],{"nodeType":1482,"value":12965,"marks":12966,"data":12968},"in the browser",[12967],{"type":1491},{},{"nodeType":1482,"value":12970,"marks":12971,"data":12972},". They leave traces in authentication flows, login behaviors, OAuth integrations, extension activity, and SaaS access patterns — all of which are captured in real time by the Push extension. Unlike network or endpoint attacks, where the signal is often binary and retroactive, browser-based identity threats generate continuous, high-frequency telemetry that maps directly onto the inputs that drive quantitative risk models.",[],{},{"nodeType":1498,"data":12974,"content":12975},{},[12976,12980,12985,12989,12994],{"nodeType":1482,"value":12977,"marks":12978,"data":12979},"This telemetry directly informs the hardest inputs in any quantitative risk model. One is ",[],{},{"nodeType":1482,"value":12981,"marks":12982,"data":12984},"Threat Event Frequency (TEF)",[12983],{"type":1519},{},{"nodeType":1482,"value":12986,"marks":12987,"data":12988},": how often a threat agent acts against an asset in a given period. For identity risks, this can be answered in how many credential phishing attempts reached your users across all delivery channels (social media, email, malvertising, etc.), or how frequently your users authorize malicious or compromised SaaS apps. Browser-level telemetry can answer these questions with ",[],{},{"nodeType":1482,"value":12990,"marks":12991,"data":12993},"observed",[12992],{"type":274},{},{"nodeType":1482,"value":12995,"marks":12996,"data":12997}," data rather than industry lookups and general benchmarks. ",[],{},{"nodeType":1507,"data":12999,"content":13003},{"target":13000},{"sys":13001},{"id":13002,"type":1504,"linkType":1505},"EvjT68MCWW7nz5q86xe8S",[],{"nodeType":1498,"data":13005,"content":13006},{},[13007,13011,13016],{"nodeType":1482,"value":13008,"marks":13009,"data":13010},"The other input to risk modeling that's difficult to express in concrete terms is ",[],{},{"nodeType":1482,"value":13012,"marks":13013,"data":13015},"vulnerability",[13014],{"type":1519},{},{"nodeType":1482,"value":13017,"marks":13018,"data":13019},": the probability a threat becomes a loss event or, more specifically, how likely it is that your controls will fail. ",[],{},{"nodeType":1498,"data":13021,"content":13022},{},[13023,13027,13034,13038,13046],{"nodeType":1482,"value":13024,"marks":13025,"data":13026},"This is where browser telemetry gets especially concrete.",[],{},{"nodeType":1493,"data":13028,"content":13029},{"uri":7270},[13030],{"nodeType":1482,"value":13031,"marks":13032,"data":13033}," Analysis of login telemetry across Push-monitored environments",[],{},{"nodeType":1482,"value":13035,"marks":13036,"data":13037}," shows that 1 in 4 logins are still password-only (not SSO), 2 in 5 are not protected by MFA, and 1 in 5 use a weak, breached, or reused password. Many of these logins occur outside the visibility of a central IdP platform like Microsoft, Google or Okta — the result of downstream ",[],{},{"nodeType":1493,"data":13039,"content":13041},{"uri":13040},"https://pushsecurity.com/blog/ghost-logins-when-forgotten-identities-come-back-to-haunt-you/",[13042],{"nodeType":1482,"value":13043,"marks":13044,"data":13045},"ghost logins",[],{},{"nodeType":1482,"value":13047,"marks":13048,"data":13049},". ",[],{},{"nodeType":1507,"data":13051,"content":13055},{"target":13052},{"sys":13053},{"id":13054,"type":1504,"linkType":1505},"5GctExdVGjHRwKifiP00Fp",[],{"nodeType":1507,"data":13057,"content":13061},{"target":13058},{"sys":13059},{"id":13060,"type":1504,"linkType":1505},"2mWToHCJcuB9FMwxxzd67F",[],{"nodeType":1498,"data":13063,"content":13064},{},[13065,13069,13074],{"nodeType":1482,"value":13066,"marks":13067,"data":13068},"In a FAIR-based model, TEF and vulnerability together determine ",[],{},{"nodeType":1482,"value":13070,"marks":13071,"data":13073},"loss event frequency",[13072],{"type":1519},{},{"nodeType":1482,"value":13075,"marks":13076,"data":13077},": the foundational driver of the entire risk calculation. Using telemetry from your own environment as the basis for these calculations makes them far more accurate, and more likely to stand up to scrutiny.",[],{},{"nodeType":1511,"data":13079,"content":13080},{},[],{"nodeType":1521,"data":13082,"content":13083},{},[13084],{"nodeType":1482,"value":13085,"marks":13086,"data":13088},"The attack surface is bigger than most models assume",[13087],{"type":1519},{},{"nodeType":1498,"data":13090,"content":13091},{},[13092],{"nodeType":1482,"value":13093,"marks":13094,"data":13095},"One of the consistent failures in identity risk modeling is the tendency to model risks defenders can see, and leave the rest off the balance sheet. These omissions create a systematic understatement of exposure that browser-based telemetry can offset.",[],{},{"nodeType":2449,"data":13097,"content":13098},{},[13099],{"nodeType":1482,"value":13100,"marks":13101,"data":13103},"Shadow AI and OAuth sprawl",[13102],{"type":1519},{},{"nodeType":1498,"data":13105,"content":13106},{},[13107,13110,13118],{"nodeType":1482,"value":29,"marks":13108,"data":13109},[],{},{"nodeType":1493,"data":13111,"content":13112},{"uri":6335},[13113],{"nodeType":1482,"value":13114,"marks":13115,"data":13117},"The Vercel breach in April 2026",[13116],{"type":1491},{},{"nodeType":1482,"value":13119,"marks":13120,"data":13121}," was the result of an OAuth connection to a third-party AI SaaS tool a developer connected into the organization's Google Workspace tenant (without admin approval). When the AI vendor was compromised, the attacker leveraged stored OAuth tokens to access downstream accounts, ultimately reaching internal dashboards, API keys, and source code. ",[],{},{"nodeType":1498,"data":13123,"content":13124},{},[13125,13129,13134],{"nodeType":1482,"value":13126,"marks":13127,"data":13128},"Push telemetry across customer environments shows an average of ",[],{},{"nodeType":1482,"value":13130,"marks":13131,"data":13133},"17 unique AI app integrations per organization in Microsoft and Google alone",[13132],{"type":1519},{},{"nodeType":1482,"value":13135,"marks":13136,"data":13137},", most of which security teams would describe as unapproved. These generally don't appear in a conventional risk model that isn't looking for them.",[],{},{"nodeType":2449,"data":13139,"content":13140},{},[13141],{"nodeType":1482,"value":13142,"marks":13143,"data":13145},"Browser extensions",[13144],{"type":1519},{},{"nodeType":1498,"data":13147,"content":13148},{},[13149,13153,13162,13167],{"nodeType":1482,"value":29,"marks":13150,"data":13152},[13151],{"type":1519},{},{"nodeType":1493,"data":13154,"content":13155},{"uri":5490},[13156],{"nodeType":1482,"value":13157,"marks":13158,"data":13161},"Analysis of 20,000 unique extensions deployed across Push customer environments",[13159,13160],{"type":1491},{"type":1519},{},{"nodeType":1482,"value":13163,"marks":13164,"data":13166}," found that 46.76% have the permission combinations required for account takeover without user interaction. ",[13165],{"type":1519},{},{"nodeType":1482,"value":13168,"marks":13169,"data":13170},"The extensions carrying these permissions aren't flagged by risk scoring systems because the same permissions are used by ad blockers, password managers, and translation tools (the downside of relying on tools that rely on dubious scoring to assess extensions, but I digress). ",[],{},{"nodeType":1498,"data":13172,"content":13173},{},[13174],{"nodeType":1482,"value":13175,"marks":13176,"data":13177},"What matters for risk quantification isn't the permission set or an arbitrary score assigned by a vendor; it's whether the monitoring exists to detect when a previously-clean extension changes ownership, escalates permissions, or behaves anomalously. Without that monitoring, the exposure is real but unquantified.",[],{},{"nodeType":2449,"data":13179,"content":13180},{},[13181],{"nodeType":1482,"value":13182,"marks":13183,"data":13185},"ClickFix and non-email delivery channels",[13184],{"type":1519},{},{"nodeType":1498,"data":13187,"content":13188},{},[13189,13193,13200,13204,13211],{"nodeType":1482,"value":13190,"marks":13191,"data":13192},"ClickFix — where a malicious page silently writes a PowerShell or mshta command into the victim's clipboard and instructs them to paste it — was",[],{},{"nodeType":1493,"data":13194,"content":13195},{"uri":5302},[13196],{"nodeType":1482,"value":13197,"marks":13198,"data":13199}," the most common initial access vector observed by Microsoft in 2025",[],{},{"nodeType":1482,"value":13201,"marks":13202,"data":13203},", and CrowdStrike reported a",[],{},{"nodeType":1493,"data":13205,"content":13206},{"uri":5314},[13207],{"nodeType":1482,"value":13208,"marks":13209,"data":13210}," 563% increase in fake CAPTCHA lures",[],{},{"nodeType":1482,"value":13212,"marks":13213,"data":13214}," (one of the most common ClickFix styles in which the user has to \"verify they're human\" by running a command on their machine). ",[],{},{"nodeType":1498,"data":13216,"content":13217},{},[13218],{"nodeType":1482,"value":13219,"marks":13220,"data":13221},"What makes this particularly relevant for risk quantification is the delivery channel: 4 in 5 ClickFix payloads intercepted by Push arrive via search engines, not email. A risk model that estimates threat event frequency from email-based phishing telemetry alone is structurally blind to an entire category of attack that has become one of the most prevalent initial access methods in the landscape.",[],{},{"nodeType":2449,"data":13223,"content":13224},{},[13225],{"nodeType":1482,"value":13226,"marks":13227,"data":13229},"Authorization attacks",[13228],{"type":1519},{},{"nodeType":1498,"data":13231,"content":13232},{},[13233],{"nodeType":1482,"value":13234,"marks":13235,"data":13236},"Device code phishing and OAuth consent abuse represent a slightly separate category of identity attack that most risk models don't account for because they operate after the authentication flow has already completed — meaning password strength, MFA coverage, and SSO adoption are irrelevant to whether the attack succeeds. ",[],{},{"nodeType":1507,"data":13238,"content":13242},{"target":13239},{"sys":13240},{"id":13241,"type":1504,"linkType":1505},"7qtHmxCzBm5664jD6HsCwN",[],{"nodeType":1511,"data":13244,"content":13245},{},[],{"nodeType":1521,"data":13247,"content":13248},{},[13249],{"nodeType":1482,"value":13250,"marks":13251,"data":13253},"The key lesson for CISOs",[13252],{"type":1519},{},{"nodeType":1498,"data":13255,"content":13256},{},[13257],{"nodeType":1482,"value":13258,"marks":13259,"data":13260},"A risk model that measures identity vulnerability purely in terms of authentication hygiene at the IdP layer — how many accounts have MFA, how many use SSO — will correctly quantify one dimension of exposure while completely missing another that is growing faster and is structurally immune to the controls being measured.",[],{},{"nodeType":1498,"data":13262,"content":13263},{},[13264],{"nodeType":1482,"value":13265,"marks":13266,"data":13268},"For a CISO building a risk model, these aren't edge cases. They represent a real attack surface that doesn't show up in models built on conventional network, endpoint, and cloud telemetry. We aren't just talking about better inputs to risk modeling — we're talking about entirely new risk scenarios that aren't being modeled at all, supported by live data.",[13267],{"type":1519},{},{"nodeType":1507,"data":13270,"content":13274},{"target":13271},{"sys":13272},{"id":13273,"type":1504,"linkType":1505},"2ObEcO1gqz8lrOLCZzfpNw",[],{"nodeType":1511,"data":13276,"content":13277},{},[],{"nodeType":2449,"data":13279,"content":13280},{},[13281],{"nodeType":1482,"value":13282,"marks":13283,"data":13285},"Browser telemetry makes a CISO's life easier",[13284],{"type":1519},{},{"nodeType":1498,"data":13287,"content":13288},{},[13289],{"nodeType":1482,"value":13290,"marks":13291,"data":13292},"Browser-based telemetry changes the conversation a CISO can have with a CFO or board. Instead of \"industry benchmarks suggest our expected annual loss from account compromise is somewhere in this range,\" the answer is, \"We can see how often these attacks are attempted against our users, and we can measure what percentage of our accounts have the controls in place to stop them,\" or \"We know how many shadow AI apps our users self-provision and share data with each month.\" ",[],{},{"nodeType":1498,"data":13294,"content":13295},{},[13296],{"nodeType":1482,"value":13297,"marks":13298,"data":13299},"Identity risk is only a piece of the quantification problem. Loss magnitude, regulatory exposure, and reputational impact are still extremely hard to estimate regardless of how good your frequency inputs are. ",[],{},{"nodeType":1498,"data":13301,"content":13302},{},[13303],{"nodeType":1482,"value":13304,"marks":13305,"data":13306},"But the identity attack surface is one of the few areas in security where measurement is genuinely achievable right now, and the gap between what most organizations are modeling and what's actually observable is significant. Shadow SaaS integrations, unapproved AI connections, browser extensions with excessive privileges — these are enumerable risks that don't appear in models built on network, endpoint, and cloud access telemetry alone. ",[],{},{"nodeType":1498,"data":13308,"content":13309},{},[13310,13315],{"nodeType":1482,"value":13311,"marks":13312,"data":13314},"The lesson for CISOs serious about quantitative risk management is this: the frameworks exist, the talent is available, and the bottleneck is almost always data quality. ",[13313],{"type":1519},{},{"nodeType":1482,"value":13316,"marks":13317,"data":13318},"Browser telemetry is a good example of the kind of high-fidelity, environment-specific measurement that closes that gap.",[],{},{"nodeType":1511,"data":13320,"content":13321},{},[],{"nodeType":1498,"data":13323,"content":13324},{},[13325],{"nodeType":1482,"value":6488,"marks":13326,"data":13327},[],{},{"nodeType":1498,"data":13329,"content":13330},{},[13331,13334,13342],{"nodeType":1482,"value":6495,"marks":13332,"data":13333},[],{},{"nodeType":1493,"data":13335,"content":13337},{"uri":13336},"https://pushsecurity.com/book-demo/",[13338],{"nodeType":1482,"value":13339,"marks":13340,"data":13341}," Book a live demo",[],{},{"nodeType":1482,"value":5914,"marks":13343,"data":13344},[],{},"The CISO's data problem (and how browser telemetry can help)","How CISOs can use browser telemetry to support cyber risk quantification in areas where traditional data points fall short. ","2026-05-11T00:00:00.000Z","the-cisos-data-problem-and-how-browser-telemetry-can-help",{"items":13350},[13351,13353],{"sys":13352,"name":8291},{"id":8290},{"sys":13354,"name":5066},{"id":5065},{"items":13356},[13357],{"fullName":13358,"firstName":13359,"jobTitle":13360,"profilePicture":13361},"Mark Orlando","Mark","Field CTO",{"url":13362},"https://images.ctfassets.net/y1cdw1ablpvd/592PMwIQQFaa24k5SKBEKF/a33090d0ad95d1e3081f5d16a46ba826/image__68_.png","blog/the-top-10-security-problems-you-can-solve-in-the-browser-ranked-by-value",{"json":13365},{"data":13366,"content":13367,"nodeType":2060},{},[13368],{"data":13369,"content":13370,"nodeType":1498},{},[13371],{"data":13372,"marks":13373,"value":13374,"nodeType":1482},{},[],"Getting a clear picture of which solution is right for your team means understanding what problem you want to solve, and identifying if the browser is the best place to solve that problem. To help you navigate this, we've ranked the security problems you can solve in the browser by security value and browser fit.",{"id":9019,"publishedAt":13376},"2026-05-15T18:29:49.201Z",{"items":13378},[13379,13381],{"sys":13380,"name":6837},{"id":6836},{"sys":13382,"name":8291},{"id":8290},"80rmYtoaK-S8P6mhzZmWHIbmIHcCOBdUdhdR9iV5ZMQ",{"id":13385,"title":12150,"authorsCollection":13386,"content":13390,"extension":2073,"hashTags":62,"meta":14007,"metaTitle":14008,"ogImage":62,"publishedDate":8282,"relatedBlogPostsCollection":14009,"slug":12152,"stem":15871,"subtitle":62,"summary":15872,"synopsis":12151,"sys":15883,"tagsCollection":15885,"__hash__":15891},"blog/blog/7-things-omdias-latest-report-tells-us-about-the-secure-enterprise-browser-market.json",{"items":13387},[13388],{"fullName":5930,"firstName":5931,"jobTitle":5932,"profilePicture":13389},{"url":5934},{"json":13391,"links":13886},{"data":13392,"content":13393,"nodeType":2060},{},[13394,13409,13415,13421,13426,13429,13436,13449,13455,13460,13466,13541,13547,13552,13558,13563,13566,13573,13583,13589,13599,13602,13609,13622,13628,13634,13637,13644,13650,13663,13668,13681,13687,13693,13699,13712,13718,13721,13728,13734,13747,13753,13756,13763,13776,13782,13798,13808,13811,13818,13831,13837,13843,13849,13855,13858,13864,13870],{"data":13395,"content":13396,"nodeType":1498},{},[13397,13400,13406],{"data":13398,"marks":13399,"value":5624,"nodeType":1482},{},[],{"data":13401,"content":13402,"nodeType":1493},{"uri":11587},[13403],{"data":13404,"marks":13405,"value":11592,"nodeType":1482},{},[],{"data":13407,"marks":13408,"value":11596,"nodeType":1482},{},[],{"data":13410,"content":13411,"nodeType":1498},{},[13412],{"data":13413,"marks":13414,"value":11603,"nodeType":1482},{},[],{"data":13416,"content":13417,"nodeType":1498},{},[13418],{"data":13419,"marks":13420,"value":11610,"nodeType":1482},{},[],{"data":13422,"content":13425,"nodeType":1507},{"target":13423},{"sys":13424},{"id":11615,"type":1504,"linkType":1505},[],{"data":13427,"content":13428,"nodeType":1511},{},[],{"data":13430,"content":13431,"nodeType":1521},{},[13432],{"data":13433,"marks":13434,"value":11627,"nodeType":1482},{},[13435],{"type":1519},{"data":13437,"content":13438,"nodeType":1498},{},[13439,13442,13446],{"data":13440,"marks":13441,"value":11634,"nodeType":1482},{},[],{"data":13443,"marks":13444,"value":11639,"nodeType":1482},{},[13445],{"type":1519},{"data":13447,"marks":13448,"value":11643,"nodeType":1482},{},[],{"data":13450,"content":13451,"nodeType":1498},{},[13452],{"data":13453,"marks":13454,"value":11650,"nodeType":1482},{},[],{"data":13456,"content":13459,"nodeType":1507},{"target":13457},{"sys":13458},{"id":11655,"type":1504,"linkType":1505},[],{"data":13461,"content":13462,"nodeType":1498},{},[13463],{"data":13464,"marks":13465,"value":11663,"nodeType":1482},{},[],{"data":13467,"content":13468,"nodeType":2295},{},[13469,13478,13487,13496,13505,13514,13523,13532],{"data":13470,"content":13471,"nodeType":2299},{},[13472],{"data":13473,"content":13474,"nodeType":1498},{},[13475],{"data":13476,"marks":13477,"value":11676,"nodeType":1482},{},[],{"data":13479,"content":13480,"nodeType":2299},{},[13481],{"data":13482,"content":13483,"nodeType":1498},{},[13484],{"data":13485,"marks":13486,"value":11686,"nodeType":1482},{},[],{"data":13488,"content":13489,"nodeType":2299},{},[13490],{"data":13491,"content":13492,"nodeType":1498},{},[13493],{"data":13494,"marks":13495,"value":11696,"nodeType":1482},{},[],{"data":13497,"content":13498,"nodeType":2299},{},[13499],{"data":13500,"content":13501,"nodeType":1498},{},[13502],{"data":13503,"marks":13504,"value":11706,"nodeType":1482},{},[],{"data":13506,"content":13507,"nodeType":2299},{},[13508],{"data":13509,"content":13510,"nodeType":1498},{},[13511],{"data":13512,"marks":13513,"value":11716,"nodeType":1482},{},[],{"data":13515,"content":13516,"nodeType":2299},{},[13517],{"data":13518,"content":13519,"nodeType":1498},{},[13520],{"data":13521,"marks":13522,"value":11726,"nodeType":1482},{},[],{"data":13524,"content":13525,"nodeType":2299},{},[13526],{"data":13527,"content":13528,"nodeType":1498},{},[13529],{"data":13530,"marks":13531,"value":11736,"nodeType":1482},{},[],{"data":13533,"content":13534,"nodeType":2299},{},[13535],{"data":13536,"content":13537,"nodeType":1498},{},[13538],{"data":13539,"marks":13540,"value":11746,"nodeType":1482},{},[],{"data":13542,"content":13543,"nodeType":1498},{},[13544],{"data":13545,"marks":13546,"value":11753,"nodeType":1482},{},[],{"data":13548,"content":13551,"nodeType":1507},{"target":13549},{"sys":13550},{"id":5227,"type":1504,"linkType":1505},[],{"data":13553,"content":13554,"nodeType":1498},{},[13555],{"data":13556,"marks":13557,"value":11765,"nodeType":1482},{},[],{"data":13559,"content":13562,"nodeType":1507},{"target":13560},{"sys":13561},{"id":11770,"type":1504,"linkType":1505},[],{"data":13564,"content":13565,"nodeType":1511},{},[],{"data":13567,"content":13568,"nodeType":1521},{},[13569],{"data":13570,"marks":13571,"value":11782,"nodeType":1482},{},[13572],{"type":1519},{"data":13574,"content":13575,"nodeType":1498},{},[13576,13580],{"data":13577,"marks":13578,"value":11790,"nodeType":1482},{},[13579],{"type":1519},{"data":13581,"marks":13582,"value":11794,"nodeType":1482},{},[],{"data":13584,"content":13585,"nodeType":1498},{},[13586],{"data":13587,"marks":13588,"value":11801,"nodeType":1482},{},[],{"data":13590,"content":13591,"nodeType":1498},{},[13592,13596],{"data":13593,"marks":13594,"value":11809,"nodeType":1482},{},[13595],{"type":1519},{"data":13597,"marks":13598,"value":11813,"nodeType":1482},{},[],{"data":13600,"content":13601,"nodeType":1511},{},[],{"data":13603,"content":13604,"nodeType":1521},{},[13605],{"data":13606,"marks":13607,"value":11824,"nodeType":1482},{},[13608],{"type":1519},{"data":13610,"content":13611,"nodeType":1498},{},[13612,13615,13619],{"data":13613,"marks":13614,"value":11831,"nodeType":1482},{},[],{"data":13616,"marks":13617,"value":11836,"nodeType":1482},{},[13618],{"type":1519},{"data":13620,"marks":13621,"value":11840,"nodeType":1482},{},[],{"data":13623,"content":13624,"nodeType":1498},{},[13625],{"data":13626,"marks":13627,"value":11847,"nodeType":1482},{},[],{"data":13629,"content":13630,"nodeType":1498},{},[13631],{"data":13632,"marks":13633,"value":11854,"nodeType":1482},{},[],{"data":13635,"content":13636,"nodeType":1511},{},[],{"data":13638,"content":13639,"nodeType":1521},{},[13640],{"data":13641,"marks":13642,"value":11865,"nodeType":1482},{},[13643],{"type":1519},{"data":13645,"content":13646,"nodeType":1498},{},[13647],{"data":13648,"marks":13649,"value":11872,"nodeType":1482},{},[],{"data":13651,"content":13652,"nodeType":1498},{},[13653,13656,13660],{"data":13654,"marks":13655,"value":11879,"nodeType":1482},{},[],{"data":13657,"marks":13658,"value":11884,"nodeType":1482},{},[13659],{"type":1519},{"data":13661,"marks":13662,"value":11888,"nodeType":1482},{},[],{"data":13664,"content":13667,"nodeType":1507},{"target":13665},{"sys":13666},{"id":11893,"type":1504,"linkType":1505},[],{"data":13669,"content":13670,"nodeType":1498},{},[13671,13674,13678],{"data":13672,"marks":13673,"value":11901,"nodeType":1482},{},[],{"data":13675,"marks":13676,"value":11906,"nodeType":1482},{},[13677],{"type":1519},{"data":13679,"marks":13680,"value":11910,"nodeType":1482},{},[],{"data":13682,"content":13683,"nodeType":1498},{},[13684],{"data":13685,"marks":13686,"value":11917,"nodeType":1482},{},[],{"data":13688,"content":13689,"nodeType":1498},{},[13690],{"data":13691,"marks":13692,"value":11924,"nodeType":1482},{},[],{"data":13694,"content":13695,"nodeType":1498},{},[13696],{"data":13697,"marks":13698,"value":11931,"nodeType":1482},{},[],{"data":13700,"content":13701,"nodeType":1498},{},[13702,13705,13709],{"data":13703,"marks":13704,"value":11938,"nodeType":1482},{},[],{"data":13706,"marks":13707,"value":11943,"nodeType":1482},{},[13708],{"type":1519},{"data":13710,"marks":13711,"value":11947,"nodeType":1482},{},[],{"data":13713,"content":13714,"nodeType":1498},{},[13715],{"data":13716,"marks":13717,"value":11954,"nodeType":1482},{},[],{"data":13719,"content":13720,"nodeType":1511},{},[],{"data":13722,"content":13723,"nodeType":1521},{},[13724],{"data":13725,"marks":13726,"value":11965,"nodeType":1482},{},[13727],{"type":1519},{"data":13729,"content":13730,"nodeType":1498},{},[13731],{"data":13732,"marks":13733,"value":11972,"nodeType":1482},{},[],{"data":13735,"content":13736,"nodeType":1498},{},[13737,13740,13744],{"data":13738,"marks":13739,"value":11979,"nodeType":1482},{},[],{"data":13741,"marks":13742,"value":11984,"nodeType":1482},{},[13743],{"type":1519},{"data":13745,"marks":13746,"value":11988,"nodeType":1482},{},[],{"data":13748,"content":13749,"nodeType":1498},{},[13750],{"data":13751,"marks":13752,"value":11995,"nodeType":1482},{},[],{"data":13754,"content":13755,"nodeType":1511},{},[],{"data":13757,"content":13758,"nodeType":1521},{},[13759],{"data":13760,"marks":13761,"value":12006,"nodeType":1482},{},[13762],{"type":1519},{"data":13764,"content":13765,"nodeType":1498},{},[13766,13769,13773],{"data":13767,"marks":13768,"value":12013,"nodeType":1482},{},[],{"data":13770,"marks":13771,"value":12018,"nodeType":1482},{},[13772],{"type":1519},{"data":13774,"marks":13775,"value":12022,"nodeType":1482},{},[],{"data":13777,"content":13778,"nodeType":1498},{},[13779],{"data":13780,"marks":13781,"value":12029,"nodeType":1482},{},[],{"data":13783,"content":13784,"nodeType":1498},{},[13785,13788,13795],{"data":13786,"marks":13787,"value":12036,"nodeType":1482},{},[],{"data":13789,"content":13790,"nodeType":1493},{"uri":12039},[13791],{"data":13792,"marks":13793,"value":12045,"nodeType":1482},{},[13794],{"type":1491},{"data":13796,"marks":13797,"value":12049,"nodeType":1482},{},[],{"data":13799,"content":13800,"nodeType":1498},{},[13801,13804],{"data":13802,"marks":13803,"value":12056,"nodeType":1482},{},[],{"data":13805,"marks":13806,"value":12061,"nodeType":1482},{},[13807],{"type":1519},{"data":13809,"content":13810,"nodeType":1511},{},[],{"data":13812,"content":13813,"nodeType":1521},{},[13814],{"data":13815,"marks":13816,"value":12072,"nodeType":1482},{},[13817],{"type":1519},{"data":13819,"content":13820,"nodeType":1498},{},[13821,13824,13828],{"data":13822,"marks":13823,"value":12079,"nodeType":1482},{},[],{"data":13825,"marks":13826,"value":12084,"nodeType":1482},{},[13827],{"type":1519},{"data":13829,"marks":13830,"value":12088,"nodeType":1482},{},[],{"data":13832,"content":13833,"nodeType":1498},{},[13834],{"data":13835,"marks":13836,"value":12095,"nodeType":1482},{},[],{"data":13838,"content":13839,"nodeType":1498},{},[13840],{"data":13841,"marks":13842,"value":12102,"nodeType":1482},{},[],{"data":13844,"content":13845,"nodeType":1498},{},[13846],{"data":13847,"marks":13848,"value":12109,"nodeType":1482},{},[],{"data":13850,"content":13851,"nodeType":1498},{},[13852],{"data":13853,"marks":13854,"value":12116,"nodeType":1482},{},[],{"data":13856,"content":13857,"nodeType":1511},{},[],{"data":13859,"content":13860,"nodeType":1498},{},[13861],{"data":13862,"marks":13863,"value":12126,"nodeType":1482},{},[],{"data":13865,"content":13866,"nodeType":1498},{},[13867],{"data":13868,"marks":13869,"value":6495,"nodeType":1482},{},[],{"data":13871,"content":13872,"nodeType":1498},{},[13873,13876,13883],{"data":13874,"marks":13875,"value":29,"nodeType":1482},{},[],{"data":13877,"content":13878,"nodeType":1493},{"uri":2043},[13879],{"data":13880,"marks":13881,"value":12146,"nodeType":1482},{},[13882],{"type":1491},{"data":13884,"marks":13885,"value":5914,"nodeType":1482},{},[],{"entries":13887},{"hyperlink":13888,"inline":13889,"block":13890},[],[],[13891,13899,13936,13940,13969],{"sys":13892,"__typename":11411,"title":13893,"caption":13894,"layoutMode":62,"file":13895},{"id":11615},"Omdia report key stats infographic","Headline stats from the latest Omdia report.",{"url":13896,"width":13897,"height":13898},"https://images.ctfassets.net/y1cdw1ablpvd/62TiADpvI65W2gT7RQwlOU/a4aaad376574b1cd963fc0afa5e2942d/omdia-browser-security-infographic_2x__2_.png",1700,1434,{"sys":13900,"__typename":7454,"content":13901,"name":13935,"title":62},{"id":11655},{"json":13902},{"nodeType":2060,"data":13903,"content":13904},{},[13905],{"nodeType":1498,"data":13906,"content":13907},{},[13908,13912,13919,13923,13931],{"nodeType":1482,"value":13909,"marks":13910,"data":13911},"The evidence here isn’t just statistics. The real-world breaches attributed to ",[],{},{"nodeType":1493,"data":13913,"content":13914},{"uri":2344},[13915],{"nodeType":1482,"value":2347,"marks":13916,"data":13918},[13917],{"type":1491},{},{"nodeType":1482,"value":13920,"marks":13921,"data":13922},", including the ",[],{},{"nodeType":1493,"data":13924,"content":13925},{"uri":1946},[13926],{"nodeType":1482,"value":13927,"marks":13928,"data":13930},"ShinyHunters-branded 2026 hacking spree",[13929],{"type":1491},{},{"nodeType":1482,"value":13932,"marks":13933,"data":13934},", clearly underline the real-world threat. ",[],{},"Omdia report IB1",{"sys":13937,"__typename":2068,"type":2069,"ctaText":13938,"buttonLabel":13939,"buttonColour":2072,"buttonUrl":5873},{"id":5227},"Get our latest technical whitepaper to learn about the state of browser-based attacks in 2026 (no sign-up required).","Download Now",{"sys":13941,"__typename":7454,"content":13942,"name":13968,"title":62},{"id":11770},{"json":13943},{"data":13944,"content":13945,"nodeType":2060},{},[13946],{"data":13947,"content":13948,"nodeType":1498},{},[13949,13953,13964],{"data":13950,"marks":13951,"value":13952,"nodeType":1482},{},[],"It's worth noting that AiTM — now the dominant phishing technique in the wild,",{"data":13954,"content":13955,"nodeType":1493},{"uri":1543},[13956,13959],{"data":13957,"marks":13958,"value":2686,"nodeType":1482},{},[],{"data":13960,"marks":13961,"value":13963,"nodeType":1482},{},[13962],{"type":1491},"responsible for 62% of phishing blocked by Microsoft",{"data":13965,"marks":13966,"value":13967,"nodeType":1482},{},[]," — shows up at just 17% in Omdia's data. That likely reflects a recognition gap rather than low prevalence: most organizations lack the browser-layer visibility to distinguish an AiTM reverse-proxy attack from a conventional phishing page, which means the real AiTM figure is probably buried inside the 40% who reported phishing generally.","Omdia report IB2",{"sys":13970,"__typename":7454,"content":13971,"name":14006,"title":62},{"id":11893},{"json":13972},{"nodeType":2060,"data":13973,"content":13974},{},[13975],{"nodeType":1498,"data":13976,"content":13977},{},[13978,13982,13990,13994,14002],{"nodeType":1482,"value":13979,"marks":13980,"data":13981},"This is something we’re seeing extensively in the wild. Just about every phishing kit we encounter today is packed with signs of AI use. You can see our ",[],{},{"nodeType":1493,"data":13983,"content":13984},{"uri":6154},[13985],{"nodeType":1482,"value":13986,"marks":13987,"data":13989},"recent analysis of the Doko’s Panel real-time vishing + AitM kit",[13988],{"type":1491},{},{"nodeType":1482,"value":13991,"marks":13992,"data":13993}," for one example of this. AI development of kits and tools is rapidly driving down the time for attackers to adopt and scale new capabilities — the ",[],{},{"nodeType":1493,"data":13995,"content":13996},{"uri":1555},[13997],{"nodeType":1482,"value":13998,"marks":13999,"data":14001},"37x increase in device code phishing in 2026",[14000],{"type":1491},{},{"nodeType":1482,"value":14003,"marks":14004,"data":14005}," being another indicator of this (we've observed heavy AI tool use across multiple kits and campaigns, with the EvilTokens kit gaining particular notoriety for its abuse of the Railway platform's AI features).",[],{},"Omdia report IB3",{},"7 things Omdia's latest report tells us about the SEB market",{"items":14010},[14011,14683,15125],{"__typename":2080,"sys":14012,"content":14013,"title":8280,"synopsis":8281,"hashTags":62,"publishedDate":8282,"slug":8283,"tagsCollection":14673,"authorsCollection":14679},{"id":7511},{"json":14014},{"data":14015,"content":14016,"nodeType":2060},{},[14017,14022,14028,14034,14040,14043,14050,14056,14066,14076,14081,14087,14090,14097,14103,14108,14114,14120,14213,14219,14222,14229,14235,14290,14303,14308,14314,14317,14324,14330,14337,14343,14349,14374,14380,14387,14393,14399,14405,14412,14418,14424,14430,14433,14440,14450,14456,14462,14469,14475,14481,14488,14494,14549,14562,14577,14584,14590,14597,14603,14609,14615,14620,14627,14633,14639,14644,14650,14656,14662,14667],{"data":14018,"content":14021,"nodeType":1507},{"target":14019},{"sys":14020},{"id":7520,"type":1504,"linkType":1505},[],{"data":14023,"content":14024,"nodeType":1498},{},[14025],{"data":14026,"marks":14027,"value":7528,"nodeType":1482},{},[],{"data":14029,"content":14030,"nodeType":1498},{},[14031],{"data":14032,"marks":14033,"value":7535,"nodeType":1482},{},[],{"data":14035,"content":14036,"nodeType":1498},{},[14037],{"data":14038,"marks":14039,"value":7542,"nodeType":1482},{},[],{"data":14041,"content":14042,"nodeType":1511},{},[],{"data":14044,"content":14045,"nodeType":1521},{},[14046],{"data":14047,"marks":14048,"value":7553,"nodeType":1482},{},[14049],{"type":1519},{"data":14051,"content":14052,"nodeType":1498},{},[14053],{"data":14054,"marks":14055,"value":7560,"nodeType":1482},{},[],{"data":14057,"content":14058,"nodeType":1498},{},[14059,14063],{"data":14060,"marks":14061,"value":7568,"nodeType":1482},{},[14062],{"type":1519},{"data":14064,"marks":14065,"value":7572,"nodeType":1482},{},[],{"data":14067,"content":14068,"nodeType":1498},{},[14069,14073],{"data":14070,"marks":14071,"value":7580,"nodeType":1482},{},[14072],{"type":1519},{"data":14074,"marks":14075,"value":7584,"nodeType":1482},{},[],{"data":14077,"content":14080,"nodeType":1507},{"target":14078},{"sys":14079},{"id":5227,"type":1504,"linkType":1505},[],{"data":14082,"content":14083,"nodeType":1498},{},[14084],{"data":14085,"marks":14086,"value":7596,"nodeType":1482},{},[],{"data":14088,"content":14089,"nodeType":1511},{},[],{"data":14091,"content":14092,"nodeType":1521},{},[14093],{"data":14094,"marks":14095,"value":7607,"nodeType":1482},{},[14096],{"type":1519},{"data":14098,"content":14099,"nodeType":1498},{},[14100],{"data":14101,"marks":14102,"value":7614,"nodeType":1482},{},[],{"data":14104,"content":14107,"nodeType":1507},{"target":14105},{"sys":14106},{"id":7619,"type":1504,"linkType":1505},[],{"data":14109,"content":14110,"nodeType":1498},{},[14111],{"data":14112,"marks":14113,"value":7627,"nodeType":1482},{},[],{"data":14115,"content":14116,"nodeType":1498},{},[14117],{"data":14118,"marks":14119,"value":7634,"nodeType":1482},{},[],{"data":14121,"content":14122,"nodeType":2295},{},[14123,14139,14155,14171,14187,14200],{"data":14124,"content":14125,"nodeType":2299},{},[14126],{"data":14127,"content":14128,"nodeType":1498},{},[14129,14132,14136],{"data":14130,"marks":14131,"value":7647,"nodeType":1482},{},[],{"data":14133,"marks":14134,"value":7652,"nodeType":1482},{},[14135],{"type":1519},{"data":14137,"marks":14138,"value":7656,"nodeType":1482},{},[],{"data":14140,"content":14141,"nodeType":2299},{},[14142],{"data":14143,"content":14144,"nodeType":1498},{},[14145,14148,14152],{"data":14146,"marks":14147,"value":7666,"nodeType":1482},{},[],{"data":14149,"marks":14150,"value":7671,"nodeType":1482},{},[14151],{"type":1519},{"data":14153,"marks":14154,"value":7675,"nodeType":1482},{},[],{"data":14156,"content":14157,"nodeType":2299},{},[14158],{"data":14159,"content":14160,"nodeType":1498},{},[14161,14164,14168],{"data":14162,"marks":14163,"value":7685,"nodeType":1482},{},[],{"data":14165,"marks":14166,"value":7690,"nodeType":1482},{},[14167],{"type":1519},{"data":14169,"marks":14170,"value":7694,"nodeType":1482},{},[],{"data":14172,"content":14173,"nodeType":2299},{},[14174],{"data":14175,"content":14176,"nodeType":1498},{},[14177,14180,14184],{"data":14178,"marks":14179,"value":7704,"nodeType":1482},{},[],{"data":14181,"marks":14182,"value":7709,"nodeType":1482},{},[14183],{"type":1519},{"data":14185,"marks":14186,"value":7713,"nodeType":1482},{},[],{"data":14188,"content":14189,"nodeType":2299},{},[14190],{"data":14191,"content":14192,"nodeType":1498},{},[14193,14197],{"data":14194,"marks":14195,"value":7724,"nodeType":1482},{},[14196],{"type":1519},{"data":14198,"marks":14199,"value":7728,"nodeType":1482},{},[],{"data":14201,"content":14202,"nodeType":2299},{},[14203],{"data":14204,"content":14205,"nodeType":1498},{},[14206,14210],{"data":14207,"marks":14208,"value":7739,"nodeType":1482},{},[14209],{"type":1519},{"data":14211,"marks":14212,"value":7743,"nodeType":1482},{},[],{"data":14214,"content":14215,"nodeType":1498},{},[14216],{"data":14217,"marks":14218,"value":7750,"nodeType":1482},{},[],{"data":14220,"content":14221,"nodeType":1511},{},[],{"data":14223,"content":14224,"nodeType":2449},{},[14225],{"data":14226,"marks":14227,"value":7761,"nodeType":1482},{},[14228],{"type":1519},{"data":14230,"content":14231,"nodeType":1498},{},[14232],{"data":14233,"marks":14234,"value":7768,"nodeType":1482},{},[],{"data":14236,"content":14237,"nodeType":2295},{},[14238,14251,14264,14277],{"data":14239,"content":14240,"nodeType":2299},{},[14241],{"data":14242,"content":14243,"nodeType":1498},{},[14244,14247],{"data":14245,"marks":14246,"value":7781,"nodeType":1482},{},[],{"data":14248,"marks":14249,"value":7786,"nodeType":1482},{},[14250],{"type":1519},{"data":14252,"content":14253,"nodeType":2299},{},[14254],{"data":14255,"content":14256,"nodeType":1498},{},[14257,14260],{"data":14258,"marks":14259,"value":7796,"nodeType":1482},{},[],{"data":14261,"marks":14262,"value":7801,"nodeType":1482},{},[14263],{"type":1519},{"data":14265,"content":14266,"nodeType":2299},{},[14267],{"data":14268,"content":14269,"nodeType":1498},{},[14270,14273],{"data":14271,"marks":14272,"value":7811,"nodeType":1482},{},[],{"data":14274,"marks":14275,"value":7816,"nodeType":1482},{},[14276],{"type":1519},{"data":14278,"content":14279,"nodeType":2299},{},[14280],{"data":14281,"content":14282,"nodeType":1498},{},[14283,14286],{"data":14284,"marks":14285,"value":7826,"nodeType":1482},{},[],{"data":14287,"marks":14288,"value":7831,"nodeType":1482},{},[14289],{"type":1519},{"data":14291,"content":14292,"nodeType":1498},{},[14293,14296,14300],{"data":14294,"marks":14295,"value":7838,"nodeType":1482},{},[],{"data":14297,"marks":14298,"value":7843,"nodeType":1482},{},[14299],{"type":1519},{"data":14301,"marks":14302,"value":7847,"nodeType":1482},{},[],{"data":14304,"content":14307,"nodeType":1507},{"target":14305},{"sys":14306},{"id":7852,"type":1504,"linkType":1505},[],{"data":14309,"content":14310,"nodeType":1498},{},[14311],{"data":14312,"marks":14313,"value":7860,"nodeType":1482},{},[],{"data":14315,"content":14316,"nodeType":1511},{},[],{"data":14318,"content":14319,"nodeType":1521},{},[14320],{"data":14321,"marks":14322,"value":7871,"nodeType":1482},{},[14323],{"type":1519},{"data":14325,"content":14326,"nodeType":1498},{},[14327],{"data":14328,"marks":14329,"value":7878,"nodeType":1482},{},[],{"data":14331,"content":14332,"nodeType":2449},{},[14333],{"data":14334,"marks":14335,"value":7886,"nodeType":1482},{},[14336],{"type":1519},{"data":14338,"content":14339,"nodeType":1498},{},[14340],{"data":14341,"marks":14342,"value":7893,"nodeType":1482},{},[],{"data":14344,"content":14345,"nodeType":1498},{},[14346],{"data":14347,"marks":14348,"value":7900,"nodeType":1482},{},[],{"data":14350,"content":14351,"nodeType":1498},{},[14352,14355,14361,14364,14371],{"data":14353,"marks":14354,"value":7907,"nodeType":1482},{},[],{"data":14356,"content":14357,"nodeType":1493},{"uri":6870},[14358],{"data":14359,"marks":14360,"value":7914,"nodeType":1482},{},[],{"data":14362,"marks":14363,"value":7918,"nodeType":1482},{},[],{"data":14365,"content":14366,"nodeType":1493},{"uri":7921},[14367],{"data":14368,"marks":14369,"value":7927,"nodeType":1482},{},[14370],{"type":1491},{"data":14372,"marks":14373,"value":7931,"nodeType":1482},{},[],{"data":14375,"content":14376,"nodeType":1498},{},[14377],{"data":14378,"marks":14379,"value":7938,"nodeType":1482},{},[],{"data":14381,"content":14382,"nodeType":2449},{},[14383],{"data":14384,"marks":14385,"value":7946,"nodeType":1482},{},[14386],{"type":1519},{"data":14388,"content":14389,"nodeType":1498},{},[14390],{"data":14391,"marks":14392,"value":7953,"nodeType":1482},{},[],{"data":14394,"content":14395,"nodeType":1498},{},[14396],{"data":14397,"marks":14398,"value":7960,"nodeType":1482},{},[],{"data":14400,"content":14401,"nodeType":1498},{},[14402],{"data":14403,"marks":14404,"value":7967,"nodeType":1482},{},[],{"data":14406,"content":14407,"nodeType":2449},{},[14408],{"data":14409,"marks":14410,"value":7975,"nodeType":1482},{},[14411],{"type":1519},{"data":14413,"content":14414,"nodeType":1498},{},[14415],{"data":14416,"marks":14417,"value":7982,"nodeType":1482},{},[],{"data":14419,"content":14420,"nodeType":1498},{},[14421],{"data":14422,"marks":14423,"value":7989,"nodeType":1482},{},[],{"data":14425,"content":14426,"nodeType":1498},{},[14427],{"data":14428,"marks":14429,"value":7996,"nodeType":1482},{},[],{"data":14431,"content":14432,"nodeType":1511},{},[],{"data":14434,"content":14435,"nodeType":1521},{},[14436],{"data":14437,"marks":14438,"value":8007,"nodeType":1482},{},[14439],{"type":1519},{"data":14441,"content":14442,"nodeType":1498},{},[14443,14447],{"data":14444,"marks":14445,"value":8015,"nodeType":1482},{},[14446],{"type":1519},{"data":14448,"marks":14449,"value":8019,"nodeType":1482},{},[],{"data":14451,"content":14452,"nodeType":1498},{},[14453],{"data":14454,"marks":14455,"value":8026,"nodeType":1482},{},[],{"data":14457,"content":14458,"nodeType":1498},{},[14459],{"data":14460,"marks":14461,"value":8033,"nodeType":1482},{},[],{"data":14463,"content":14464,"nodeType":2449},{},[14465],{"data":14466,"marks":14467,"value":8041,"nodeType":1482},{},[14468],{"type":1519},{"data":14470,"content":14471,"nodeType":1498},{},[14472],{"data":14473,"marks":14474,"value":8048,"nodeType":1482},{},[],{"data":14476,"content":14477,"nodeType":1498},{},[14478],{"data":14479,"marks":14480,"value":8055,"nodeType":1482},{},[],{"data":14482,"content":14483,"nodeType":2449},{},[14484],{"data":14485,"marks":14486,"value":8063,"nodeType":1482},{},[14487],{"type":1519},{"data":14489,"content":14490,"nodeType":1498},{},[14491],{"data":14492,"marks":14493,"value":8070,"nodeType":1482},{},[],{"data":14495,"content":14496,"nodeType":2295},{},[14497,14510,14523,14536],{"data":14498,"content":14499,"nodeType":2299},{},[14500],{"data":14501,"content":14502,"nodeType":1498},{},[14503,14507],{"data":14504,"marks":14505,"value":8084,"nodeType":1482},{},[14506],{"type":1519},{"data":14508,"marks":14509,"value":8088,"nodeType":1482},{},[],{"data":14511,"content":14512,"nodeType":2299},{},[14513],{"data":14514,"content":14515,"nodeType":1498},{},[14516,14520],{"data":14517,"marks":14518,"value":8099,"nodeType":1482},{},[14519],{"type":1519},{"data":14521,"marks":14522,"value":8103,"nodeType":1482},{},[],{"data":14524,"content":14525,"nodeType":2299},{},[14526],{"data":14527,"content":14528,"nodeType":1498},{},[14529,14533],{"data":14530,"marks":14531,"value":8114,"nodeType":1482},{},[14532],{"type":1519},{"data":14534,"marks":14535,"value":8118,"nodeType":1482},{},[],{"data":14537,"content":14538,"nodeType":2299},{},[14539],{"data":14540,"content":14541,"nodeType":1498},{},[14542,14546],{"data":14543,"marks":14544,"value":8129,"nodeType":1482},{},[14545],{"type":1519},{"data":14547,"marks":14548,"value":8133,"nodeType":1482},{},[],{"data":14550,"content":14551,"nodeType":1498},{},[14552,14555,14559],{"data":14553,"marks":14554,"value":8140,"nodeType":1482},{},[],{"data":14556,"marks":14557,"value":8145,"nodeType":1482},{},[14558],{"type":1519},{"data":14560,"marks":14561,"value":8149,"nodeType":1482},{},[],{"data":14563,"content":14564,"nodeType":1498},{},[14565,14568,14574],{"data":14566,"marks":14567,"value":8156,"nodeType":1482},{},[],{"data":14569,"content":14570,"nodeType":1493},{"uri":8159},[14571],{"data":14572,"marks":14573,"value":8164,"nodeType":1482},{},[],{"data":14575,"marks":14576,"value":8168,"nodeType":1482},{},[],{"data":14578,"content":14579,"nodeType":2449},{},[14580],{"data":14581,"marks":14582,"value":8176,"nodeType":1482},{},[14583],{"type":1519},{"data":14585,"content":14586,"nodeType":1498},{},[14587],{"data":14588,"marks":14589,"value":8183,"nodeType":1482},{},[],{"data":14591,"content":14592,"nodeType":1498},{},[14593],{"data":14594,"marks":14595,"value":8191,"nodeType":1482},{},[14596],{"type":1519},{"data":14598,"content":14599,"nodeType":1498},{},[14600],{"data":14601,"marks":14602,"value":8198,"nodeType":1482},{},[],{"data":14604,"content":14605,"nodeType":1498},{},[14606],{"data":14607,"marks":14608,"value":8205,"nodeType":1482},{},[],{"data":14610,"content":14611,"nodeType":1498},{},[14612],{"data":14613,"marks":14614,"value":8212,"nodeType":1482},{},[],{"data":14616,"content":14619,"nodeType":1507},{"target":14617},{"sys":14618},{"id":8217,"type":1504,"linkType":1505},[],{"data":14621,"content":14622,"nodeType":2449},{},[14623],{"data":14624,"marks":14625,"value":8226,"nodeType":1482},{},[14626],{"type":1519},{"data":14628,"content":14629,"nodeType":1498},{},[14630],{"data":14631,"marks":14632,"value":8233,"nodeType":1482},{},[],{"data":14634,"content":14635,"nodeType":1498},{},[14636],{"data":14637,"marks":14638,"value":8240,"nodeType":1482},{},[],{"data":14640,"content":14643,"nodeType":1507},{"target":14641},{"sys":14642},{"id":8245,"type":1504,"linkType":1505},[],{"data":14645,"content":14646,"nodeType":1498},{},[14647],{"data":14648,"marks":14649,"value":8253,"nodeType":1482},{},[],{"data":14651,"content":14652,"nodeType":1498},{},[14653],{"data":14654,"marks":14655,"value":8260,"nodeType":1482},{},[],{"data":14657,"content":14658,"nodeType":1498},{},[14659],{"data":14660,"marks":14661,"value":8267,"nodeType":1482},{},[],{"data":14663,"content":14666,"nodeType":1507},{"target":14664},{"sys":14665},{"id":8272,"type":1504,"linkType":1505},[],{"data":14668,"content":14669,"nodeType":1498},{},[14670],{"data":14671,"marks":14672,"value":29,"nodeType":1482},{},[],{"items":14674},[14675,14677],{"sys":14676,"name":6837},{"id":6836},{"sys":14678,"name":8291},{"id":8290},{"items":14680},[14681],{"fullName":6845,"firstName":6846,"jobTitle":6847,"profilePicture":14682},{"url":6849},{"__typename":2080,"sys":14684,"content":14685,"title":13345,"synopsis":13346,"hashTags":62,"publishedDate":13347,"slug":13348,"tagsCollection":15115,"authorsCollection":15121},{"id":12837},{"json":14686},{"nodeType":2060,"data":14687,"content":14688},{},[14689,14696,14720,14725,14731,14746,14759,14762,14769,14782,14798,14818,14823,14836,14860,14865,14870,14883,14886,14893,14899,14906,14922,14935,14942,14964,14970,14977,15001,15007,15014,15020,15025,15028,15035,15041,15048,15053,15056,15063,15069,15075,15081,15091,15094,15100],{"nodeType":1521,"data":14690,"content":14691},{},[14692],{"nodeType":1482,"value":12846,"marks":14693,"data":14695},[14694],{"type":1519},{},{"nodeType":1498,"data":14697,"content":14698},{},[14699,14702,14708,14711,14717],{"nodeType":1482,"value":12854,"marks":14700,"data":14701},[],{},{"nodeType":1493,"data":14703,"content":14704},{"uri":12859},[14705],{"nodeType":1482,"value":12862,"marks":14706,"data":14707},[],{},{"nodeType":1482,"value":12866,"marks":14709,"data":14710},[],{},{"nodeType":1493,"data":14712,"content":14713},{"uri":12871},[14714],{"nodeType":1482,"value":12874,"marks":14715,"data":14716},[],{},{"nodeType":1482,"value":12878,"marks":14718,"data":14719},[],{},{"nodeType":1507,"data":14721,"content":14724},{"target":14722},{"sys":14723},{"id":12885,"type":1504,"linkType":1505},[],{"nodeType":1498,"data":14726,"content":14727},{},[14728],{"nodeType":1482,"value":12891,"marks":14729,"data":14730},[],{},{"nodeType":1498,"data":14732,"content":14733},{},[14734,14737,14743],{"nodeType":1482,"value":12898,"marks":14735,"data":14736},[],{},{"nodeType":1493,"data":14738,"content":14739},{"uri":12903},[14740],{"nodeType":1482,"value":12906,"marks":14741,"data":14742},[],{},{"nodeType":1482,"value":12910,"marks":14744,"data":14745},[],{},{"nodeType":1498,"data":14747,"content":14748},{},[14749,14752,14756],{"nodeType":1482,"value":12917,"marks":14750,"data":14751},[],{},{"nodeType":1482,"value":12921,"marks":14753,"data":14755},[14754],{"type":1519},{},{"nodeType":1482,"value":1576,"marks":14757,"data":14758},[],{},{"nodeType":1511,"data":14760,"content":14761},{},[],{"nodeType":1521,"data":14763,"content":14764},{},[14765],{"nodeType":1482,"value":12935,"marks":14766,"data":14768},[14767],{"type":1519},{},{"nodeType":1498,"data":14770,"content":14771},{},[14772,14775,14779],{"nodeType":1482,"value":12943,"marks":14773,"data":14774},[],{},{"nodeType":1482,"value":12947,"marks":14776,"data":14778},[14777],{"type":274},{},{"nodeType":1482,"value":1576,"marks":14780,"data":14781},[],{},{"nodeType":1498,"data":14783,"content":14784},{},[14785,14788,14795],{"nodeType":1482,"value":12958,"marks":14786,"data":14787},[],{},{"nodeType":1493,"data":14789,"content":14790},{"uri":1543},[14791],{"nodeType":1482,"value":12965,"marks":14792,"data":14794},[14793],{"type":1491},{},{"nodeType":1482,"value":12970,"marks":14796,"data":14797},[],{},{"nodeType":1498,"data":14799,"content":14800},{},[14801,14804,14808,14811,14815],{"nodeType":1482,"value":12977,"marks":14802,"data":14803},[],{},{"nodeType":1482,"value":12981,"marks":14805,"data":14807},[14806],{"type":1519},{},{"nodeType":1482,"value":12986,"marks":14809,"data":14810},[],{},{"nodeType":1482,"value":12990,"marks":14812,"data":14814},[14813],{"type":274},{},{"nodeType":1482,"value":12995,"marks":14816,"data":14817},[],{},{"nodeType":1507,"data":14819,"content":14822},{"target":14820},{"sys":14821},{"id":13002,"type":1504,"linkType":1505},[],{"nodeType":1498,"data":14824,"content":14825},{},[14826,14829,14833],{"nodeType":1482,"value":13008,"marks":14827,"data":14828},[],{},{"nodeType":1482,"value":13012,"marks":14830,"data":14832},[14831],{"type":1519},{},{"nodeType":1482,"value":13017,"marks":14834,"data":14835},[],{},{"nodeType":1498,"data":14837,"content":14838},{},[14839,14842,14848,14851,14857],{"nodeType":1482,"value":13024,"marks":14840,"data":14841},[],{},{"nodeType":1493,"data":14843,"content":14844},{"uri":7270},[14845],{"nodeType":1482,"value":13031,"marks":14846,"data":14847},[],{},{"nodeType":1482,"value":13035,"marks":14849,"data":14850},[],{},{"nodeType":1493,"data":14852,"content":14853},{"uri":13040},[14854],{"nodeType":1482,"value":13043,"marks":14855,"data":14856},[],{},{"nodeType":1482,"value":13047,"marks":14858,"data":14859},[],{},{"nodeType":1507,"data":14861,"content":14864},{"target":14862},{"sys":14863},{"id":13054,"type":1504,"linkType":1505},[],{"nodeType":1507,"data":14866,"content":14869},{"target":14867},{"sys":14868},{"id":13060,"type":1504,"linkType":1505},[],{"nodeType":1498,"data":14871,"content":14872},{},[14873,14876,14880],{"nodeType":1482,"value":13066,"marks":14874,"data":14875},[],{},{"nodeType":1482,"value":13070,"marks":14877,"data":14879},[14878],{"type":1519},{},{"nodeType":1482,"value":13075,"marks":14881,"data":14882},[],{},{"nodeType":1511,"data":14884,"content":14885},{},[],{"nodeType":1521,"data":14887,"content":14888},{},[14889],{"nodeType":1482,"value":13085,"marks":14890,"data":14892},[14891],{"type":1519},{},{"nodeType":1498,"data":14894,"content":14895},{},[14896],{"nodeType":1482,"value":13093,"marks":14897,"data":14898},[],{},{"nodeType":2449,"data":14900,"content":14901},{},[14902],{"nodeType":1482,"value":13100,"marks":14903,"data":14905},[14904],{"type":1519},{},{"nodeType":1498,"data":14907,"content":14908},{},[14909,14912,14919],{"nodeType":1482,"value":29,"marks":14910,"data":14911},[],{},{"nodeType":1493,"data":14913,"content":14914},{"uri":6335},[14915],{"nodeType":1482,"value":13114,"marks":14916,"data":14918},[14917],{"type":1491},{},{"nodeType":1482,"value":13119,"marks":14920,"data":14921},[],{},{"nodeType":1498,"data":14923,"content":14924},{},[14925,14928,14932],{"nodeType":1482,"value":13126,"marks":14926,"data":14927},[],{},{"nodeType":1482,"value":13130,"marks":14929,"data":14931},[14930],{"type":1519},{},{"nodeType":1482,"value":13135,"marks":14933,"data":14934},[],{},{"nodeType":2449,"data":14936,"content":14937},{},[14938],{"nodeType":1482,"value":13142,"marks":14939,"data":14941},[14940],{"type":1519},{},{"nodeType":1498,"data":14943,"content":14944},{},[14945,14949,14957,14961],{"nodeType":1482,"value":29,"marks":14946,"data":14948},[14947],{"type":1519},{},{"nodeType":1493,"data":14950,"content":14951},{"uri":5490},[14952],{"nodeType":1482,"value":13157,"marks":14953,"data":14956},[14954,14955],{"type":1491},{"type":1519},{},{"nodeType":1482,"value":13163,"marks":14958,"data":14960},[14959],{"type":1519},{},{"nodeType":1482,"value":13168,"marks":14962,"data":14963},[],{},{"nodeType":1498,"data":14965,"content":14966},{},[14967],{"nodeType":1482,"value":13175,"marks":14968,"data":14969},[],{},{"nodeType":2449,"data":14971,"content":14972},{},[14973],{"nodeType":1482,"value":13182,"marks":14974,"data":14976},[14975],{"type":1519},{},{"nodeType":1498,"data":14978,"content":14979},{},[14980,14983,14989,14992,14998],{"nodeType":1482,"value":13190,"marks":14981,"data":14982},[],{},{"nodeType":1493,"data":14984,"content":14985},{"uri":5302},[14986],{"nodeType":1482,"value":13197,"marks":14987,"data":14988},[],{},{"nodeType":1482,"value":13201,"marks":14990,"data":14991},[],{},{"nodeType":1493,"data":14993,"content":14994},{"uri":5314},[14995],{"nodeType":1482,"value":13208,"marks":14996,"data":14997},[],{},{"nodeType":1482,"value":13212,"marks":14999,"data":15000},[],{},{"nodeType":1498,"data":15002,"content":15003},{},[15004],{"nodeType":1482,"value":13219,"marks":15005,"data":15006},[],{},{"nodeType":2449,"data":15008,"content":15009},{},[15010],{"nodeType":1482,"value":13226,"marks":15011,"data":15013},[15012],{"type":1519},{},{"nodeType":1498,"data":15015,"content":15016},{},[15017],{"nodeType":1482,"value":13234,"marks":15018,"data":15019},[],{},{"nodeType":1507,"data":15021,"content":15024},{"target":15022},{"sys":15023},{"id":13241,"type":1504,"linkType":1505},[],{"nodeType":1511,"data":15026,"content":15027},{},[],{"nodeType":1521,"data":15029,"content":15030},{},[15031],{"nodeType":1482,"value":13250,"marks":15032,"data":15034},[15033],{"type":1519},{},{"nodeType":1498,"data":15036,"content":15037},{},[15038],{"nodeType":1482,"value":13258,"marks":15039,"data":15040},[],{},{"nodeType":1498,"data":15042,"content":15043},{},[15044],{"nodeType":1482,"value":13265,"marks":15045,"data":15047},[15046],{"type":1519},{},{"nodeType":1507,"data":15049,"content":15052},{"target":15050},{"sys":15051},{"id":13273,"type":1504,"linkType":1505},[],{"nodeType":1511,"data":15054,"content":15055},{},[],{"nodeType":2449,"data":15057,"content":15058},{},[15059],{"nodeType":1482,"value":13282,"marks":15060,"data":15062},[15061],{"type":1519},{},{"nodeType":1498,"data":15064,"content":15065},{},[15066],{"nodeType":1482,"value":13290,"marks":15067,"data":15068},[],{},{"nodeType":1498,"data":15070,"content":15071},{},[15072],{"nodeType":1482,"value":13297,"marks":15073,"data":15074},[],{},{"nodeType":1498,"data":15076,"content":15077},{},[15078],{"nodeType":1482,"value":13304,"marks":15079,"data":15080},[],{},{"nodeType":1498,"data":15082,"content":15083},{},[15084,15088],{"nodeType":1482,"value":13311,"marks":15085,"data":15087},[15086],{"type":1519},{},{"nodeType":1482,"value":13316,"marks":15089,"data":15090},[],{},{"nodeType":1511,"data":15092,"content":15093},{},[],{"nodeType":1498,"data":15095,"content":15096},{},[15097],{"nodeType":1482,"value":6488,"marks":15098,"data":15099},[],{},{"nodeType":1498,"data":15101,"content":15102},{},[15103,15106,15112],{"nodeType":1482,"value":6495,"marks":15104,"data":15105},[],{},{"nodeType":1493,"data":15107,"content":15108},{"uri":13336},[15109],{"nodeType":1482,"value":13339,"marks":15110,"data":15111},[],{},{"nodeType":1482,"value":5914,"marks":15113,"data":15114},[],{},{"items":15116},[15117,15119],{"sys":15118,"name":8291},{"id":8290},{"sys":15120,"name":5066},{"id":5065},{"items":15122},[15123],{"fullName":13358,"firstName":13359,"jobTitle":13360,"profilePicture":15124},{"url":13362},{"__typename":2080,"sys":15126,"content":15127,"title":6800,"synopsis":6801,"hashTags":62,"publishedDate":5919,"slug":6802,"tagsCollection":15861,"authorsCollection":15867},{"id":5937},{"json":15128},{"nodeType":2060,"data":15129,"content":15130},{},[15131,15146,15179,15185,15209,15242,15247,15257,15260,15267,15309,15315,15334,15339,15342,15349,15373,15379,15386,15391,15394,15401,15407,15422,15428,15461,15467,15470,15477,15492,15499,15505,15524,15543,15562,15569,15575,15578,15584,15590,15605,15608,15615,15630,15855],{"nodeType":1498,"data":15132,"content":15133},{},[15134,15137,15143],{"nodeType":1482,"value":5946,"marks":15135,"data":15136},[],{},{"nodeType":1493,"data":15138,"content":15139},{"uri":2344},[15140],{"nodeType":1482,"value":2347,"marks":15141,"data":15142},[],{},{"nodeType":1482,"value":5956,"marks":15144,"data":15145},[],{},{"nodeType":1498,"data":15147,"content":15148},{},[15149,15152,15158,15161,15167,15170,15176],{"nodeType":1482,"value":5963,"marks":15150,"data":15151},[],{},{"nodeType":1493,"data":15153,"content":15154},{"uri":5968},[15155],{"nodeType":1482,"value":5971,"marks":15156,"data":15157},[],{},{"nodeType":1482,"value":5975,"marks":15159,"data":15160},[],{},{"nodeType":1493,"data":15162,"content":15163},{"uri":5980},[15164],{"nodeType":1482,"value":5983,"marks":15165,"data":15166},[],{},{"nodeType":1482,"value":5987,"marks":15168,"data":15169},[],{},{"nodeType":1493,"data":15171,"content":15172},{"uri":5992},[15173],{"nodeType":1482,"value":5995,"marks":15174,"data":15175},[],{},{"nodeType":1482,"value":5999,"marks":15177,"data":15178},[],{},{"nodeType":1498,"data":15180,"content":15181},{},[15182],{"nodeType":1482,"value":6006,"marks":15183,"data":15184},[],{},{"nodeType":1498,"data":15186,"content":15187},{},[15188,15191,15197,15200,15206],{"nodeType":1482,"value":6013,"marks":15189,"data":15190},[],{},{"nodeType":1493,"data":15192,"content":15193},{"uri":6018},[15194],{"nodeType":1482,"value":6021,"marks":15195,"data":15196},[],{},{"nodeType":1482,"value":6025,"marks":15198,"data":15199},[],{},{"nodeType":1493,"data":15201,"content":15202},{"uri":6030},[15203],{"nodeType":1482,"value":6033,"marks":15204,"data":15205},[],{},{"nodeType":1482,"value":6037,"marks":15207,"data":15208},[],{},{"nodeType":1498,"data":15210,"content":15211},{},[15212,15215,15221,15224,15230,15233,15239],{"nodeType":1482,"value":6044,"marks":15213,"data":15214},[],{},{"nodeType":1493,"data":15216,"content":15217},{"uri":6049},[15218],{"nodeType":1482,"value":6052,"marks":15219,"data":15220},[],{},{"nodeType":1482,"value":6056,"marks":15222,"data":15223},[],{},{"nodeType":1493,"data":15225,"content":15226},{"uri":6061},[15227],{"nodeType":1482,"value":6064,"marks":15228,"data":15229},[],{},{"nodeType":1482,"value":6068,"marks":15231,"data":15232},[],{},{"nodeType":1493,"data":15234,"content":15235},{"uri":6073},[15236],{"nodeType":1482,"value":6076,"marks":15237,"data":15238},[],{},{"nodeType":1482,"value":6080,"marks":15240,"data":15241},[],{},{"nodeType":1507,"data":15243,"content":15246},{"target":15244},{"sys":15245},{"id":6087,"type":1504,"linkType":1505},[],{"nodeType":1498,"data":15248,"content":15249},{},[15250,15254],{"nodeType":1482,"value":6093,"marks":15251,"data":15253},[15252],{"type":1519},{},{"nodeType":1482,"value":6098,"marks":15255,"data":15256},[],{},{"nodeType":1511,"data":15258,"content":15259},{},[],{"nodeType":1521,"data":15261,"content":15262},{},[15263],{"nodeType":1482,"value":6108,"marks":15264,"data":15266},[15265],{"type":1519},{},{"nodeType":1498,"data":15268,"content":15269},{},[15270,15273,15279,15282,15288,15291,15297,15300,15306],{"nodeType":1482,"value":6116,"marks":15271,"data":15272},[],{},{"nodeType":1493,"data":15274,"content":15275},{"uri":6121},[15276],{"nodeType":1482,"value":6124,"marks":15277,"data":15278},[],{},{"nodeType":1482,"value":1609,"marks":15280,"data":15281},[],{},{"nodeType":1493,"data":15283,"content":15284},{"uri":6132},[15285],{"nodeType":1482,"value":6135,"marks":15286,"data":15287},[],{},{"nodeType":1482,"value":2011,"marks":15289,"data":15290},[],{},{"nodeType":1493,"data":15292,"content":15293},{"uri":6030},[15294],{"nodeType":1482,"value":6145,"marks":15295,"data":15296},[],{},{"nodeType":1482,"value":6149,"marks":15298,"data":15299},[],{},{"nodeType":1493,"data":15301,"content":15302},{"uri":6154},[15303],{"nodeType":1482,"value":6157,"marks":15304,"data":15305},[],{},{"nodeType":1482,"value":1576,"marks":15307,"data":15308},[],{},{"nodeType":1498,"data":15310,"content":15311},{},[15312],{"nodeType":1482,"value":6167,"marks":15313,"data":15314},[],{},{"nodeType":1498,"data":15316,"content":15317},{},[15318,15321,15327,15330],{"nodeType":1482,"value":6174,"marks":15319,"data":15320},[],{},{"nodeType":1493,"data":15322,"content":15323},{"uri":6154},[15324],{"nodeType":1482,"value":6181,"marks":15325,"data":15326},[],{},{"nodeType":1482,"value":6185,"marks":15328,"data":15329},[],{},{"nodeType":1482,"value":6189,"marks":15331,"data":15333},[15332],{"type":1519},{},{"nodeType":1507,"data":15335,"content":15338},{"target":15336},{"sys":15337},{"id":6197,"type":1504,"linkType":1505},[],{"nodeType":1511,"data":15340,"content":15341},{},[],{"nodeType":1521,"data":15343,"content":15344},{},[15345],{"nodeType":1482,"value":6206,"marks":15346,"data":15348},[15347],{"type":1519},{},{"nodeType":1498,"data":15350,"content":15351},{},[15352,15355,15361,15364,15370],{"nodeType":1482,"value":5624,"marks":15353,"data":15354},[],{},{"nodeType":1493,"data":15356,"content":15357},{"uri":5587},[15358],{"nodeType":1482,"value":6220,"marks":15359,"data":15360},[],{},{"nodeType":1482,"value":6224,"marks":15362,"data":15363},[],{},{"nodeType":1493,"data":15365,"content":15366},{"uri":5992},[15367],{"nodeType":1482,"value":6231,"marks":15368,"data":15369},[],{},{"nodeType":1482,"value":6235,"marks":15371,"data":15372},[],{},{"nodeType":1498,"data":15374,"content":15375},{},[15376],{"nodeType":1482,"value":6242,"marks":15377,"data":15378},[],{},{"nodeType":1498,"data":15380,"content":15381},{},[15382],{"nodeType":1482,"value":6249,"marks":15383,"data":15385},[15384],{"type":1519},{},{"nodeType":1507,"data":15387,"content":15390},{"target":15388},{"sys":15389},{"id":6257,"type":1504,"linkType":1505},[],{"nodeType":1511,"data":15392,"content":15393},{},[],{"nodeType":1521,"data":15395,"content":15396},{},[15397],{"nodeType":1482,"value":6266,"marks":15398,"data":15400},[15399],{"type":1519},{},{"nodeType":1498,"data":15402,"content":15403},{},[15404],{"nodeType":1482,"value":6274,"marks":15405,"data":15406},[],{},{"nodeType":1498,"data":15408,"content":15409},{},[15410,15413,15419],{"nodeType":1482,"value":5624,"marks":15411,"data":15412},[],{},{"nodeType":1493,"data":15414,"content":15415},{"uri":6285},[15416],{"nodeType":1482,"value":6288,"marks":15417,"data":15418},[],{},{"nodeType":1482,"value":6292,"marks":15420,"data":15421},[],{},{"nodeType":1498,"data":15423,"content":15424},{},[15425],{"nodeType":1482,"value":6299,"marks":15426,"data":15427},[],{},{"nodeType":1498,"data":15429,"content":15430},{},[15431,15434,15440,15443,15449,15452,15458],{"nodeType":1482,"value":6306,"marks":15432,"data":15433},[],{},{"nodeType":1493,"data":15435,"content":15436},{"uri":6311},[15437],{"nodeType":1482,"value":6314,"marks":15438,"data":15439},[],{},{"nodeType":1482,"value":6318,"marks":15441,"data":15442},[],{},{"nodeType":1493,"data":15444,"content":15445},{"uri":6323},[15446],{"nodeType":1482,"value":6326,"marks":15447,"data":15448},[],{},{"nodeType":1482,"value":6330,"marks":15450,"data":15451},[],{},{"nodeType":1493,"data":15453,"content":15454},{"uri":6335},[15455],{"nodeType":1482,"value":6338,"marks":15456,"data":15457},[],{},{"nodeType":1482,"value":6342,"marks":15459,"data":15460},[],{},{"nodeType":1498,"data":15462,"content":15463},{},[15464],{"nodeType":1482,"value":6349,"marks":15465,"data":15466},[],{},{"nodeType":1511,"data":15468,"content":15469},{},[],{"nodeType":1521,"data":15471,"content":15472},{},[15473],{"nodeType":1482,"value":6359,"marks":15474,"data":15476},[15475],{"type":1519},{},{"nodeType":1498,"data":15478,"content":15479},{},[15480,15483,15489],{"nodeType":1482,"value":6367,"marks":15481,"data":15482},[],{},{"nodeType":1493,"data":15484,"content":15485},{"uri":1555},[15486],{"nodeType":1482,"value":6374,"marks":15487,"data":15488},[],{},{"nodeType":1482,"value":6378,"marks":15490,"data":15491},[],{},{"nodeType":2449,"data":15493,"content":15494},{},[15495],{"nodeType":1482,"value":6385,"marks":15496,"data":15498},[15497],{"type":1519},{},{"nodeType":1498,"data":15500,"content":15501},{},[15502],{"nodeType":1482,"value":6393,"marks":15503,"data":15504},[],{},{"nodeType":1498,"data":15506,"content":15507},{},[15508,15512,15515,15521],{"nodeType":1482,"value":6400,"marks":15509,"data":15511},[15510],{"type":1519},{},{"nodeType":1482,"value":6405,"marks":15513,"data":15514},[],{},{"nodeType":1493,"data":15516,"content":15517},{"uri":6154},[15518],{"nodeType":1482,"value":6412,"marks":15519,"data":15520},[],{},{"nodeType":1482,"value":6416,"marks":15522,"data":15523},[],{},{"nodeType":1498,"data":15525,"content":15526},{},[15527,15531,15534,15540],{"nodeType":1482,"value":6423,"marks":15528,"data":15530},[15529],{"type":1519},{},{"nodeType":1482,"value":6428,"marks":15532,"data":15533},[],{},{"nodeType":1493,"data":15535,"content":15536},{"uri":1555},[15537],{"nodeType":1482,"value":6435,"marks":15538,"data":15539},[],{},{"nodeType":1482,"value":6439,"marks":15541,"data":15542},[],{},{"nodeType":1498,"data":15544,"content":15545},{},[15546,15550,15553,15559],{"nodeType":1482,"value":6446,"marks":15547,"data":15549},[15548],{"type":1519},{},{"nodeType":1482,"value":6451,"marks":15551,"data":15552},[],{},{"nodeType":1493,"data":15554,"content":15555},{"uri":6456},[15556],{"nodeType":1482,"value":6459,"marks":15557,"data":15558},[],{},{"nodeType":1482,"value":6463,"marks":15560,"data":15561},[],{},{"nodeType":2449,"data":15563,"content":15564},{},[15565],{"nodeType":1482,"value":6470,"marks":15566,"data":15568},[15567],{"type":1519},{},{"nodeType":1498,"data":15570,"content":15571},{},[15572],{"nodeType":1482,"value":6478,"marks":15573,"data":15574},[],{},{"nodeType":1511,"data":15576,"content":15577},{},[],{"nodeType":1498,"data":15579,"content":15580},{},[15581],{"nodeType":1482,"value":6488,"marks":15582,"data":15583},[],{},{"nodeType":1498,"data":15585,"content":15586},{},[15587],{"nodeType":1482,"value":6495,"marks":15588,"data":15589},[],{},{"nodeType":1498,"data":15591,"content":15592},{},[15593,15596,15602],{"nodeType":1482,"value":29,"marks":15594,"data":15595},[],{},{"nodeType":1493,"data":15597,"content":15598},{"uri":6506},[15599],{"nodeType":1482,"value":6509,"marks":15600,"data":15601},[],{},{"nodeType":1482,"value":29,"marks":15603,"data":15604},[],{},{"nodeType":1511,"data":15606,"content":15607},{},[],{"nodeType":1521,"data":15609,"content":15610},{},[15611],{"nodeType":1482,"value":6522,"marks":15612,"data":15614},[15613],{"type":1519},{},{"nodeType":1498,"data":15616,"content":15617},{},[15618,15621,15627],{"nodeType":1482,"value":6530,"marks":15619,"data":15620},[],{},{"nodeType":1493,"data":15622,"content":15623},{"uri":2344},[15624],{"nodeType":1482,"value":6537,"marks":15625,"data":15626},[],{},{"nodeType":1482,"value":6541,"marks":15628,"data":15629},[],{},{"nodeType":2601,"data":15631,"content":15632},{},[15633,15676,15726,15769,15812],{"nodeType":2605,"data":15634,"content":15635},{},[15636,15646,15656,15666],{"nodeType":2609,"data":15637,"content":15638},{},[15639],{"nodeType":1498,"data":15640,"content":15641},{},[15642],{"nodeType":1482,"value":6557,"marks":15643,"data":15645},[15644],{"type":1519},{},{"nodeType":2609,"data":15647,"content":15648},{},[15649],{"nodeType":1498,"data":15650,"content":15651},{},[15652],{"nodeType":1482,"value":6568,"marks":15653,"data":15655},[15654],{"type":1519},{},{"nodeType":2609,"data":15657,"content":15658},{},[15659],{"nodeType":1498,"data":15660,"content":15661},{},[15662],{"nodeType":1482,"value":6579,"marks":15663,"data":15665},[15664],{"type":1519},{},{"nodeType":2609,"data":15667,"content":15668},{},[15669],{"nodeType":1498,"data":15670,"content":15671},{},[15672],{"nodeType":1482,"value":6590,"marks":15673,"data":15675},[15674],{"type":1519},{},{"nodeType":2605,"data":15677,"content":15678},{},[15679,15699,15708,15717],{"nodeType":2609,"data":15680,"content":15681},{},[15682],{"nodeType":1498,"data":15683,"content":15684},{},[15685,15689,15692,15696],{"nodeType":1482,"value":6604,"marks":15686,"data":15688},[15687],{"type":1519},{},{"nodeType":1482,"value":6609,"marks":15690,"data":15691},[],{},{"nodeType":1482,"value":6613,"marks":15693,"data":15695},[15694],{"type":1519},{},{"nodeType":1482,"value":6618,"marks":15697,"data":15698},[],{},{"nodeType":2609,"data":15700,"content":15701},{},[15702],{"nodeType":1498,"data":15703,"content":15704},{},[15705],{"nodeType":1482,"value":6628,"marks":15706,"data":15707},[],{},{"nodeType":2609,"data":15709,"content":15710},{},[15711],{"nodeType":1498,"data":15712,"content":15713},{},[15714],{"nodeType":1482,"value":6638,"marks":15715,"data":15716},[],{},{"nodeType":2609,"data":15718,"content":15719},{},[15720],{"nodeType":1498,"data":15721,"content":15722},{},[15723],{"nodeType":1482,"value":6648,"marks":15724,"data":15725},[],{},{"nodeType":2605,"data":15727,"content":15728},{},[15729,15742,15751,15760],{"nodeType":2609,"data":15730,"content":15731},{},[15732],{"nodeType":1498,"data":15733,"content":15734},{},[15735,15739],{"nodeType":1482,"value":6661,"marks":15736,"data":15738},[15737],{"type":1519},{},{"nodeType":1482,"value":6666,"marks":15740,"data":15741},[],{},{"nodeType":2609,"data":15743,"content":15744},{},[15745],{"nodeType":1498,"data":15746,"content":15747},{},[15748],{"nodeType":1482,"value":6676,"marks":15749,"data":15750},[],{},{"nodeType":2609,"data":15752,"content":15753},{},[15754],{"nodeType":1498,"data":15755,"content":15756},{},[15757],{"nodeType":1482,"value":6686,"marks":15758,"data":15759},[],{},{"nodeType":2609,"data":15761,"content":15762},{},[15763],{"nodeType":1498,"data":15764,"content":15765},{},[15766],{"nodeType":1482,"value":6696,"marks":15767,"data":15768},[],{},{"nodeType":2605,"data":15770,"content":15771},{},[15772,15785,15794,15803],{"nodeType":2609,"data":15773,"content":15774},{},[15775],{"nodeType":1498,"data":15776,"content":15777},{},[15778,15782],{"nodeType":1482,"value":6709,"marks":15779,"data":15781},[15780],{"type":1519},{},{"nodeType":1482,"value":6714,"marks":15783,"data":15784},[],{},{"nodeType":2609,"data":15786,"content":15787},{},[15788],{"nodeType":1498,"data":15789,"content":15790},{},[15791],{"nodeType":1482,"value":6724,"marks":15792,"data":15793},[],{},{"nodeType":2609,"data":15795,"content":15796},{},[15797],{"nodeType":1498,"data":15798,"content":15799},{},[15800],{"nodeType":1482,"value":6734,"marks":15801,"data":15802},[],{},{"nodeType":2609,"data":15804,"content":15805},{},[15806],{"nodeType":1498,"data":15807,"content":15808},{},[15809],{"nodeType":1482,"value":6744,"marks":15810,"data":15811},[],{},{"nodeType":2605,"data":15813,"content":15814},{},[15815,15828,15837,15846],{"nodeType":2609,"data":15816,"content":15817},{},[15818],{"nodeType":1498,"data":15819,"content":15820},{},[15821,15825],{"nodeType":1482,"value":6757,"marks":15822,"data":15824},[15823],{"type":1519},{},{"nodeType":1482,"value":6762,"marks":15826,"data":15827},[],{},{"nodeType":2609,"data":15829,"content":15830},{},[15831],{"nodeType":1498,"data":15832,"content":15833},{},[15834],{"nodeType":1482,"value":6628,"marks":15835,"data":15836},[],{},{"nodeType":2609,"data":15838,"content":15839},{},[15840],{"nodeType":1498,"data":15841,"content":15842},{},[15843],{"nodeType":1482,"value":6781,"marks":15844,"data":15845},[],{},{"nodeType":2609,"data":15847,"content":15848},{},[15849],{"nodeType":1498,"data":15850,"content":15851},{},[15852],{"nodeType":1482,"value":6791,"marks":15853,"data":15854},[],{},{"nodeType":1498,"data":15856,"content":15857},{},[15858],{"nodeType":1482,"value":29,"marks":15859,"data":15860},[],{},{"items":15862},[15863,15865],{"sys":15864,"name":5062},{"id":5061},{"sys":15866,"name":5066},{"id":5065},{"items":15868},[15869],{"fullName":5930,"firstName":5931,"jobTitle":5932,"profilePicture":15870},{"url":5934},"blog/7-things-omdias-latest-report-tells-us-about-the-secure-enterprise-browser-market",{"json":15873},{"data":15874,"content":15875,"nodeType":2060},{},[15876],{"data":15877,"content":15878,"nodeType":1498},{},[15879],{"data":15880,"marks":15881,"value":15882,"nodeType":1482},{},[],"New research from Omdia has put hard numbers behind something security teams have been feeling for the past two years: the browser has become the primary attack surface in the enterprise, organizations are investing accordingly, and the results are already measurable.",{"id":11574,"publishedAt":15884},"2026-05-15T07:39:28.039Z",{"items":15886},[15887,15889],{"sys":15888,"name":6837},{"id":6836},{"sys":15890,"name":8291},{"id":8290},"lq7TL6UxJgsYA7rjlQEyTiy3Wn_LLu2qahys5_SvaW0",[15893,15908,15922,15936,15943,15950,15965,15979,15993,16006,16013,16020,16034,16048,16062,16076,16090,16104,16118,16132,16146,16160,16174],{"createdDate":15894,"id":15895,"name":15896,"modelId":1327,"published":13,"stageModifiedSincePublish":6,"query":15897,"data":15898,"variations":15901,"lastUpdated":15902,"firstPublished":15903,"testRatio":23,"createdBy":1369,"lastUpdatedBy":1369,"folders":15904,"meta":15905,"rev":15907},1777998179417,"d44edd850f814b77bf0bd5e7861f90f2","Guidepoint",[],{"name":15896,"image":15899,"link":15900},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F151abbebdeaf448993a1e1630e3e7170","https://www.guidepointsecurity.com/",{},1777998235301,1777998235294,[],{"breakpoints":15906,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},"eq7r9drti3t",{"createdDate":15909,"id":15910,"name":15911,"modelId":1327,"published":13,"stageModifiedSincePublish":6,"query":15912,"data":15913,"variations":15916,"lastUpdated":15917,"firstPublished":15918,"testRatio":23,"createdBy":1369,"lastUpdatedBy":1369,"folders":15919,"meta":15920,"rev":15907},1777997888507,"9ef3dd14c97749a287f92fa4f81bddc1","Torq",[],{"name":15911,"image":15914,"link":15915},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fbde15398396143b0bde7458c925dbfe5","https://torq.io/",{},1778077454911,1777997934696,[],{"kind":28,"lastPreviewUrl":29,"breakpoints":15921,"hasAutosaves":34},{"xsmall":31,"small":32,"medium":33},{"createdDate":15923,"id":15924,"name":15925,"modelId":1327,"published":13,"meta":15926,"stageModifiedSincePublish":6,"query":15928,"data":15929,"variations":15932,"lastUpdated":15933,"firstPublished":15934,"testRatio":23,"createdBy":1369,"lastUpdatedBy":1369,"folders":15935,"rev":15907},1777997833331,"47ed4755cc664ec78dc3d319d7f6ee0c","Horizon3.ai",{"breakpoints":15927,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},[],{"name":15925,"image":15930,"link":15931},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F3dfd4e80ddc342c8ac1911c56ab08444","https://horizon3.ai/",{},1777997881552,1777997881548,[],{"createdDate":1343,"id":1341,"name":1344,"modelId":1327,"published":13,"stageModifiedSincePublish":6,"query":15937,"data":15938,"variations":15939,"lastUpdated":1350,"firstPublished":1351,"testRatio":23,"createdBy":93,"lastUpdatedBy":93,"folders":15940,"meta":15941,"rev":15907},[],{"name":1344,"link":1347,"image":1348},{},[],{"lastPreviewUrl":29,"breakpoints":15942,"kind":28,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},{"createdDate":1360,"id":1358,"name":1361,"modelId":1327,"published":13,"stageModifiedSincePublish":6,"query":15944,"data":15945,"variations":15946,"lastUpdated":1367,"firstPublished":1368,"testRatio":23,"createdBy":93,"lastUpdatedBy":1369,"folders":15947,"meta":15948,"rev":15907},[],{"link":1364,"name":1361,"image":1365,"showInGlobalList":6},{},[],{"lastPreviewUrl":29,"kind":28,"breakpoints":15949,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},{"createdDate":15951,"id":15952,"name":15953,"modelId":1327,"published":13,"meta":15954,"query":15956,"data":15957,"variations":15960,"lastUpdated":15961,"firstPublished":15962,"testRatio":23,"createdBy":15963,"lastUpdatedBy":15963,"folders":15964,"rev":15907},1756230565361,"a843202c1c304e7ba860f7a82e84050d","Softcat",{"lastPreviewUrl":29,"breakpoints":15955,"kind":28},{"xsmall":31,"small":32,"medium":33},[],{"link":15958,"name":15953,"image":15959},"https://www.softcat.com/","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6fb577a17bd14cbeb19166583dd1162a",{},1756407116714,1756230629965,"FdqW0cntfvUDN2PtmLkvxDNY6rj1",[],{"createdDate":15966,"id":15967,"name":15968,"modelId":1327,"published":13,"meta":15969,"query":15971,"data":15972,"variations":15975,"lastUpdated":15976,"firstPublished":15977,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":15978,"rev":15907},1752222480647,"2e25daca5f4847ac981bd289a313a8de","Vega",{"breakpoints":15970,"kind":28,"lastPreviewUrl":29},{"xsmall":31,"small":32,"medium":33},[],{"image":15973,"link":15974,"name":15968},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F21f36d006e5a4d988510ede1b8a896e7","https://blog.vega.io/",{},1752500897053,1752500897043,[],{"createdDate":15980,"id":15981,"name":15982,"modelId":1327,"published":13,"meta":15983,"query":15985,"data":15986,"variations":15989,"lastUpdated":15990,"firstPublished":15991,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":15992,"rev":15907},1752068182722,"c2d15af470274d51bfe9edf06fd3a839","mazehq",{"breakpoints":15984,"kind":28,"lastPreviewUrl":29},{"xsmall":31,"small":32,"medium":33},[],{"image":15987,"link":15988,"name":15982},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe9003fe210264a968250bf60f0aa3435","https://mazehq.com/",{},1752068907758,1752068907744,[],{"createdDate":15994,"id":15995,"name":15996,"modelId":1327,"published":13,"query":15997,"data":15998,"variations":16000,"lastUpdated":16001,"firstPublished":16002,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":16003,"meta":16004,"rev":15907},1752048964782,"9de50cbd2c4842aa8c719e0ebc688949","Specterops",[],{"link":1364,"name":15996,"image":15999},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Faa00dec1110844109cfbf5fbce3e3a58",{},1752049162616,1752049162602,[],{"breakpoints":16005,"kind":28,"lastPreviewUrl":29,"hasAutosaves":34},{"xsmall":31,"small":32,"medium":33},{"createdDate":1325,"id":1322,"name":1326,"modelId":1327,"published":13,"query":16007,"data":16008,"variations":16009,"lastUpdated":1333,"firstPublished":1334,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":16010,"meta":16011,"rev":15907},[],{"image":1330,"name":1326,"link":1331},{},[],{"breakpoints":16012,"lastPreviewUrl":29,"kind":28,"hasAutosaves":34},{"xsmall":31,"small":32,"medium":33},{"createdDate":1378,"id":1376,"name":1379,"modelId":1327,"published":13,"stageModifiedSincePublish":6,"query":16014,"data":16015,"variations":16016,"lastUpdated":1385,"firstPublished":1386,"testRatio":23,"createdBy":24,"lastUpdatedBy":1369,"folders":16017,"meta":16018,"rev":15907},[],{"link":1382,"name":1379,"image":1383},{},[],{"lastPreviewUrl":29,"kind":28,"breakpoints":16019,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},{"createdDate":16021,"id":16022,"name":16023,"modelId":1327,"published":13,"meta":16024,"query":16026,"data":16027,"variations":16030,"lastUpdated":16031,"firstPublished":16032,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":16033,"rev":15907},1750857712433,"43c9386ac7fc424c8fa8863635f9b9ed","Seemplicity",{"lastPreviewUrl":29,"breakpoints":16025,"kind":28},{"xsmall":31,"small":32,"medium":33},[],{"image":16028,"link":16029,"name":16023},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F5515c17986334630ac1eadd21b9e102e","https://seemplicity.io/",{},1750933248256,1750857782372,[],{"createdDate":16035,"id":16036,"name":16037,"modelId":1327,"published":13,"meta":16038,"query":16040,"data":16041,"variations":16044,"lastUpdated":16045,"firstPublished":16046,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":16047,"rev":15907},1750857643997,"ce7daaf6e56846e793cdcfe8d4049672","Run Zero",{"breakpoints":16039,"lastPreviewUrl":29,"kind":28},{"xsmall":31,"small":32,"medium":33},[],{"link":16042,"image":16043,"name":16037},"https://www.runzero.com/","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F3e477edb4bcf4a9a9d701a6562994480",{},1750933258353,1750857704996,[],{"createdDate":16049,"id":16050,"name":16051,"modelId":1327,"published":13,"meta":16052,"query":16054,"data":16055,"variations":16058,"lastUpdated":16059,"firstPublished":16060,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":16061,"rev":15907},1750856967417,"698c03d8e1a24305afa23537b5a26412","Kodem",{"breakpoints":16053,"kind":28,"lastPreviewUrl":29},{"xsmall":31,"small":32,"medium":33},[],{"image":16056,"link":16057,"name":16051},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fda3bd934c2754fd39469611672c83b0b","https://www.kodemsecurity.com/",{},1750933262397,1750857210494,[],{"lastUpdatedBy":92,"folders":16063,"data":16064,"modelId":1327,"query":16068,"published":13,"firstPublished":16069,"testRatio":23,"lastUpdated":16070,"createdDate":16071,"createdBy":92,"meta":16072,"variations":16073,"name":16074,"id":16075,"rev":15907},[],{"image":16065,"name":16066,"link":16067},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6e3d8212521f4c2b890634c886b7eaa8","Sophos","https://sophos.com/",[],1728054150614,1728054150622,1728054083810,{"kind":28,"lastPreviewUrl":29},{},"sophos","548de6421552411085112240e67a230f",{"createdDate":16077,"id":16078,"name":16079,"modelId":1327,"published":13,"meta":16080,"query":16082,"data":16083,"variations":16086,"lastUpdated":16087,"firstPublished":16088,"testRatio":23,"createdBy":92,"lastUpdatedBy":92,"folders":16089,"rev":15907},1728054020158,"8b22dd146ec549b1a7283610478a3946","Gitlab",{"lastPreviewUrl":29,"kind":28,"breakpoints":16081},{"xsmall":31,"small":32,"medium":33},[],{"image":16084,"link":16085,"name":16079,"showInGlobalList":34},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fbecdf8927c6a406ca0d7614e005dce03","https://gitlab.com/",{},1750854836105,1728054205998,[],{"createdDate":16091,"id":16092,"name":16093,"modelId":1327,"published":13,"meta":16094,"query":16096,"data":16097,"variations":16100,"lastUpdated":16101,"firstPublished":16102,"testRatio":23,"createdBy":92,"lastUpdatedBy":92,"folders":16103,"rev":15907},1728054279189,"861f0e5dc1d744b592db4e3eb4c6c92b","Cribl",{"lastPreviewUrl":29,"kind":28,"breakpoints":16095},{"xsmall":31,"small":32,"medium":33},[],{"name":16093,"image":16098,"link":16099,"showInGlobalList":34},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F1e9e8d388bc14597968d404fa0dd7f99","https://cribl.io/",{},1750854842979,1728054315303,[],{"createdDate":16105,"id":16106,"name":16107,"modelId":1327,"published":13,"meta":16108,"query":16110,"data":16111,"variations":16114,"lastUpdated":16115,"firstPublished":16116,"testRatio":23,"createdBy":25,"lastUpdatedBy":92,"folders":16117,"rev":15907},1731417861051,"b5cb3b0fc4d94c4781dd9a7990326d47","greynoise",{"kind":28,"breakpoints":16109,"lastPreviewUrl":29},{"xsmall":31,"small":32,"medium":33},[],{"image":16112,"name":16107,"link":16113,"showInGlobalList":34},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb99292e4117247a18ccaa247d0e834f3","https://www.greynoise.io/",{},1750854853280,1731417987334,[],{"createdDate":16119,"id":16120,"name":16121,"modelId":1327,"published":13,"query":16122,"data":16123,"variations":16126,"lastUpdated":16127,"firstPublished":16128,"testRatio":23,"createdBy":93,"lastUpdatedBy":25,"folders":16129,"meta":16130,"rev":15907},1762360849887,"d6ad52fc61ec4cd69a99ce0654e761d9","Ramp",[],{"image":16124,"name":16121,"link":16125,"showInGlobalList":34},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F321fc32cbac54856af4aeb4e4ec5ebe0","https://ramp.com/",{},1762957426946,1762360924931,[],{"lastPreviewUrl":29,"kind":28,"breakpoints":16131,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},{"createdDate":16133,"id":16134,"name":16135,"modelId":1327,"published":13,"query":16136,"data":16137,"variations":16140,"lastUpdated":16141,"firstPublished":16142,"testRatio":23,"createdBy":25,"lastUpdatedBy":25,"folders":16143,"meta":16144,"rev":15907},1731418000864,"51c6261d939a4549b4ad871c886a4f43","Riskledger",[],{"link":16138,"showInGlobalList":6,"image":16139,"name":16135},"https://riskledger.com/","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F0aa25eddafa0421ea6b7834d3eeecb58",{},1763020144174,1731418028971,[],{"kind":28,"lastPreviewUrl":29,"breakpoints":16145,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},{"createdDate":16147,"id":16148,"name":16149,"modelId":1327,"published":13,"meta":16150,"query":16152,"data":16153,"variations":16156,"lastUpdated":16157,"firstPublished":16158,"testRatio":23,"createdBy":92,"lastUpdatedBy":92,"folders":16159,"rev":15907},1728563630527,"388c99a4e6c542979bb75e0446cd1b6e","upvest",{"breakpoints":16151,"lastPreviewUrl":29,"kind":28},{"xsmall":31,"small":32,"medium":33},[],{"image":16154,"link":16155,"name":16149,"showInGlobalList":34},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7019b2161662442e80e83c8a32cf5ca7","https://upvest.co/",{},1750854868363,1728563705239,[],{"createdDate":16161,"id":16162,"name":16163,"modelId":1327,"published":13,"meta":16164,"query":16166,"data":16167,"variations":16170,"lastUpdated":16171,"firstPublished":16172,"testRatio":23,"createdBy":92,"lastUpdatedBy":92,"folders":16173,"rev":15907},1728054217478,"9a1849dd3ae649d8ab912ee95e94ad62","Thinkst",{"kind":28,"lastPreviewUrl":29,"breakpoints":16165},{"xsmall":31,"small":32,"medium":33},[],{"image":16168,"name":16163,"link":16169,"showInGlobalList":34},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F1ee4bf9428a04d23807c37149c65c242","https://thinkst.com/",{},1750854874682,1728054257265,[],{"createdDate":16175,"id":16176,"name":16177,"modelId":1327,"published":13,"meta":16178,"query":16180,"data":16181,"variations":16184,"lastUpdated":16185,"firstPublished":16186,"testRatio":23,"createdBy":25,"lastUpdatedBy":92,"folders":16187,"rev":15907},1731659785528,"1aa9970baca241609af62334a9191957","Portswigger",{"kind":28,"lastPreviewUrl":29,"breakpoints":16179},{"xsmall":31,"small":32,"medium":33},[],{"image":16182,"name":16177,"link":16183,"showInGlobalList":34},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fd063a13264454d3ebcc9b8d91220cf5f","https://portswigger.net/",{},1750854882899,1731659822109,[],{"id":1429,"name":16189,"createdAt":16190,"updatedAt":16191,"archived":6,"fieldGroups":16192,"configuration":16981,"displayOptions":16989,"legalConsentOptions":17004,"formType":17005},"[Events] Flight Deck Happy Hour","2026-04-30T15:10:09.597Z","2026-05-05T18:23:59.594Z",[16193,16204,16209,16219,16975],{"groupType":16194,"richTextType":1482,"fields":16195},"default_group",[16196,16201],{"objectTypeId":16197,"name":16198,"required":34,"hidden":6,"placeholder":16199,"fieldType":16200},"0-1","firstname","First name","single_line_text",{"objectTypeId":16197,"name":16202,"required":34,"hidden":6,"placeholder":16203,"fieldType":16200},"lastname","Last name",{"groupType":16194,"richTextType":1482,"fields":16205},[16206],{"objectTypeId":16197,"name":16207,"required":34,"hidden":6,"placeholder":16208,"fieldType":16200},"company","Company name",{"groupType":16194,"richTextType":1482,"fields":16210},[16211,16216],{"objectTypeId":16197,"name":16212,"required":34,"hidden":6,"placeholder":16213,"validation":16214,"fieldType":16212},"email","Work email",{"blockedEmailDomains":16215,"useDefaultBlockList":34},[29],{"objectTypeId":16197,"name":16217,"required":34,"hidden":6,"placeholder":16218,"fieldType":16200},"jobtitle","Job title",{"groupType":16194,"richTextType":1482,"fields":16220},[16221],{"objectTypeId":16197,"name":16222,"label":16223,"required":34,"hidden":6,"options":16224,"placeholder":16973,"fieldType":16974},"country","Contact Country",[16225,16228,16230,16232,16235,16238,16241,16244,16247,16250,16253,16256,16259,16262,16265,16268,16271,16274,16277,16280,16283,16286,16289,16292,16295,16298,16301,16304,16307,16310,16313,16316,16319,16322,16325,16328,16331,16334,16337,16340,16343,16346,16349,16352,16355,16358,16361,16364,16367,16370,16373,16376,16379,16382,16385,16388,16391,16394,16397,16400,16403,16406,16409,16412,16415,16418,16421,16424,16427,16430,16433,16436,16439,16442,16445,16448,16451,16454,16457,16460,16463,16466,16469,16472,16475,16478,16481,16484,16487,16490,16493,16496,16499,16502,16505,16508,16511,16514,16517,16520,16523,16525,16528,16531,16534,16537,16540,16543,16546,16549,16552,16555,16558,16561,16564,16567,16570,16573,16576,16579,16582,16584,16587,16590,16593,16596,16599,16602,16605,16608,16611,16614,16617,16620,16623,16626,16629,16632,16635,16638,16641,16643,16646,16649,16652,16655,16658,16661,16664,16667,16670,16673,16676,16679,16682,16685,16688,16691,16694,16697,16700,16703,16706,16709,16712,16715,16718,16721,16724,16727,16730,16733,16736,16739,16742,16745,16748,16751,16754,16757,16760,16763,16766,16769,16772,16775,16778,16781,16784,16787,16790,16793,16796,16799,16802,16805,16808,16811,16814,16817,16820,16823,16826,16829,16832,16835,16838,16841,16844,16847,16850,16853,16856,16859,16862,16865,16868,16871,16874,16877,16880,16883,16886,16889,16892,16895,16898,16901,16904,16907,16910,16913,16916,16919,16922,16925,16928,16931,16934,16937,16940,16943,16946,16949,16952,16955,16958,16961,16964,16967,16970],{"label":16226,"value":16226,"description":29,"displayOrder":16227},"United States",0,{"label":16229,"value":16229,"description":29,"displayOrder":23},"Canada",{"label":16231,"value":16231,"description":29,"displayOrder":48},"United Kingdom",{"label":16233,"value":16233,"description":29,"displayOrder":16234},"Australia",3,{"label":16236,"value":16236,"description":29,"displayOrder":16237},"South Africa",4,{"label":16239,"value":16239,"description":29,"displayOrder":16240},"Afghanistan",5,{"label":16242,"value":16242,"description":29,"displayOrder":16243},"Aland Islands",6,{"label":16245,"value":16245,"description":29,"displayOrder":16246},"Albania",7,{"label":16248,"value":16248,"description":29,"displayOrder":16249},"Algeria",8,{"label":16251,"value":16251,"description":29,"displayOrder":16252},"American Samoa",9,{"label":16254,"value":16254,"description":29,"displayOrder":16255},"Andorra",10,{"label":16257,"value":16257,"description":29,"displayOrder":16258},"Angola",11,{"label":16260,"value":16260,"description":29,"displayOrder":16261},"Anguilla",12,{"label":16263,"value":16263,"description":29,"displayOrder":16264},"Antarctica",13,{"label":16266,"value":16266,"description":29,"displayOrder":16267},"Antigua and Barbuda",14,{"label":16269,"value":16269,"description":29,"displayOrder":16270},"Argentina",15,{"label":16272,"value":16272,"description":29,"displayOrder":16273},"Armenia",16,{"label":16275,"value":16275,"description":29,"displayOrder":16276},"Aruba",17,{"label":16278,"value":16278,"description":29,"displayOrder":16279},"Austria",18,{"label":16281,"value":16281,"description":29,"displayOrder":16282},"Azerbaijan",19,{"label":16284,"value":16284,"description":29,"displayOrder":16285},"Bahamas",20,{"label":16287,"value":16287,"description":29,"displayOrder":16288},"Bahrain",21,{"label":16290,"value":16290,"description":29,"displayOrder":16291},"Bangladesh",22,{"label":16293,"value":16293,"description":29,"displayOrder":16294},"Barbados",23,{"label":16296,"value":16296,"description":29,"displayOrder":16297},"Belarus",24,{"label":16299,"value":16299,"description":29,"displayOrder":16300},"Belgium",25,{"label":16302,"value":16302,"description":29,"displayOrder":16303},"Belize",26,{"label":16305,"value":16305,"description":29,"displayOrder":16306},"Benin",27,{"label":16308,"value":16308,"description":29,"displayOrder":16309},"Bermuda",28,{"label":16311,"value":16311,"description":29,"displayOrder":16312},"Bhutan",29,{"label":16314,"value":16314,"description":29,"displayOrder":16315},"Bolivia",30,{"label":16317,"value":16317,"description":29,"displayOrder":16318},"Bosnia and Herzegovina",31,{"label":16320,"value":16320,"description":29,"displayOrder":16321},"Botswana",32,{"label":16323,"value":16323,"description":29,"displayOrder":16324},"Bouvet Island",33,{"label":16326,"value":16326,"description":29,"displayOrder":16327},"Brazil",34,{"label":16329,"value":16329,"description":29,"displayOrder":16330},"British Indian Ocean Territory",35,{"label":16332,"value":16332,"description":29,"displayOrder":16333},"British Virgin Islands",36,{"label":16335,"value":16335,"description":29,"displayOrder":16336},"Brunei",37,{"label":16338,"value":16338,"description":29,"displayOrder":16339},"Bulgaria",38,{"label":16341,"value":16341,"description":29,"displayOrder":16342},"Burkina Faso",39,{"label":16344,"value":16344,"description":29,"displayOrder":16345},"Burundi",40,{"label":16347,"value":16347,"description":29,"displayOrder":16348},"Cambodia",41,{"label":16350,"value":16350,"description":29,"displayOrder":16351},"Cameroon",42,{"label":16353,"value":16353,"description":29,"displayOrder":16354},"Cape Verde",43,{"label":16356,"value":16356,"description":29,"displayOrder":16357},"Caribbean Netherlands",44,{"label":16359,"value":16359,"description":29,"displayOrder":16360},"Cayman Islands",45,{"label":16362,"value":16362,"description":29,"displayOrder":16363},"Central African Republic",46,{"label":16365,"value":16365,"description":29,"displayOrder":16366},"Chad",47,{"label":16368,"value":16368,"description":29,"displayOrder":16369},"Chile",48,{"label":16371,"value":16371,"description":29,"displayOrder":16372},"China",49,{"label":16374,"value":16374,"description":29,"displayOrder":16375},"Christmas Island",50,{"label":16377,"value":16377,"description":29,"displayOrder":16378},"Cocos (Keeling) Islands",51,{"label":16380,"value":16380,"description":29,"displayOrder":16381},"Colombia",52,{"label":16383,"value":16383,"description":29,"displayOrder":16384},"Comoros",53,{"label":16386,"value":16386,"description":29,"displayOrder":16387},"Congo",54,{"label":16389,"value":16389,"description":29,"displayOrder":16390},"Cook Islands",55,{"label":16392,"value":16392,"description":29,"displayOrder":16393},"Costa Rica",56,{"label":16395,"value":16395,"description":29,"displayOrder":16396},"Cote d'Ivoire",57,{"label":16398,"value":16398,"description":29,"displayOrder":16399},"Croatia",58,{"label":16401,"value":16401,"description":29,"displayOrder":16402},"Cuba",59,{"label":16404,"value":16404,"description":29,"displayOrder":16405},"Curacao",60,{"label":16407,"value":16407,"description":29,"displayOrder":16408},"Cyprus",61,{"label":16410,"value":16410,"description":29,"displayOrder":16411},"Czechia",62,{"label":16413,"value":16413,"description":29,"displayOrder":16414},"Democratic Republic of the Congo",63,{"label":16416,"value":16416,"description":29,"displayOrder":16417},"Denmark",64,{"label":16419,"value":16419,"description":29,"displayOrder":16420},"Djibouti",65,{"label":16422,"value":16422,"description":29,"displayOrder":16423},"Dominica",66,{"label":16425,"value":16425,"description":29,"displayOrder":16426},"Dominican Republic",67,{"label":16428,"value":16428,"description":29,"displayOrder":16429},"East Timor",68,{"label":16431,"value":16431,"description":29,"displayOrder":16432},"Ecuador",69,{"label":16434,"value":16434,"description":29,"displayOrder":16435},"Egypt",70,{"label":16437,"value":16437,"description":29,"displayOrder":16438},"El Salvador",71,{"label":16440,"value":16440,"description":29,"displayOrder":16441},"Equatorial Guinea",72,{"label":16443,"value":16443,"description":29,"displayOrder":16444},"Eritrea",73,{"label":16446,"value":16446,"description":29,"displayOrder":16447},"Estonia",74,{"label":16449,"value":16449,"description":29,"displayOrder":16450},"Ethiopia",75,{"label":16452,"value":16452,"description":29,"displayOrder":16453},"Falkland Islands",76,{"label":16455,"value":16455,"description":29,"displayOrder":16456},"Faroe Islands",77,{"label":16458,"value":16458,"description":29,"displayOrder":16459},"Fiji",78,{"label":16461,"value":16461,"description":29,"displayOrder":16462},"Finland",79,{"label":16464,"value":16464,"description":29,"displayOrder":16465},"France",80,{"label":16467,"value":16467,"description":29,"displayOrder":16468},"French Guiana",81,{"label":16470,"value":16470,"description":29,"displayOrder":16471},"French Polynesia",82,{"label":16473,"value":16473,"description":29,"displayOrder":16474},"French Southern and Antarctic Lands",83,{"label":16476,"value":16476,"description":29,"displayOrder":16477},"Gabon",84,{"label":16479,"value":16479,"description":29,"displayOrder":16480},"Gambia",85,{"label":16482,"value":16482,"description":29,"displayOrder":16483},"Georgia",86,{"label":16485,"value":16485,"description":29,"displayOrder":16486},"Germany",87,{"label":16488,"value":16488,"description":29,"displayOrder":16489},"Ghana",88,{"label":16491,"value":16491,"description":29,"displayOrder":16492},"Gibraltar",89,{"label":16494,"value":16494,"description":29,"displayOrder":16495},"Greece",90,{"label":16497,"value":16497,"description":29,"displayOrder":16498},"Greenland",91,{"label":16500,"value":16500,"description":29,"displayOrder":16501},"Grenada",92,{"label":16503,"value":16503,"description":29,"displayOrder":16504},"Guadeloupe",93,{"label":16506,"value":16506,"description":29,"displayOrder":16507},"Guam",94,{"label":16509,"value":16509,"description":29,"displayOrder":16510},"Guatemala",95,{"label":16512,"value":16512,"description":29,"displayOrder":16513},"Guernsey",96,{"label":16515,"value":16515,"description":29,"displayOrder":16516},"Guinea",97,{"label":16518,"value":16518,"description":29,"displayOrder":16519},"Guinea-Bissau",98,{"label":16521,"value":16521,"description":29,"displayOrder":16522},"Guyana",99,{"label":16524,"value":16524,"description":29,"displayOrder":338},"Haiti",{"label":16526,"value":16526,"description":29,"displayOrder":16527},"Heard Island and McDonald Islands",101,{"label":16529,"value":16529,"description":29,"displayOrder":16530},"Honduras",102,{"label":16532,"value":16532,"description":29,"displayOrder":16533},"Hong Kong",103,{"label":16535,"value":16535,"description":29,"displayOrder":16536},"Hungary",104,{"label":16538,"value":16538,"description":29,"displayOrder":16539},"Iceland",105,{"label":16541,"value":16541,"description":29,"displayOrder":16542},"India",106,{"label":16544,"value":16544,"description":29,"displayOrder":16545},"Indonesia",107,{"label":16547,"value":16547,"description":29,"displayOrder":16548},"Iran",108,{"label":16550,"value":16550,"description":29,"displayOrder":16551},"Iraq",109,{"label":16553,"value":16553,"description":29,"displayOrder":16554},"Ireland",110,{"label":16556,"value":16556,"description":29,"displayOrder":16557},"Isle of Man",111,{"label":16559,"value":16559,"description":29,"displayOrder":16560},"Israel",112,{"label":16562,"value":16562,"description":29,"displayOrder":16563},"Italy",113,{"label":16565,"value":16565,"description":29,"displayOrder":16566},"Jamaica",114,{"label":16568,"value":16568,"description":29,"displayOrder":16569},"Japan",115,{"label":16571,"value":16571,"description":29,"displayOrder":16572},"Jersey",116,{"label":16574,"value":16574,"description":29,"displayOrder":16575},"Jordan",117,{"label":16577,"value":16577,"description":29,"displayOrder":16578},"Kazakhstan",118,{"label":16580,"value":16580,"description":29,"displayOrder":16581},"Kenya",119,{"label":16583,"value":16583,"description":29,"displayOrder":351},"Kiribati",{"label":16585,"value":16585,"description":29,"displayOrder":16586},"Kosovo",121,{"label":16588,"value":16588,"description":29,"displayOrder":16589},"Kuwait",122,{"label":16591,"value":16591,"description":29,"displayOrder":16592},"Kyrgyzstan",123,{"label":16594,"value":16594,"description":29,"displayOrder":16595},"Laos",124,{"label":16597,"value":16597,"description":29,"displayOrder":16598},"Latvia",125,{"label":16600,"value":16600,"description":29,"displayOrder":16601},"Lebanon",126,{"label":16603,"value":16603,"description":29,"displayOrder":16604},"Lesotho",127,{"label":16606,"value":16606,"description":29,"displayOrder":16607},"Liberia",128,{"label":16609,"value":16609,"description":29,"displayOrder":16610},"Libya",129,{"label":16612,"value":16612,"description":29,"displayOrder":16613},"Liechtenstein",130,{"label":16615,"value":16615,"description":29,"displayOrder":16616},"Lithuania",131,{"label":16618,"value":16618,"description":29,"displayOrder":16619},"Luxembourg",132,{"label":16621,"value":16621,"description":29,"displayOrder":16622},"Macau",133,{"label":16624,"value":16624,"description":29,"displayOrder":16625},"Madagascar",134,{"label":16627,"value":16627,"description":29,"displayOrder":16628},"Malawi",135,{"label":16630,"value":16630,"description":29,"displayOrder":16631},"Malaysia",136,{"label":16633,"value":16633,"description":29,"displayOrder":16634},"Maldives",137,{"label":16636,"value":16636,"description":29,"displayOrder":16637},"Mali",138,{"label":16639,"value":16639,"description":29,"displayOrder":16640},"Malta",139,{"label":16642,"value":16642,"description":29,"displayOrder":362},"Marshall Islands",{"label":16644,"value":16644,"description":29,"displayOrder":16645},"Martinique",141,{"label":16647,"value":16647,"description":29,"displayOrder":16648},"Mauritania",142,{"label":16650,"value":16650,"description":29,"displayOrder":16651},"Mauritius",143,{"label":16653,"value":16653,"description":29,"displayOrder":16654},"Mayotte",144,{"label":16656,"value":16656,"description":29,"displayOrder":16657},"Mexico",145,{"label":16659,"value":16659,"description":29,"displayOrder":16660},"Micronesia",146,{"label":16662,"value":16662,"description":29,"displayOrder":16663},"Moldova",147,{"label":16665,"value":16665,"description":29,"displayOrder":16666},"Monaco",148,{"label":16668,"value":16668,"description":29,"displayOrder":16669},"Mongolia",149,{"label":16671,"value":16671,"description":29,"displayOrder":16672},"Montenegro",150,{"label":16674,"value":16674,"description":29,"displayOrder":16675},"Montserrat",151,{"label":16677,"value":16677,"description":29,"displayOrder":16678},"Morocco",152,{"label":16680,"value":16680,"description":29,"displayOrder":16681},"Mozambique",153,{"label":16683,"value":16683,"description":29,"displayOrder":16684},"Myanmar (Burma)",154,{"label":16686,"value":16686,"description":29,"displayOrder":16687},"Namibia",155,{"label":16689,"value":16689,"description":29,"displayOrder":16690},"Nauru",156,{"label":16692,"value":16692,"description":29,"displayOrder":16693},"Nepal",157,{"label":16695,"value":16695,"description":29,"displayOrder":16696},"Netherlands",158,{"label":16698,"value":16698,"description":29,"displayOrder":16699},"Netherlands Antilles",159,{"label":16701,"value":16701,"description":29,"displayOrder":16702},"New Caledonia",160,{"label":16704,"value":16704,"description":29,"displayOrder":16705},"New Zealand",161,{"label":16707,"value":16707,"description":29,"displayOrder":16708},"Nicaragua",162,{"label":16710,"value":16710,"description":29,"displayOrder":16711},"Niger",163,{"label":16713,"value":16713,"description":29,"displayOrder":16714},"Nigeria",164,{"label":16716,"value":16716,"description":29,"displayOrder":16717},"Niue",165,{"label":16719,"value":16719,"description":29,"displayOrder":16720},"Norfolk Island",166,{"label":16722,"value":16722,"description":29,"displayOrder":16723},"North Korea",167,{"label":16725,"value":16725,"description":29,"displayOrder":16726},"North Macedonia",168,{"label":16728,"value":16728,"description":29,"displayOrder":16729},"Northern Mariana Islands",169,{"label":16731,"value":16731,"description":29,"displayOrder":16732},"Norway",170,{"label":16734,"value":16734,"description":29,"displayOrder":16735},"Oman",171,{"label":16737,"value":16737,"description":29,"displayOrder":16738},"Pakistan",172,{"label":16740,"value":16740,"description":29,"displayOrder":16741},"Palau",173,{"label":16743,"value":16743,"description":29,"displayOrder":16744},"Palestine",174,{"label":16746,"value":16746,"description":29,"displayOrder":16747},"Panama",175,{"label":16749,"value":16749,"description":29,"displayOrder":16750},"Papua New Guinea",176,{"label":16752,"value":16752,"description":29,"displayOrder":16753},"Paraguay",177,{"label":16755,"value":16755,"description":29,"displayOrder":16756},"Peru",178,{"label":16758,"value":16758,"description":29,"displayOrder":16759},"Philippines",179,{"label":16761,"value":16761,"description":29,"displayOrder":16762},"Pitcairn Islands",180,{"label":16764,"value":16764,"description":29,"displayOrder":16765},"Poland",181,{"label":16767,"value":16767,"description":29,"displayOrder":16768},"Portugal",182,{"label":16770,"value":16770,"description":29,"displayOrder":16771},"Puerto Rico",183,{"label":16773,"value":16773,"description":29,"displayOrder":16774},"Qatar",184,{"label":16776,"value":16776,"description":29,"displayOrder":16777},"Reunion",185,{"label":16779,"value":16779,"description":29,"displayOrder":16780},"Romania",186,{"label":16782,"value":16782,"description":29,"displayOrder":16783},"Russia",187,{"label":16785,"value":16785,"description":29,"displayOrder":16786},"Rwanda",188,{"label":16788,"value":16788,"description":29,"displayOrder":16789},"Saint Barthelemy",189,{"label":16791,"value":16791,"description":29,"displayOrder":16792},"Saint Helena",190,{"label":16794,"value":16794,"description":29,"displayOrder":16795},"Saint Kitts and Nevis",191,{"label":16797,"value":16797,"description":29,"displayOrder":16798},"Saint Lucia",192,{"label":16800,"value":16800,"description":29,"displayOrder":16801},"Saint Martin",193,{"label":16803,"value":16803,"description":29,"displayOrder":16804},"Saint Pierre and Miquelon",194,{"label":16806,"value":16806,"description":29,"displayOrder":16807},"Saint Vincent and the Grenadines",195,{"label":16809,"value":16809,"description":29,"displayOrder":16810},"Samoa",196,{"label":16812,"value":16812,"description":29,"displayOrder":16813},"San Marino",197,{"label":16815,"value":16815,"description":29,"displayOrder":16816},"Sao Tome and Principe",198,{"label":16818,"value":16818,"description":29,"displayOrder":16819},"Saudi Arabia",199,{"label":16821,"value":16821,"description":29,"displayOrder":16822},"Senegal",200,{"label":16824,"value":16824,"description":29,"displayOrder":16825},"Serbia",201,{"label":16827,"value":16827,"description":29,"displayOrder":16828},"Seychelles",202,{"label":16830,"value":16830,"description":29,"displayOrder":16831},"Sierra Leone",203,{"label":16833,"value":16833,"description":29,"displayOrder":16834},"Singapore",204,{"label":16836,"value":16836,"description":29,"displayOrder":16837},"Sint Maarten",205,{"label":16839,"value":16839,"description":29,"displayOrder":16840},"Slovakia",206,{"label":16842,"value":16842,"description":29,"displayOrder":16843},"Slovenia",207,{"label":16845,"value":16845,"description":29,"displayOrder":16846},"Solomon Islands",208,{"label":16848,"value":16848,"description":29,"displayOrder":16849},"Somalia",209,{"label":16851,"value":16851,"description":29,"displayOrder":16852},"South Georgia and the South Sandwich Islands",210,{"label":16854,"value":16854,"description":29,"displayOrder":16855},"South Korea",211,{"label":16857,"value":16857,"description":29,"displayOrder":16858},"South Sudan",212,{"label":16860,"value":16860,"description":29,"displayOrder":16861},"Spain",213,{"label":16863,"value":16863,"description":29,"displayOrder":16864},"Sri Lanka",214,{"label":16866,"value":16866,"description":29,"displayOrder":16867},"Sudan",215,{"label":16869,"value":16869,"description":29,"displayOrder":16870},"Suriname",216,{"label":16872,"value":16872,"description":29,"displayOrder":16873},"Svalbard and Jan Mayen",217,{"label":16875,"value":16875,"description":29,"displayOrder":16876},"Swaziland",218,{"label":16878,"value":16878,"description":29,"displayOrder":16879},"Sweden",219,{"label":16881,"value":16881,"description":29,"displayOrder":16882},"Switzerland",220,{"label":16884,"value":16884,"description":29,"displayOrder":16885},"Syria",221,{"label":16887,"value":16887,"description":29,"displayOrder":16888},"Taiwan",222,{"label":16890,"value":16890,"description":29,"displayOrder":16891},"Tajikistan",223,{"label":16893,"value":16893,"description":29,"displayOrder":16894},"Tanzania",224,{"label":16896,"value":16896,"description":29,"displayOrder":16897},"Thailand",225,{"label":16899,"value":16899,"description":29,"displayOrder":16900},"Togo",226,{"label":16902,"value":16902,"description":29,"displayOrder":16903},"Tokelau",227,{"label":16905,"value":16905,"description":29,"displayOrder":16906},"Tonga",228,{"label":16908,"value":16908,"description":29,"displayOrder":16909},"Trinidad and Tobago",229,{"label":16911,"value":16911,"description":29,"displayOrder":16912},"Tunisia",230,{"label":16914,"value":16914,"description":29,"displayOrder":16915},"Turkiye",231,{"label":16917,"value":16917,"description":29,"displayOrder":16918},"Turkmenistan",232,{"label":16920,"value":16920,"description":29,"displayOrder":16921},"Turks and Caicos Islands",233,{"label":16923,"value":16923,"description":29,"displayOrder":16924},"Tuvalu",234,{"label":16926,"value":16926,"description":29,"displayOrder":16927},"Uganda",235,{"label":16929,"value":16929,"description":29,"displayOrder":16930},"Ukraine",236,{"label":16932,"value":16932,"description":29,"displayOrder":16933},"United Arab Emirates",237,{"label":16935,"value":16935,"description":29,"displayOrder":16936},"United States Minor Outlying Islands",238,{"label":16938,"value":16938,"description":29,"displayOrder":16939},"Uruguay",239,{"label":16941,"value":16941,"description":29,"displayOrder":16942},"US Virgin Islands",240,{"label":16944,"value":16944,"description":29,"displayOrder":16945},"Uzbekistan",241,{"label":16947,"value":16947,"description":29,"displayOrder":16948},"Vanuatu",242,{"label":16950,"value":16950,"description":29,"displayOrder":16951},"Vatican City",243,{"label":16953,"value":16953,"description":29,"displayOrder":16954},"Venezuela",244,{"label":16956,"value":16956,"description":29,"displayOrder":16957},"Vietnam",245,{"label":16959,"value":16959,"description":29,"displayOrder":16960},"Wallis and Futuna",246,{"label":16962,"value":16962,"description":29,"displayOrder":16963},"Western Sahara",247,{"label":16965,"value":16965,"description":29,"displayOrder":16966},"Yemen",248,{"label":16968,"value":16968,"description":29,"displayOrder":16969},"Zambia",249,{"label":16971,"value":16971,"description":29,"displayOrder":16972},"Zimbabwe",250,"Country","dropdown",{"groupType":16194,"richTextType":1482,"fields":16976},[16977],{"objectTypeId":16197,"name":16978,"label":16979,"required":6,"hidden":6,"fieldType":16980},"subscribed_to_mail_list","Subscribe to mailing list for content updates","single_checkbox",{"language":16982,"cloneable":34,"postSubmitAction":16983,"editable":34,"archivable":34,"recaptchaEnabled":6,"notifyContactOwner":6,"notifyRecipients":16986,"createNewContactForNewEmail":34,"prePopulateKnownValues":6,"allowLinkToResetKnownValues":6,"embedType":16988},"en",{"type":16984,"value":16985},"thank_you","Thank you for registering for the event. Please look out for a confirmation email with additional event details. Looking forward to seeing you there!",[16987],"88733964","V3",{"renderRawHtml":34,"theme":16990,"submitButtonText":16991,"style":16992,"cssClass":17003},"default_style","Submit",{"fontFamily":234,"backgroundWidth":1417,"labelTextColor":16993,"labelTextSize":16994,"helpTextColor":16995,"helpTextSize":16996,"legalConsentTextColor":16997,"legalConsentTextSize":16998,"submitColor":16999,"submitAlignment":17000,"submitFontColor":17001,"submitSize":17002},"#333","13px","#516383DE","11px","#33475B","14px","#00B2EB","left","#ffffff","12px","hs-form stacked",{"type":84},"hubspot",1779201840330]