Agentic threat hunting for browser attacks needs human context

At a glance

What this is: This is an analysis of how Push Security uses AI agents to accelerate browser threat hunting and detection engineering, with the main finding that human context plus agentic workflows can turn trillions of events into actionable detections.

Why it matters: It matters because browser-layer attacks increasingly intersect with identity, consent, and credential abuse, so IAM, NHI, and security teams need detection models that track behavior, not just known indicators.

By the numbers:

• We’ve detected a 37x increase in device code phishing attacks across our install base.

👉 Read Push Security's analysis of agentic threat hunting for browser attacks

Context

Agentic threat hunting in the browser means using AI agents to help researchers identify patterns across massive telemetry sets, then turning those patterns into detections that survive infrastructure rotation. The identity security angle is clear: modern browser attacks increasingly target credentials, consent flows, OAuth grants, and session paths rather than traditional perimeter controls.

Push’s argument is that known-bad indicators age too quickly in these campaigns, especially when attackers can rotate domains, URLs, and landing pages in minutes. That pushes defenders toward behavioral detection at the point where identity is actually used, which has implications for browser security, NHI abuse, and human sign-in flows alike.

Key questions

Q: How should security teams build browser detections that survive rotating infrastructure?

A: They should base detections on behavior, not infrastructure. Scripts loaded, redirect chains, page interactions, credential prompts, and post-click outcomes are harder for attackers to change than domains or URLs. That makes the detection resilient when malvertising, phishing kits, and cloned pages rotate constantly.

Q: Why do browser attacks create identity risk instead of just web risk?

A: Because the browser is where users approve access, enter credentials, and grant consent. Once an attacker controls that interaction path, the issue is no longer just malicious web content. It becomes an identity event that can lead to token theft, session hijacking, OAuth abuse, or unauthorized access.

Q: What do security teams get wrong about using AI agents for threat hunting?

A: They often assume the agent is the source of insight. In practice, the insight comes from human context, and the agent only scales that context across more data. Without well-curated TTP knowledge, agents will produce noise, miss subtle variants, or overfit to weak signals.

Q: How can teams tell whether agent-assisted detection is actually working?

A: Look for detections that remain effective after infrastructure changes, plus a measurable drop in time from new technique discovery to production coverage. If the workflow only catches known bad domains, it is not really scaling threat hunting. It is just automating blocklists.

Technical breakdown

Behavioral detection versus indicator blocking in browser hunts

Indicator-based detections depend on domains, IPs, and URLs that attackers can rotate quickly. Behavioral detection looks instead at what scripts load, how redirects chain, what the user sees, and what happens after credential entry or consent approval. In browser-based identity attacks, the relevant signal is usually the sequence of page behavior and user interaction, not a static signature. That is why TTP-based hunting survives malvertising, AiTM kits, ConsentFix-style abuse, and cloned login pages better than simple blocklists. Practical implication: build detections around browser behaviors that remain stable when infrastructure changes.

Practical implication: tune detections to page and user behavior, not only infrastructure indicators.

How agentic workflows scale threat hunting context

The article’s core operational model is not autonomous security decision-making, but researcher-led automation at scale. Humans provide the attack context, internal knowledge, and prioritisation logic. Agents then generate hypotheses, run queries across stored browser metadata, refine false positives, and escalate only the results that merit review. That division matters because the quality of the hunt depends on the context window, the task hierarchy, and the verification loop. Agents do not replace the research model; they industrialise it. Practical implication: document your hunt logic so that machine-assisted triage can reuse it reliably.

Practical implication: codify hunt knowledge into repeatable workflows before asking agents to scale it.

Browser telemetry as an identity security control surface

Push describes its browser extension as a flight recorder that captures DOM elements, tab context, script execution, network traffic, user actions, and credential entry. That makes the browser a control surface for identity abuse, because many modern attacks happen after the user has already reached a trusted application or consent screen. In practice, this shifts visibility from perimeter events to session-level behavior, where phishing, OAuth abuse, and session hijacking leave measurable traces. Practical implication: treat browser telemetry as part of identity monitoring, not just endpoint observability.

Practical implication: align browser telemetry with identity and access investigations.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• MongoBleed breach — MongoBleed exposed secrets across 87K MongoDB servers.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Behavioral hunting is now an identity control problem, not just a browser security problem. The article shows that the useful signal lives in consent prompts, redirected pages, credential entry, and post-click behavior. Those are identity events as much as they are web events, because the attacker is targeting the point where trust is granted. The practitioner takeaway is that browser telemetry belongs inside identity risk operations, not outside them.

Human-led context is the decisive input to machine-scale detection. Push’s model works because researchers supply the TTP knowledge, then agents operationalise it across massive telemetry. That is a field-level lesson for security teams: AI does not create the hunt logic, it only amplifies it. Programmes that cannot encode expertise will not get reliable scale from agents.

Technique-led detection is the only durable answer to fast-rotating adversary infrastructure. The article makes the case that domains, URLs, and IPs are too transient to anchor modern browser detections. That is especially true when AI-generated content and operator-gated payloads make adversary infrastructure cheap to replace. The implication for practitioners is clear: if detection still depends on stale indicators, it will miss the attack class, not merely the variant.

Identity exposure in the browser increasingly precedes any visible compromise signal. The browser is where consent, token reuse, login prompts, and post-authentication actions are now being manipulated. That means identity programmes need to think in terms of session-level behavior and attack path reconstruction, not just authentication success or failure. The practitioner conclusion is to treat the browser as an active identity telemetry layer.

Named concept: browser attack telemetry compounding. The article describes two learning loops, one for known threats and one for emerging threats, that feed each other and improve detection output over time. That compounding effect is a useful name for what happens when human research, agentic triage, and production detections share the same knowledge base. Practitioners should view this as an operating model, not a tool feature.

From our research:

• 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
• From our research: Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
• For a broader control lens, The 52 NHI breaches Report shows how fast identity failures turn into operational exposure when access signals are not governed as a lifecycle problem.

What this signals

Browser telemetry is becoming part of identity governance, not just threat detection. As attack chains move through login prompts, consent dialogs, and session actions, teams need to correlate browser events with identity and access workflows. The governance gap is not only visibility. It is whether the organisation can turn session-level behavior into an identity decision fast enough to matter.

Named concept: telemetry compounding. When human research, agentic triage, and production detections share a common knowledge base, each hunt should improve the next one. That model only works if the programme preserves analyst context and routes it into repeatable detection logic, rather than treating every investigation as a one-off.

With 96% of technology professionals identifying AI agents as a growing security threat in the SailPoint research, browser-centric detection programmes should assume the threat surface will keep expanding. Teams should watch for overlaps between workforce browsers, shadow AI usage, and identity abuse paths that start before the application layer ever sees a clean login.

For practitioners

• Shift detections from indicators to behaviors Map the browser events that remain stable across infrastructure changes, including redirects, script loading, user interaction, and credential entry. Use those behaviors to drive detections that survive domain rotation and disposable phishing kits.
• Operationalise research knowledge for agent use Turn investigator heuristics, TTP notes, and prior hunt findings into structured context that agents can reuse. If your team’s expertise lives in one analyst’s head, the agents will only scale that bottleneck.
• Treat browser telemetry as identity telemetry Route browser-derived signals into identity investigations when the attack path involves login, consent, OAuth grant, or token abuse. The browser is often where the trust decision happens, so the evidence should be available there too.
• Build a verification loop between agents and humans Have agents generate hypotheses and triage results, then require human review of suspicious findings before production deployment. That keeps machine speed without letting a false pattern become a permanent detection rule.

Key takeaways

• Browser-based attacks now require behavioral detection because infrastructure indicators rotate too quickly to stay useful.
• AI agents can scale threat hunting only when they are fed human context, verified by researchers, and constrained by repeatable workflows.
• Identity teams should treat the browser as an active control surface for credentials, consent, and session abuse, not as a passive access channel.

Key terms

• Agentic Threat Hunting: A hunting model where AI agents help security researchers generate hypotheses, search telemetry, and triage results at scale. The human team still defines the context and validates the outcomes, while the agents reduce the time needed to move from signal discovery to production detection.
• Behavioral Detection: A detection approach that looks for what an attack does rather than what infrastructure it uses. In browser security, that means watching script behavior, redirect patterns, user interaction, and post-authentication actions that stay useful even when domains and URLs change.
• Browser Telemetry: Metadata collected from browser activity, such as tab context, DOM events, script execution, network traffic, and credential entry. In identity security, it provides session-level evidence for phishing, consent abuse, token theft, and other attacks that occur after a user reaches the application.
• Telemetry Compounding: A feedback model where human investigations, agentic analysis, and production detections improve one another over time. Each hunt adds context to the knowledge base, which makes later hunts faster and more accurate, provided the organisation preserves analyst reasoning in a reusable form.

Deepen your knowledge

Browser-based identity attacks and behavioral detection are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your team is trying to turn browser telemetry into governance-grade identity insight, it is a relevant starting point.

This post draws on content published by Push Security: agentic threat hunting against modern browser-based attacks. Read the original.