The Agent Has Your Session Cookie · 10 min
Browser-resident AI agents inherit the human's authenticated session by design. The threat model that follows is not prompt injection. It's session theft with consent, against an identity stack that assumes the browser is the user. A short note on what DPoP, CAEP, and the still-unfinished sender-constraint story actually fix.