Fake AI-debug token-paste prompt lure — "Paste your OAuth token / API key / session cookie / Gmail app password / refresh token into the AI debugger" + link to common AI-demo host (*.replit.app / *.vercel.app / *.streamlit.app / *.huggingface.space / *.modal.run / *.glitch.me / *.netlify.app / *.repl.co). Net-new attacker channel circa 2025-26 — democratisation of Streamlit / HF Space / Replit lookalike-tooling means attackers can stand up a credible "AI debugger" UI in minutes, harvesting OAuth tokens / API keys / session cookies for full account-takeover. Token-exfil + agent-context cluster. Overlaps R6 OAuth-consent funnel but distinct: target is paste-into-textbox, not OAuth-flow. Highest +6 trash given catastrophic blast-radius (an exfiltrated OAuth token gives the attacker the same Gmail-API + Drive-API access the user has). Source: Red-Team R9 multi-agent council S5 (LLM-jailbroken-support specialist), agent-context cluster.

Fake AI-debug token-paste prompt lure targeting users of OAuth-integrated services, API-driven SaaS tools, and developers + technical operations staff. The phish narrative arrives as: "Having trouble with your Gmail OAuth integration? Paste your OAuth token into our AI debugger to diagnose the issue. Visit our Replit space below," or "Our AI helper can validate your OpenAI API key and Anthropic API key in seconds. Just paste your API key into the AI tool below to verify it works," or "Our AI agent can diagnose your authentication issue. Paste your session cookie into the AI debugger and we will identify the problem." Net-new attacker channel circa 2025-26: democratisation of Streamlit / HF Space / Replit / Vercel / Modal / Glitch lookalike-tooling means attackers can stand up a credible "AI debugger" UI in minutes, with the AI-vendor branding (ChatGPT-like / Claude-like / Copilot-like response cards) lending the lookalike technical credibility. Lookalike `*.replit.app` / `*.vercel.app` / `*.streamlit.app` / `*.huggingface.space` / `*.modal.run` / `*.glitch.me` / `*.netlify.app` / `*.repl.co` portals harvest OAuth tokens (full Gmail-API / Drive-API / Calendar-API access — same scope as the user has), API keys (OpenAI / Anthropic / Stripe / Twilio / SendGrid — full account-takeover), session cookies (browser-session hijack with same identity), refresh tokens (long-lived persistence even after the user revokes the active session), and Gmail app passwords (2FA-bypass to the Gmail account). Catastrophic blast-radius (an exfiltrated OAuth token gives the attacker the same Gmail-API + Drive-API + Calendar-API access the user has, indefinitely until revoked). Token-exfil + agent-context cluster. Overlaps R6 OAuth-consent funnel but distinct: target is paste-into-textbox, not OAuth-flow. No legitimate OAuth-integrated service ever asks a user to paste a token / API key / session cookie / refresh token into a third-party tool — debugging is always done via the vendor's own debug console (e.g. Google's OAuth Playground at developers.google.com/oauthplayground, OpenAI's playground at platform.openai.com/playground). Fires when body contains paste / enter / input / share / submit / provide / copy within ~40 chars of OAuth token / API key / session cookie / Gmail app password / refresh token / access token / bearer token / auth token AND AI debugger / AI helper / AI tool / AI assistant / AI agent / AI diagnose-diagnoser-diagnostic-diagnosis / AI analyze / debug with-using AI / AI-powered debug-valid-check context AND http(s):// link to *.replit.app / *.repl.co / *.vercel.app / *.streamlit.app / *.streamlit.io / *.huggingface.space / *.hf.space / *.modal.run / *.glitch.me / *.netlify.app host. Auto-classified as danger via the `-lure` suffix. Source: Red-Team R9 multi-agent council S5 (LLM-jailbroken-support specialist), agent-context cluster.