All topics →All writing →All projects →

AI Security

Agent risk, browser agents, prompt injection, and the security edge cases around AI systems.

01 essays · 02 labs

Writing

All writing →

The Agent Has Your Session CookieMay 31, 2026 · 10 min
Browser-resident AI agents inherit the human's authenticated session by design. The threat model that follows is not prompt injection. It's session theft with consent, against an identity stack that assumes the browser is the user. A short note on what DPoP, CAEP, and the still-unfinished sender-constraint story actually fix.

Labs & Projects

All projects →

Topics →All writing →All projects →

AI Security — Topics — Marwan Diallo