"Security teams are staring at two AI problems at once," Push Security warned — and both are colliding inside the browser.
ClickFix, Doko’s Panel, and the industrialization of device code phishing
Push Security lays out a rapid shift: attackers are using AI to accelerate tooling and distribution. The rapid evolution of ClickFix — and related techniques like InstallFix and ConsentFix — represents one vector. Device code phishing, which abuses legitimate OAuth flows to bypass MFA and passkeys, has moved from research curiosity to an industrialized offering, with more than 18 kits actively tracked in the wild. Push reports a broader surge in 2026, describing an 18x increase in kits and a 37x spike in detections. The company also points to Doko’s Panel and derivative kits as examples used in campaigns attributed to groups such as ShinyHunters and BlackFile.
Why blocklists and IoCs are losing the race (Spamhaus and Push telemetry)
AI has compressed the time it takes to create convincingly malicious pages and rotate them out again. Spamhaus data cited by Push shows 89% of phishing domains are active for fewer than two days. The consequence: organizations that depend on blocklists and known indicators of compromise (IoCs) are frequently reacting to threats that are effectively zero-day at the moment of attack. Push also highlights attackers’ increasing use of legitimate sites and services — including misuse of AI chat sharing functionality, a pattern Push calls LLMShare — to host or deliver malicious links, further degrading the value of domain- and IP-based defenses.
Shadow AI in the enterprise: Verizon DBIR and Push’s telemetry
On the employee side, adoption is outpacing governance. The 2026 Verizon DBIR found that 45% of employees are regular AI users on corporate devices and that 67% of those users operate from non-corporate accounts. Push’s own telemetry details the scale: the average organization has 16 unique AI apps, 17 AI browser extensions, and 17 AI-connected OAuth integrations, most unapproved. Push reports that 38% of file uploads to AI tools are made from personal shadow accounts rather than organizational ones. The risks are concrete: clipboard pastes, unvetted extensions harvesting browsing context, and OAuth grants that create persistent, permissioned access without security-team visibility.
The browser as the observation and enforcement plane
Both attacker innovation and uncontrolled employee AI use converge inside browser sessions, Push argues. Many of the techniques described are browser-native — script execution, page behavior, in-session credential theft, malicious copy-and-paste, or file uploads — and therefore invisible to traditional endpoint tools and network blocklists. The browser can also be the single control point that enforces which AI tools employees can access, ensures they authenticate to corporate tenants rather than personal accounts, and captures the full OAuth consent flow (who approved which scopes for which app). Push stresses that platform-native enterprise AI plans increasingly offer native prompt logging and DLP; the browser is what makes those platform controls practical and auditable.
What this means for technologists, procurement leaders, and end users
- Technologists and security teams: Expect detection to require session-level telemetry — page DOM, web requests, extension installs, OAuth consent details, clipboard and file upload events — rather than only alerts tied to blocklists or binary allow/block models.
- Procurement and compliance leaders: Push’s guidance is to ask vendors whether they capture permitted events (not only policy violations), whether they record full OAuth consent flows, how quickly they detect novel techniques before threat feeds catch up, and what session telemetry is forwarded to the SIEM.
- End users and application owners: Unapproved AI apps, extensions, and shadow accounts create real exfiltration paths; the Vercel breach and prior campaigns against Salesloft Drift and Gainsight are cited as examples where third-party OAuth integrations became corporate entry points.
How Push Security frames a combined approach
Push describes its product as a browser-based threat detection and response platform deployed via a lightweight browser extension. The company says its platform detects emerging browser-based attack techniques (including evolving Fix-style attacks), hunts across customer environments to ship new detections, streams varied telemetry to SIEMs (extension installs, OAuth consents, clipboard pastes, file uploads, credential reuse and more), and enforces controls such as blocking file uploads/downloads and clipboard pastes via regex-based patterns. Push also highlights custom rule support for page DOM elements, web requests, and HTTP headers.
The core contention in Push’s account is simple and consequential: attackers are weaponizing AI to make phishing and fraud ephemeral and multichannel, while employees are adopting AI tools that bypass traditional governance. Both problems play out where users and attackers meet — inside the browser — and, Push argues, that is where defenders must regain visibility and control.




