Ethical Hacking News
A new threat landscape has emerged due to the rapid evolution of artificial intelligence (AI) and its increasing adoption across various sectors. The most efficient way to address both problems is with a single platform that has deep visibility into what's happening inside browser sessions. As AI adoption grows, security teams are facing unprecedented challenges in protecting against AI-enabled attacks and governing AI usage. This article explores the growing threat landscape and provides insights on how to use the browser as a front line for AI security.
Security teams are struggling to keep up with AI-enabled phishing attacks and misuse of legitimate sites for hosting phishing links.AI has made it easier to build and run multi-channel campaigns, such as malvertising and social media poisoning.Employee adoption of AI tools is outrunning governance, leading to concerns about data security and potential unauthorized access.The browser is a critical layer for gaining visibility and control over AI usage, with native prompt logging and DLP controls available in enterprise plans.Security teams need tools that capture AI interactions not triggered by policy violations, including OAuth consent flows and scope requests.
In recent months, the threat landscape has undergone significant changes, driven by the rapid evolution of artificial intelligence (AI) and its increasing adoption across various sectors. The most efficient way to address both problems is with a single platform that has deep visibility into what's happening inside browser sessions.
Security teams are staring at two AI problems at once: adversaries are using AI to iterate on phishing kits, generate lures, and rotate infrastructure faster than blocklists can follow. Employees are adopting AI tools faster than security teams can review them, pasting sensitive data into LLMs, granting OAuth permissions to AI agents, and installing AI browser extensions that nobody vetted.
The rapid evolution of ClickFix, with new techniques like InstallFix and ConsentFix is one example. And device code phishing, which abuses a legitimate OAuth flow to bypass MFA and passkeys entirely, has surged from a research curiosity to an industrialized PhaaS offering, with more than 18 kits being actively tracked in the wild. As AitM and device code kits converge into single platforms, we’re seeing signs of heavy AI use — as we observed when we got an inside look at Doko’s Panel and derivative kits, used extensively by ShinyHunters and BlackFile.
Another trend that has emerged is the misuse of legitimate sites for hosting and delivery of phishing links. According to Spamhaus, 89% of phishing domains are active for fewer than two days. For organizations relying on blocklists and IOC feeds, every phishing attack is effectively a zero-day — it's never been seen before, and the next one won't look the same either.
In addition, AI has made it easier to build and run multi-channel campaigns, such as malvertising, social media, SEO poisoning, and so on. ClickFix is an even clearer example, where 4 in 5 payloads arrive specifically through search engine results. Email security is structurally blind to the delivery channels that are growing fastest.
The recent LLMshare campaign used legitimate chatgpt.com sharing links, creating a convincing ad that is impossible to spot from just looking at the URL.
On the employee side, adoption is outrunning governance. There is a top-down mandate for organizations to use more AI in order to remain competitive. Attempting to block or bottleneck that process in a way that hurts potential efficiency and productivity gains is not going to cut it — so security teams need to find a way to adopt AI safely and securely.
The signs show that this is out of control for many organizations. The 2026 Verizon DBIR found that 45% of employees are now regular AI users on corporate devices, with 67% using non-corporate accounts. Push's own telemetry shows the average organization has 16 unique AI apps, 17 AI browser extensions, and 17 AI-connected OAuth integrations — most of them unapproved.
With this growing risk landscape, security teams don't need to choose between stopping AI-enabled attacks and governing AI usage — or pay for two tools that each see half the picture.
The risks stack up quickly. Sensitive data leaves the organization through clipboard pastes and file uploads to AI tools that security teams didn't approve and can't monitor. AI browser extensions collect browsing context from internal applications, creating a data exfiltration path that operates outside traditional DLP.
AI agents are requesting OAuth permissions to access organizational data — pulling information from one system, analyzing it in another, and presenting it in a third — with MCP connections now creating persistent, permissioned access that most organizations have little visibility and control over. The 2026 Vercel breach shows where this leads: a compromised third-party AI SaaS provider's OAuth integration became the entry point into a corporate Google Workspace tenant.
ShinyHunters' campaigns against Salesloft Drift and Gainsight demonstrated the same pattern at scale last year. The browser sees both sides — and that's the point
Both problems share a root cause: security-relevant activity is happening inside browser sessions that most tools can't observe. Many of these attack techniques are browser-native, meaning traditional monitoring tools simply do not have the required visibility inside the browser session to detect and intercept them.
The browser is equally the best single layer for gaining visibility and control over AI usage — it sees the apps, the OAuth grants, the extensions, and the account context. And enterprise AI tools like Claude, ChatGPT Enterprise, Microsoft Copilot, Gemini for Workspace increasingly provide native prompt logging and DLP controls on their enterprise plans.
Combining the two means that you can use the browser to enforce which AI tools employees can access and ensure they reach the corporate tenant rather than a personal account, then rely on platform-native controls to govern activity within that environment. The browser is what makes platform controls effective and prevents the kind of shadow AI use that can otherwise go undetected.
When evaluating platforms in this space, four questions separate tools that provide genuine security telemetry from those that offer compliance reporting with limited investigative value. Does the tool capture AI interactions that didn't trigger a policy violation? Enforcement-first tools record what they stopped — blocked uploads, unapproved app usage, flagged file names. That's useful for compliance, but the most significant events are often the ones that looked normal at the time: an approved extension that quietly updates its permissions, an OAuth consent grant that was technically permitted but shouldn't have been, a user whose behavior shifted gradually before a resignation.
Does the tool capture the full OAuth consent flow when an AI agent requests access to organizational data? Most enforcement-first tools treat OAuth as binary — approved app or blocked app. That was a reasonable model when OAuth grants were IT-managed integrations. It isn't sufficient for agentic AI, where user-initiated consent grants happen inside browser sessions with broad scopes and frequently without security team awareness.
The right tool captures what scopes were requested, who approved them, and what application received them — and can warn or block in real time.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Browser-as-a-Front-Line-for-AI-Security-A-Growing-Threat-Landscape-ehn.shtml
https://www.bleepingcomputer.com/news/security/why-the-browser-is-now-the-front-line-for-ai-security/
Published: Tue Jun 2 11:46:42 2026 by llama3.2 3B Q4_K_M
