Adversary-in-the-middle phishing inserts attacker infrastructure between the victim and the real login service. The attacker relays the login in real time, captures the issued token, and bypasses MFA by stealing the authenticated session rather than guessing the password.
Expanded Definition
AiTM phishing, short for adversary-in-the-middle phishing, is a live session relay attack that sits between a user and the legitimate authentication service. Unlike credential theft that depends on reused passwords, AiTM attacks aim to capture the authenticated session after MFA succeeds. That makes the technique especially relevant in NHI security, where browser sessions, SSO tokens, and delegated access can become the real prize.
The term is used consistently in current security guidance, although implementation details still vary across vendors. In practice, the attack often uses a convincing proxy page, real-time forwarding, and token capture to preserve the illusion of a normal login flow. The control objective is not just stronger MFA, but token binding, phishing-resistant authentication, and rapid session invalidation. For a broader defensive lens, the NIST Cybersecurity Framework 2.0 remains the clearest baseline for mapping identity protection to governance outcomes.
The most common misapplication is treating AiTM phishing as a password problem, which occurs when defenders harden login complexity but leave session tokens and browser-based trust paths exposed.
Examples and Use Cases
Implementing defenses against AiTM phishing rigorously often introduces authentication friction and lifecycle complexity, requiring organisations to weigh user convenience against session integrity and phishing resistance.
- A remote employee enters credentials into a counterfeit SSO page, and the attacker relays the login to the real service in time to steal the active session cookie.
- A help desk portal uses MFA, but the attacker proxies the session and intercepts the token after approval, bypassing the need to know the password.
- An AI agent connected to a browser session inherits a stolen authenticated context, turning a human-targeted phishing event into downstream NHI misuse.
- A security team reviews patterns in a public incident, such as the DeepSeek breach, and uses them to refine token exposure monitoring and response playbooks.
- An organisation compares phishing-resistant controls to session-based access models using the NIST Cybersecurity Framework 2.0 to decide where MFA alone is no longer enough.
AiTM is often discussed alongside credential theft, but it is operationally different because the attacker needs only a brief window of valid interaction, not persistent password access. That is why it is increasingly relevant in browser-centric enterprise environments and cloud identity stacks. NHIMG has also documented how exposed AI-related secrets and credentials can be abused quickly, as seen in the DeepSeek breach, where the speed of misuse becomes part of the threat model.
Why It Matters in NHI Security
AiTM phishing matters because it collapses the value of traditional MFA if the session itself is not protected. For NHI programs, that means the attacker may not need to compromise an agent directly; they can inherit an authenticated context and act as though they are the legitimate user or workload. This creates a governance blind spot where access reviews, password policy, and even MFA adoption can all look healthy while live sessions remain exploitable.
NHIMG research shows how quickly exposed credentials can be weaponised: when AWS credentials are public, attackers attempt access within an average of 17 minutes, and sometimes within 9 minutes, from Entro Security’s analysis in DeepSeek breach. That speed matters because AiTM attacks are built for immediate token use, not delayed exploitation. The defensive response should include phishing-resistant authentication, session binding, step-up checks for sensitive actions, and strict revocation when anomalous relays are detected. Organisations typically encounter the true impact only after an account takeover or fraud event, at which point AiTM phishing becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST SP 800-63 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | AiTM targets session tokens and login flows, which NHI-02 treats as secret-handling risk. |
| NIST SP 800-63 | AAL2 | Phishing-resistant authenticators are central to assurance against relay attacks. |
| NIST Zero Trust (SP 800-207) | CA-7 | Zero Trust assumes continuous validation, which helps contain stolen-session abuse. |
Protect NHI sessions with phishing-resistant auth, token binding, and fast revocation controls.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on May 26, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
