When a system trusts the presence of a credential instead of verifying the intent behind it, authentication becomes indistinguishable from authorization.
A trusted intermediary (browser) is tricked into making authenticated requests on behalf of an attacker
If a system performs a state-changing action because a credential is present — without verifying that the specific request was intentionally initiated by the credential holder — the system trusts authority, not intent.
Every authentication mechanism that attaches credentials automatically recreates this pattern. Cookies gave way to bearer tokens, tokens to API keys, keys to ambient cloud IAM roles. The carrier changes. The assumption does not.
CSRF tricks a browser into acting with ambient authority. AI agents act with delegated authority. Both execute actions the user did not intend
XSS can deliver CSRF attacks — boundary collapse in the browser enables ambient authority exploitation
Weak session management makes CSRF more exploitable — if sessions are predictable, forged requests gain authenticated context
Year
2001–2015
Context
Browsers attach cookies automatically. When you visit bank.com, the browser sends your session cookie with every request — GET, POST, form submission, image load. The server sees a valid cookie and trusts the request. It has no way to know whether the request came from the user clicking a button on bank.com or from a hidden form on evil.com. The browser is the confused deputy — it follows instructions from any website but authenticates only to one.
Who Built This
The browser vendors who implemented automatic cookie attachment. The web developers who assumed "valid session cookie = legitimate user action." Nobody designed CSRF as a vulnerability — it emerged from the interaction between ambient cookie authentication and cross-origin requests.
Threat Model at Time
Authentication = session cookie. If the cookie is present, the user authorized the action. Nobody modeled "what if the request with a valid cookie comes from a page the user didn't intend to interact with?"
Why It Made Sense
Cookies were the authentication mechanism. Attaching them automatically was the entire point — the user shouldn't re-authenticate on every request. The convenience that made sessions work also made CSRF possible.
This pattern has been found in applications built by talented developers at respected organizations across every decade of software history. Its presence in a codebase is not a reflection of the developer who wrote it — it is a reflection of what that developer was taught, what tools they had, and the path that was easiest given what they were taught. The goal is not to find fault. The goal is to find the pattern — before it finds you.
Katie's Law: The developers were not wrong. The shortcut was not wrong. The context changed and the shortcut didn't.