Excellent deep dive into OAuth redirect_uri exploitation. As someone working at the intersection of cybersecurity and AI, this kind of research is critical.
The attack chain you described highlights why security can't be an afterthought — especially when we're building AI agents that interact with web applications programmatically.
At ANVE.AI, we built AnveVoice — a voice AI that takes real DOM actions on websites (clicks buttons, fills forms, navigates pages). Security architecture was priority #1 because the agent is literally interacting with authenticated sessions.
Our approach: 46 scoped MCP tools via JSON-RPC 2.0, each with strict capability boundaries. The agent can't access OAuth tokens, cookies, or auth flows — it only interacts with visible DOM elements. Sub-700ms latency, WCAG 2.1 AA compliant, MIT-0 licensed.
Great work on the writeup. This is the kind of research that makes the whole ecosystem safer.