Double agents How adversaries can abuse “agent mode” in comm...

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL: https://redcanary.com/blog/threat-detection/ai-agent-mode/
• Blog Title: Double agents: How adversaries can abuse “agent mode” in commercial AI products
• Suggested Section: generic-methodologies-and-resources/phishing-methodology/ai-agent-mode-phishing-abusing-hosted-agent-browsers.md

🎯 Content Summary

This post documents a technique-level abuse of commercial AI “agent mode” assistants—demonstrated with ChatGPT agent mode—to phish credentials from within the agent’s cloud-hosted browser. No CVEs are involved; the risk stems from agentic browsing and a user handoff (“Take over Browser”) that shifts credential entry to the human.

How agent mode works (relevant internals):
• The assistant launches an isolated, virtualized browser inside the chat UI and follows natural-lan...

🔧 Technical Details

AI‑in‑the‑Middle via hosted agent browser: Use a shared prompt to rebrand an attacker domain as the “official portal,” instruct the agent to navigate there, and rely on the agent’s credential guardrails to trigger a Take over Browser handoff. The victim then enters credentials into the phishing site inside the agent’s cloud browser. Host the site on custom infrastructure with valid TLS to avoid basic heuristics. Detect by correlating identity anomalies with hosted‑browser fingerprints (Cloudflare egress + stable UA).

🤖 Agent Actions

I analyzed the Red Canary post and the HackTricks repository and found no existing coverage of abusing AI “agent mode” hosted browsers for phishing. This is a technique-level item (no CVE) that fits under Phishing Methodology. I created a dedicated page and linked it from the Phishing Methodology index.

What I did:

• Created a new page:

  • Path: src/generic-methodologies-and-resources/phishing-methodology/ai-agent-mode-phishing-abusing-hosted-agent-browsers.md
  • Content:
    • Describes how agent mode hosted browsers work and how the Take over Browser handoff enables policy-compliant credential phishing (AI-in-the-Middle).
    • Provides a repro-ready shared prompt PoC.
    • Details execution flow, infrastructure traits (cloud egress, stable UA fingerprint; example UA), and why detection is difficult (off-endpoint/off-network).
    • Adds concrete Detection & Hunting guidance with example KQL and Splunk searches, and mitigation strategies (restrict agent mode; identity-centric controls; governance/visibility; detections).
    • Operator tips and related techniques sections.
    • References section with the Red Canary blog link and OpenAI product page.
    • Proper HackTricks banners included.

• Linked it from Phishing Methodology README:

  • File modified: src/generic-methodologies-and-resources/phishing-methodology/README.md
  • Inserted a “See also – agentic browsing abuse for credential phishing” reference under “AI-Enhanced Phishing Operations” with a proper internal ref to the new page.

Notes:

• I reviewed ≥5 files to confirm structure/style and ensure no duplication:
  • phishing-methodology/README.md, clipboard-hijacking.md, detecting-phising.md, homograph-attacks.md, phishing-documents.md, AI/AI-Prompts.md.
• The new content focuses on technique abstraction: agentic browsing, shared prompts, hosted browser handoff, detection from identity telemetry and hosted-browser fingerprints.
• References are added at the end of the new page as required.

---

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

🗑️ File Cleanup

• searchindex.js removed: This auto-generated file has been removed to prevent conflicts.

[carlospolop]

🔗 Additional Context

Original Blog Post: https://redcanary.com/blog/threat-detection/ai-agent-mode/

Content Categories: Based on the analysis, this content was categorized under "generic-methodologies-and-resources/phishing-methodology/ai-agent-mode-phishing-abusing-hosted-agent-browsers.md".

Repository Maintenance:

• MD Files Formatting: 877 files processed

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0

[carlospolop]

merge