MFA fails when attackers relay valid credentials and second factors in real time through a hostile proxy. The user appears to authenticate normally, but the attacker captures the session. Phishing-resistant authentication reduces that relay path by binding the login more tightly to the device and origin.
Why This Matters for Security Teams
Reverse-proxy phishing is effective because it turns a strong second factor into a live relay channel, so the attacker never needs to “break” MFA in the traditional sense. The login still looks legitimate to the identity provider, which is why teams that rely on password plus OTP controls often miss the attack until a session is already active. Current guidance suggests treating this as an authentication assurance problem, not just a user-training problem, and aligning controls with phishing-resistant methods described in the NIST Cybersecurity Framework 2.0.
This is also where NHI risk shows up: if a proxy captures a user session, it may be replayed into apps, admin portals, and even AI tools tied to the same identity boundary. NHIMG research on the Microsoft Midnight Blizzard breach shows how credential theft and session abuse can escalate far beyond the initial login event. In practice, many security teams encounter this only after a valid session has already been used to move laterally.
How It Works in Practice
A reverse-proxy phishing kit sits between the victim and the real login page. The user enters a password, approves MFA, and receives a session token from the genuine identity provider, but the attacker captures the result in real time and reuses it. That means the failure is not the MFA factor itself, but the fact that the factor is not bound strongly enough to the authentic origin, device, or transaction context.
Phishing-resistant authentication reduces this relay path by requiring proof that is harder to forward through a hostile proxy. In practice, that usually means WebAuthn or FIDO2-style authenticators, device-bound certificates, or other methods that verify the login is happening on the expected device and against the expected domain. For teams managing broader identity exposure, NHIMG’s Ultimate Guide to NHIs - Standards is a useful reference for how authentication assurance fits into a wider NHI governance model.
- Prefer phishing-resistant authentication for high-risk users, admins, and privileged workflows.
- Bind sessions to device posture, origin, or cryptographic assertions where supported.
- Shorten session lifetime and require step-up checks for sensitive actions.
- Monitor for impossible travel, new device fingerprints, and token replay signals.
For AI-era environments, the same lesson applies to workload and agent identities: a token that can be relayed is a token that can be abused. That is why the operational focus is shifting toward stronger origin binding and runtime trust decisions. These controls tend to break down in legacy SSO stacks, thin clients, and environments that still depend on shared browsers or long-lived web sessions because the session itself remains the weakest link.
Common Variations and Edge Cases
Tighter authentication often increases friction, so organisations must balance user convenience against the operational cost of stronger controls. Not every workflow needs the same assurance level, and current guidance suggests reserving the strictest phishing-resistant methods for privileged access, finance, support tooling, and admin consoles.
There is no universal standard for this yet when it comes to every application type, especially where mobile apps, kiosk workflows, or embedded browsers limit modern authenticator support. In those cases, teams often combine conditional access, device trust, and session hardening rather than expecting MFA alone to stop relay attacks. NHIMG analysis of the DeepSeek breach underscores how exposed credentials and weak trust boundaries can create fast-moving compromise chains once an attacker gets a foothold.
The practical edge case is that some “MFA protected” systems still accept relayed sessions because the application trusts the identity provider too broadly. Security teams should test for proxy phishing in real login flows, not just assume the presence of MFA equals resistance. This guidance breaks down in environments where legacy protocols, shared sessions, or third-party login brokers prevent cryptographic binding from being enforced consistently.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A01 | Phishing-resistant auth is central to stopping token relay into agent and user sessions. |
| NIST AI RMF | Runtime trust and accountability matter when sessions can be replayed or abused. | |
| NIST CSF 2.0 | PR.AA-1 | Authentication assurance directly maps to identity verification and access control. |
Assess authentication risk in context and apply stronger controls to high-impact AI and identity workflows.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 12, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
