.jpg)
Push Security, the most powerful AI-native security tool in the browser, today announced a major evolution of its platform, introducing an AI-native, agentic approach to threat hunting and detection engineering within its Secure Enterprise Browser extension. This new capability positions Push at the forefront of the emerging Secure Enterprise Browser (SEB) category, delivering faster, more accurate detection of modern browser-based attacks.
Push launches AI-native agentic threat hunting for secure enterprise browser focusing on attacker TTPs rather than IOCs.
55% of organizations report a successful or suspected browser-based attack in last 12 months; 88% say browser security is among top five priorities.
Inner loop: real-time detection for known TTPs (98% of detections); Outer loop: AI agents hunt new threats and create detections (2% of new TTPs).
Push tripled cumulative detections for new TTPs in emerging attacks like device code phishing, AitM phishing, and ClickFix variants.
Platform avoids training custom models on customer data; collects browser metadata locally.
Backed by Decibel, GV (Google Ventures), Redpoint Ventures, Datadog Ventures, and B3 Capital.
As attackers increasingly leverage AI to automate and mutate campaigns, traditional detection methods based on indicators of compromise (IOCs), such as domains, URLs, and IP addresses, are rapidly losing effectiveness. Push's agentic approach instead focuses on identifying attacker techniques, tactics, and procedures (TTPs), which are significantly harder to evade.
“AI is only as good as the context it has,” said Jacques Louw, chief research officer of Push Security. “We have spent years watching browser attacks evolve, hunting for new techniques before they're seen in the wild, and have built a platform that can scale that expertise across millions of browsers and billions of events per day. We are not just processing more data, we are isolating signals that really matter and finding new kits and techniques before they impact our customers.”
Push's agentic system operates through two continuous loops:
Inner loop: Real-time detection and response for known attacker techniques, delivered through prebuilt, configurable controls that block established TTPs, accounting for 98% of detections.
Outer loop: A continuous learning system where agents hunt for new threats in browser telemetry, analyze emerging behaviors, and create new detections, capturing the remaining 2% of completely new TTPs – constantly improving the inner loop.
Using this approach, Push can deliver real-time blocking protection against new (often AI-generated) tools and attacker infrastructure that uses existing attack techniques, and also discover and deploy detections for emerging techniques in minutes rather than days. Already this year, Push has tripled the cumulative number of detections for new TTPs in emerging browser-based attacks like device code phishing, AitM phishing, and ClickFix variants.
Push's philosophy is grounded in a simple principle: detecting meaningful attacker behavior matters more than chasing ephemeral indicators linked to a single campaign. By focusing on TTPs at the top of the “Pyramid of Pain,” Push avoids the noise and redundancy of IOC-based approaches that still define the industry standard.
“While customers can add custom detections that include IOCs like domain names or URL patterns, the core platform does not have any concept of 'known-bad domains,' we take the Pyramid of Pain seriously,” said Louw. “Attackers can rotate indicators endlessly, even more so with AI, but they can't easily change how their attacks fundamentally work. That's where we focus detection.”
“Enterprise security teams are quickly coming to understand the critical gaps that exist in their defenses when it comes to browser-based threats,” said John Grady, principal analyst, cybersecurity at Omdia. “Attackers know many organizations are unprepared and target their campaigns accordingly. To close this gap, security teams need AI-driven threat detection that actually works and can defend against today's advanced browser-based attacks.”
“When we started Push, identity attacks in the browser were the primary source of attacks, and they still are,” said Adam Bateman, CEO of Push Security. “What's changed is that AI has given attackers the ability to operate at a speed and scale that traditional security tools cannot match. That's exactly why we have built an AI-native platform from the ground up.”
New AI-native agentic threat hunting capabilities are available now to Push customers. For more information, check out today's Push blog post.
Push Security is the secure enterprise browser extension for security teams. Founded by red team and blue team experts, Push combines high-fidelity browser telemetry, real-time control, and autonomous agents to stop advanced attacks, secure AI usage, harden identities, and prevent data loss — all from your users' existing browsers, no migration required. Push is backed by Decibel, GV (Google Ventures), Redpoint Ventures, Datadog Ventures, B3 Capital and other notable angel investors.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.