An attack pattern where the adversary sits between the user and the service to capture or replay authentication data and session state. The victim may still log in successfully, which is why the compromise often appears legitimate until privileged actions begin. AiTM is especially dangerous for admin workflows that trust issued sessions too much.
Expanded Definition
Adversary-in-the-Middle, or AiTM, is more than simple interception. In NHI and IAM contexts, it describes an attacker who positions themselves between an identity provider, application, or proxy boundary and the user or agent so they can observe, relay, or replay authentication artefacts while preserving the illusion of a normal sign-in. The result is often a valid session token, not an obviously stolen password. That makes AiTM especially dangerous where MITRE ATLAS adversarial AI threat matrix style tradecraft overlaps with identity abuse, because the attacker is not trying to break authentication outright, but to hijack the trust created by it.
Definitions vary across vendors on whether AiTM includes only live relay attacks or also phishing kits that proxy credentials and cookies after capture. NHI Management Group treats the term operationally: if the attacker can sit in the trust path and reuse authenticated state, the risk is AiTM. This distinction matters for AI agents, service principals, and admin workflows that inherit sessions rather than re-authenticate for sensitive actions. It also aligns with the broader guidance in Ultimate Guide to NHIs — Why NHI Security Matters Now and Top 10 NHI Issues, where session trust is treated as a high-value control plane. The most common misapplication is assuming a successful login proves legitimacy, which occurs when teams do not validate session origin, device context, or post-authentication behaviour.
Examples and Use Cases
Implementing detection and prevention for AiTM often introduces friction, because stronger session validation can disrupt legitimate automation and remote work patterns, requiring organisations to weigh user convenience against trust assurance.
- A phishing page proxies a real identity provider login, captures the issued session cookie, and immediately reuses it against a cloud console without prompting for fresh proof.
- An attacker relays a privileged user’s authentication to reach an admin portal, then performs configuration changes that appear to come from the real account.
- A compromised reverse proxy or interception layer injects itself into an API-based workflow, allowing a stolen bearer token to be replayed against NHI-controlled services.
- Security teams reviewing The 52 NHI breaches Report often find that the breach began with trust in a valid session, not with a failed password check.
- In AI operations, a hijacked agent session can be abused after authentication to call tools, pull secrets, or issue commands, matching patterns discussed in DeepSeek breach analysis and the CISA cyber threat advisories.
AiTM is also a recurring concern in AI-orchestrated intrusion paths described by Anthropic — first AI-orchestrated cyber espionage campaign report, where authenticated access is more valuable than initial entry.
Why It Matters in NHI Security
AiTM matters because it collapses the gap between identity compromise and operational compromise. Once a valid session is replayed, the attacker may inherit the same permissions as the user, service account, or agent that issued it. In NHI environments, that can expose API keys, orchestration endpoints, secrets managers, and privileged automation paths. NHI Management Group research shows why this window is so dangerous: when AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases, a tempo that leaves little room for manual response.
That speed makes session integrity a governance issue, not just a phishing issue. AiTM can also bypass controls that focus only on passwords or first-factor prompts, which is why strong session binding, conditional access, and short-lived credentials matter for both human and non-human identities. The problem is compounded when secrets are fragmented across environments, because a hijacked session may be enough to reach additional credentials before defenders notice. Organisations typically encounter AiTM only after anomalous privilege use, token replay, or unexpected console activity appears, at which point the trust chain has already been broken and session validation becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | AiTM often leads to token and secret replay after session capture. |
| NIST CSF 2.0 | PR.AA-01 | Identity proofing and authentication controls must resist session hijacking patterns. |
| NIST Zero Trust (SP 800-207) | SC-23 | Zero Trust requires continuous verification instead of trusting an established session. |
Harden authentication flows with device context, reauth, and anomaly detection for session abuse.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 9, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
