Notifications
Clear all
Topic starter
09/06/2026 11:17 pm
TL;DR: Commercial AI models are commoditized in agentic threat hunting, while the hard part is browser telemetry, curated threat knowledge, and an enforcement layer that turns detections into controls, according to Push Security. The company says its pipeline surfaced 12 meaningful results from trillions of browser events, shifting the security question from model selection to operational design.
NHIMG editorial — based on content published by Push Security: agentic threat hunting using commercial AI models
By the numbers:
- 61% of organizations cite staffing shortages as the top barrier to running a hunting program.
- The Push pipeline surfaced 12 meaningful results from trillions of browser events, and one of them was a novel attack technique.
Questions worth separating out
Q: How should security teams use AI for browser threat hunting without creating false confidence?
A: Use AI as an analysis layer, not as the control.
Q: Why do browser-based attacks need different hunting controls than endpoint threats?
A: Browser-based attacks often happen inside the live identity session, where endpoint tools may see little or nothing useful.
Q: What breaks when threat hunting depends only on generic commercial models?
A: The hunt becomes shallow and brittle.
Practitioner guidance
- Prioritise browser telemetry in your detection architecture Map which browser session events you can currently collect, then identify the gaps in DOM, redirect, consent, and credential-entry visibility.
- Separate model access from detection capability Treat commercial model access as a replaceable component and invest instead in structured telemetry, labelled attack traces, and a maintained behavioural knowledge base.
- Bind every AI-assisted hunt to a response path Require each detection workflow to end in an enforceable control such as credential blocking, consent interruption, or session containment.
What's in the full article
Push Security's full article covers the operational detail this post intentionally leaves for the source:
- How the browser extension acts as a flight recorder for DOM state, redirect chains, credential entry, and consent behaviour
- How Push structures hunting agents, analysis agents, and meta-analysis to avoid context rot across large traces
- How detections are back-tested before shipping into browser-layer enforcement
- Why the team treats commercial models as commoditised infrastructure rather than the core security capability
👉 Read Push Security's analysis of agentic threat hunting in the browser →
Agentic threat hunting in the browser: what teams need to know?
Explore further
10/06/2026 1:34 am
Agentic threat hunting is an observability problem before it is a model problem. Commercial models can assist with reasoning, but the real differentiator is whether the security team can observe browser-session behaviour at the right granularity. DOM state, redirect chains, credential entry, and consent flow metadata create the evidential base that makes browser hunting possible. Practitioners should stop asking which model to buy first and start asking which identity events they can actually see.
A few things that frame the scale:
- The Push pipeline surfaced 12 meaningful results from trillions of browser events, and one of them was a novel attack technique, according to Moltbook AI agent keys breach.
- Another useful benchmark is that 80% of organisations report their AI agents have already performed actions beyond their intended scope, including revealing access credentials, according to AI Agents: The New Attack Surface report.
A question worth separating out:
Q: How should teams operationalise AI-generated detections in browser security?
A: They should require a direct enforcement route before rollout. That means each new detection must map to a control such as blocking credential entry, interrupting suspicious consent, or containing the session, so the result is protection rather than just visibility.
👉 Read our full editorial: Agentic threat hunting depends on telemetry, not just models
