Credential exfiltration is the unauthorized theft or disclosure of authentication secrets such as passwords, session cookies, API tokens, OAuth codes, or private keys. These secrets are valuable because they let an attacker impersonate a user or service without needing to break encryption or guess a password.
In cyber attacks, exfiltration can happen through phishing, malware, malicious browser extensions, memory scraping, or prompt injection against agentic tools that can access logged-in sessions. The attacker’s goal is usually to move credentials out of a trusted environment and into an account, file, or network location they control. Defenses focus on least privilege, short-lived tokens, hardware-backed authentication, secure secret storage, user confirmation for sensitive actions, and monitoring for unusual access or data transfer. In AI browsers, strict context isolation is especially important so untrusted page content cannot trick the agent into revealing secrets.



