Push Security, the most powerful AI-native security tool in the browser, announced a major evolution of its platform, introducing an AI-native, agentic approach to threat hunting and detection engineering within its Secure Enterprise Browser extension. This new capability positions Push at the forefront of the emerging Secure Enterprise Browser (SEB) category, delivering faster, more accurate detection of modern browser-based attacks.

As attackers increasingly leverage AI to automate and mutate campaigns, traditional detection methods based on indicators of compromise (IOCs), such as domains, URLs, and IP addresses, are rapidly losing effectiveness. Push’s agentic approach instead focuses on identifying attacker techniques, tactics, and procedures (TTPs), which are significantly harder to evade.

“AI is only as good as the context it has,” said Jacques Louw, chief research officer of Push Security. “We have spent years watching browser attacks evolve, hunting for new techniques before they're seen in the wild, and have built a platform that can scale that expertise across millions of browsers and billions of events per day. We are not just processing more data, we are isolating signals that really matter and finding new kits and techniques before they impact our customers.”

From AI hype to operational reality
While many vendors emphasize proprietary AI models, Push has taken a fundamentally different approach, built on infrastructure that operationalizes AI through:

• A widely deployed browser extension that delivers high-fidelity telemetry across millions of browsers, providing the rich context that powers detection.
• A detection pipeline where AI agents, powered by frontier models, are given the right context to analyze suspicious activity, identify new TTPs, and turn them into production-ready detections.
• A continuously evolving internal knowledge base of attacker TTPs and detection logic that is enabling agent-driven hunting exercises.

Push leverages commercial AI models as interchangeable infrastructure. The differentiation isn’t in the model itself, but in how it is applied and the depth of context it is given by Push.

Detection at machine speed with analyst-level fidelity
Push’s agentic system operates through two continuous loops:

• Inner loop: Real-time detection and response for known attacker techniques, delivered through prebuilt, configurable controls that block established TTPs, accounting for 98% of detections.
• Outer loop: A continuous learning system where agents hunt for new threats in browser telemetry, analyze emerging behaviors, and create new detections, capturing the remaining 2% of completely new TTPs – constantly improving the inner loop.

Using this approach, Push can deliver real-time blocking protection against new (often AI-generated) tools and attacker infrastructure that uses existing attack techniques, and also discover and deploy detections for emerging techniques (two recent examples include ConsentFix, InstallFix) in minutes rather than days.

Already this year, Push has tripled the cumulative number of detections for new TTPs in emerging browser-based attacks like device code phishing, AitM phishing, and ClickFix variants, demonstrating the speed and scale of its system.

Fast evolving enterprise security priorities
The need for this approach is reflected in how enterprise security priorities are rapidly shifting. According to new research from Omdia, there is overwhelming concern around emerging threats that use AI for scale and sophistication and target the browser. More importantly, these issues are leading to real-world impacts, with more than half of organizations (55%) reporting a successful or suspected browser-based attack in the last 12 months. As a result, organizations are putting focus and budget behind browser security, with 88% indicating it is among their top five security priorities.

"Enterprise security teams are quickly coming to understand the critical gaps that exist in their defenses when it comes to browser-based threats,” said John Grady, principal analyst, cybersecurity at Omdia. “Attackers know many organizations are unprepared and target their campaigns accordingly. To close this gap, security teams need AI-driven threat detection that actually works and can defend against today’s advanced browser-based attacks.”

Built for signal, not noise
Push’s philosophy is grounded in a simple principle: detecting meaningful attacker behavior matters more than chasing ephemeral indicators linked to a single campaign. By focusing on TTPs at the top of the “Pyramid of Pain,” Push avoids the noise and redundancy of IOC-based approaches that still define the industry standard.

“While customers can add custom detections that include IOCs like domain names or URL patterns, the core platform does not have any concept of ‘known-bad domains,’ we take the Pyramid of Pain seriously,” said Louw. “Attackers can rotate indicators endlessly, even more so with AI, but they can’t easily change how their attacks fundamentally work. That’s where we focus detection.”

Privacy by design
Push’s architecture is designed to protect user privacy while enabling high-quality detection. The platform collects broad browser metadata locally in the browser, avoiding dragnet collection of sensitive data, and only queries relevant metadata signals during active threat hunting investigations.

By focusing on collecting the correct contextual browser metadata, and distilling offensive understanding, Push avoids having to train custom models on customer data.

Threat hunting expertise, delivered as a product
Push’s agentic system automates the work traditionally performed by expert threat hunters. Agents continuously ingest new research, generate and test hypotheses, reduce false positives, and expand detection coverage, delivering enterprise-grade threat hunting as a single, easy-to-deploy solution.

This enables organizations of all sizes, from startups to global enterprises, to access advanced browser threat protection without requiring specialized in-house expertise.

Setting a new standard for browser security
With this launch, Push is defining a new category standard for AI-driven browser security, one that prioritizes real detection outcomes over abstract AI claims.

“When we started Push, identity attacks in the browser were the primary source of attacks, and they still are,” said Adam Bateman, CEO of Push Security. “What’s changed is that AI has given attackers the ability to operate at a speed and scale that traditional security tools cannot match. That’s exactly why we have built an AI-native platform from the ground up.”

As the browser becomes the central interface for work and a primary attack surface, Push’s agentic approach ensures security teams can keep pace with increasingly sophisticated AI-enabled threats.

“Browser security doesn’t need more dashboards or marketing around undefined AI risks; it needs systems that can keep up with how AI is actually used in attacks in the real world,” said Louw. “This is about setting a new baseline: security that continuously learns, adapts, and ships real detections at the pace of the threat, not one that lags days or weeks behind it.”