Skip to content
Tech News
← Back to articles

Why the browser is now the front line for AI security

2026-06-02 | original
read original get AI Security Browser Extension → more articles
Why This Matters

The increasing use of AI in cyberattacks, especially within browsers, poses a significant threat to both security teams and consumers. As attackers leverage AI to rapidly develop and deploy sophisticated phishing and malware tools, traditional defenses struggle to keep pace, highlighting the need for integrated, browser-level security solutions. This shift underscores the importance of advanced visibility and proactive measures in safeguarding digital environments.

Key Takeaways

Security teams are staring at two AI problems at once. Adversaries are using AI to iterate on phishing kits, generate lures, and rotate infrastructure faster than blocklists can follow. Employees are adopting AI tools faster than security teams can review them, pasting sensitive data into LLMs, granting OAuth permissions to AI agents, and installing AI browser extensions that nobody vetted.

Both problems play out in the same place: the browser. The most efficient way to address them is with a single platform that has deep visibility into what's happening inside browser sessions — not two separate tools that each see half the picture.

AI-enabled attacks are outpacing traditional defenses

Security has always been a cat and mouse game between attackers and defenders, but AI is accelerating the attacker side of that equation. Phishing kits are forked, modified, and brought to market faster than ever — AI is a force multiplier for the criminal ecosystem, and it's changing the calculus for defenders in three ways.

AI has supercharged attacker tool creation: Attackers are using AI the same way any engineer would: to multiply their output. We’re seeing attackers heavily use AI in the creation and iteration of PhaaS tools and kits.

The rapid evolution of ClickFix, with new techniques like InstallFix and ConsentFix is one example. And device code phishing, which abuses a legitimate OAuth flow to bypass MFA and passkeys entirely, has surged from a research curiosity to an industrialized PhaaS offering, with more than 18 kits being actively tracked in the wild. As AitM and device code kits converge into single platforms, we’re seeing signs of heavy AI use — as we observed when we got an inside look at Doko’s Panel and derivative kits, used extensively by ShinyHunters and BlackFile.

New webinar: Behind-the-scenes of device code phishing attacks Device code phishing has exploded in 2026, with 18x kits in the wild, and a 37x spike in detections. Get a behind-the-scenes look at criminal kits, and the platforms that are vulnerable to this technique (it’s not just Microsoft). Register Now

Verbose comments in page code are a clear indicator of AI-assisted development.

See our blog post for more examples.

IoC-based detections are increasingly degraded: AI has also collapsed the cost of building convincing phishing infrastructure (which was already on the floor). A convincing-looking phishing page can be vibecoded in minutes, deployed to a fresh domain, successfully claim victims, and rotated out before any reputation service flags it.

... continue reading

Explore topics: ai security browser extensions phishing kits oauth permissions attacker tools
Related:
Anthropic scales Claude Mythos to critical infrastructure in 15+ countries
How Varonis Atlas integrates Claude Compliance API for AI governance
Everyone is navigating AI security in real time — even Google
The Best Browser Extensions to Get More Out of YouTube
This battery-powered security camera kit is so good that I’m canceling my Ring subscription

© 2026 GoKawiil

About | Editorial Policy | Contact