Subscribe to the Non-Human & AI Identity Journal
NHI & Agent Identity in the Broader IAM Ecosystem

Approval Phishing

← Back to Glossary
By NHI Mgmt Group Updated July 10, 2026 Domain: NHI & Agent Identity in the Broader IAM Ecosystem

A fraud technique that persuades a user to grant a malicious wallet or application permission instead of stealing a password or private key. The risk is delegated authority, which can persist until the user or platform revokes it and can be exploited to move assets without further interaction.

Expanded Definition

Approval phishing is a consent abuse technique, not a password theft tactic. Instead of capturing credentials, the attacker manipulates a user into granting an application, wallet, or OAuth client delegated access that appears legitimate at the moment of approval. Once granted, that permission can persist until it is explicitly revoked, allowing the malicious actor to act through the victim’s authority.

In practice, the term sits at the intersection of identity governance, application trust, and session authorization. That makes it closely related to delegated authorization patterns in OAuth and similar consent-based flows, where a user is asked to approve access to data, actions, or tokens. The security issue is that the grant may be technically valid even if the user was socially engineered into approving it. NIST Cybersecurity Framework 2.0 is relevant here because it frames identity and access as governance concerns, while permission hygiene determines whether a granted connection remains benign or becomes an abuse path. For NHI and agentic AI environments, the same pattern can expose service principals, API-connected apps, and agent tooling when consent is treated as routine rather than risk-based.

The most common misapplication is assuming a successful approval was an informed authorization, which occurs when users are prompted during a rushed workflow and do not recognise the scope or persistence of the permission.

Examples and Use Cases

Implementing consent-based access rigorously often introduces user friction and operational overhead, requiring organisations to weigh convenience against the cost of ongoing permission review and revocation.

  • A user receives a plausible prompt to approve an OAuth connection for “productivity” or “security verification,” but the grant silently allows mailbox, file, or profile access.
  • A wallet user signs an approval transaction that authorises a malicious contract to move assets later without requiring another prompt.
  • An employee authorises a third-party app during a login flow, and the app remains connected long after the task is finished because revocation is not part of offboarding.
  • An AI-enabled assistant requests access to a business system to “help automate workflows,” but the permission scope exceeds what the user intended.
  • A phishing campaign uses a legitimate-looking enterprise consent screen to bypass password theft and create durable delegated access, similar to cases analysed in CoPhish OAuth Token Theft via Copilot Studio.

These scenarios are often described under OAuth consent abuse, token theft, or wallet-drain activity, but the shared pattern is the same: the victim authorises access once, and the attacker exploits that permission later. The consent model is legitimate, yet the intent behind the approval is malicious. Guidance from the NIST Cybersecurity Framework 2.0 remains useful because it encourages organisations to treat access approvals as security events, not just user interface actions.

Why It Matters for Security Teams

Approval phishing is dangerous because it bypasses many controls that focus on secrets, such as password resets, MFA prompts, and credential rotation. If a malicious app or wallet gains durable permission, the attacker can continue acting within the bounds of valid authorization, which makes detection harder and incident response slower. For security teams, the real challenge is not only stopping the initial lure but also discovering and revoking stale, overbroad, or mis-scoped consent before it is abused.

This is especially important in NHI-heavy environments. NHIMG research shows that NHI Mgmt Group has found 97% of NHIs carry excessive privileges, and 92% of organisations expose NHIs to third parties, which makes delegated access a high-value target. Approval phishing becomes operationally unavoidable after an account takeover, token misuse, or suspicious transaction forces teams to trace which app, agent, or wallet was actually authorised. At that point, the incident is no longer about phishing in the traditional sense, but about permission abuse and revocation discipline.

Cases like the Poland Military Breach show why security programmes must monitor consent trails, app grants, and delegated access paths with the same urgency they apply to credential compromise. Organisations typically encounter the full impact only after assets move or data exfiltration begins, at which point approval phishing becomes operationally unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST SP 800-63 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
NIST CSF 2.0PR.AA-01Identity and access governance covers approved access paths abused by this tactic.
OWASP Non-Human Identity Top 10Consent abuse is a common path for compromising non-human identities and tokens.
OWASP Agentic AI Top 10Agent tool permissions can be socially engineered into unsafe delegated access.
NIST SP 800-63AAL2Assurance levels help limit reliance on weak or unverified approval contexts.
NIST Zero Trust (SP 800-207)PDP/PEPZero trust policy enforcement helps validate and constrain delegated access at use time.

Treat app and agent approvals as NHI attack surface and enforce scoped consent review.

NHIMG Editorial Note
Reviewed and updated by the NHIMG editorial team on July 10, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org