An adversary-in-the-middle proxy sits between the victim and the legitimate service to intercept credentials, tokens, or session data in real time. In phishing campaigns, it allows the attacker to capture a usable identity signal rather than only a password, which makes the compromise harder to detect and more durable.
Expanded Definition
An AiTM proxy, or adversary-in-the-middle proxy, is a real-time interception layer that relays traffic between a user and a legitimate service while capturing session cookies, tokens, MFA artifacts, or device trust signals. Unlike legacy phishing that only steals a password, AiTM campaigns target the authenticated session itself, which is why they are so effective against modern login flows.
In NHI and IAM practice, the term is often used alongside token theft, session hijacking, and credential replay, but those are not identical. An AiTM proxy is the mechanism; the stolen session material is the outcome. Definitions vary across vendors when they describe “phishing-resistant” controls, so practitioners should map the term to the actual control failure: an attacker inserted into the trust path after initial credential collection. For guidance on securing identity flows, see the NIST Cybersecurity Framework 2.0 and its emphasis on identity protection and detection.
The most common misapplication is treating AiTM as ordinary phishing, which occurs when defenders focus only on password resets and ignore active session theft.
Examples and Use Cases
Implementing defenses against AiTM proxies rigorously often introduces friction in user authentication and device verification, requiring organisations to weigh stronger session protection against login convenience and support burden.
- A phishing page forwards a victim’s username and password to the real login portal, then relays the MFA success response back to the attacker so the session token can be harvested.
- An attacker uses stolen browser cookies to bypass password changes, making the compromise persistent until the session is revoked and the token lineage is invalidated.
- An enterprise reviews indicators from a campaign after reading DeepSeek breach research and correlates them with token replay patterns seen in recent identity incidents.
- Security teams align detection with NIST Cybersecurity Framework 2.0 by monitoring impossible travel, anomalous user-agent changes, and suspicious token use after authentication.
- A cloud platform enforces conditional access and phishing-resistant authenticators, but an AiTM proxy still succeeds when the policy trusts the browser session more than the device and network posture.
AiTM proxies are especially dangerous in SSO-heavy environments because one captured session can unlock multiple downstream applications and service consoles.
Why It Matters in NHI Security
AiTM matters because the attack shifts the target from a secret value to a live identity signal. That makes it directly relevant to NHI security, where service accounts, automation, and human identities increasingly depend on short-lived tokens, federated sessions, and browser-mediated trust. When session material is stolen, revoking the password alone does not remove attacker access.
This is also where secret hygiene and identity governance intersect. NHIMG research shows that only 44% of developers follow secrets-management best practices in The State of Secrets in AppSec by GitGuardian and CyberArk, which helps explain why compromised credentials so often become the entry point for broader session abuse. In practice, an AiTM proxy can turn weak secret handling into authenticated compromise faster than many organisations can respond. Pairing identity controls with session telemetry and token revocation is essential, especially when secrets are already exposed in code or training data paths such as the DeepSeek breach case study. Organisaties typically encounter the operational cost only after a valid session is abused in production, at which point AiTM proxy analysis becomes unavoidable to contain the breach.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST SP 800-63, NIST Zero Trust (SP 800-207) and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | AiTM proxies often succeed after token or secret theft, which this control category aims to reduce. |
| NIST SP 800-63 | AAL2 | Session theft undermines authenticator assurance when the attacker reuses a valid authenticated state. |
| NIST Zero Trust (SP 800-207) | 3.1 | Zero trust requires continuous verification after login, which directly counters AiTM session reuse. |
| NIST CSF 2.0 | PR.AC-7 | Identity proofing and access control must account for intercepted sessions and replay. |
| OWASP Agentic AI Top 10 | Agentic systems that rely on browser sessions can be hijacked through AiTM interception. |
Use phishing-resistant authenticators and validate session binding beyond password success.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on July 9, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org