Definition
A technique that exploits how browsers and software clients resolve web addresses to trick an AI agent or web application into connecting to an attacker's server while believing it is communicating with a trusted local service. The attacker first gets the agent to visit a page on their domain, then rapidly changes the IP address that domain points to — from the attacker's server to the target's local address — causing the agent to relay requests on the attacker's behalf. In agentic AI trading and other sensitive platforms, this can allow an unauthenticated remote attacker to bypass authentication entirely.
Why it matters
AI agents that interact with local services or APIs are vulnerable to DNS rebinding even when those services are not exposed to the public internet, meaning network perimeter defences alone do not protect against this class of attack.