Adversary-in-the-Middle (AitM) phishing attacks are increasingly using advanced phishing toolkits to bypass traditional security measures like Multi-Factor Authentication (MFA) and Endpoint Detection and Response (EDR). These attacks work by placing a proxy between the user and a legitimate application, allowing attackers to steal live sessions and gain access to user accounts. By mimicking legitimate login pages, these toolkits can deceive users into entering their credentials, making the attacks difficult to detect and block. To effectively combat these threats, organizations need to implement browser-based security controls that can detect and stop identity attacks at the point of impact, similar to how EDR protects endpoints.