Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb) 2026 Program

Phishing and scams continue to dominate the Web threat landscape. As attackers adopt AI to automate their operations, we are seeing an increasingly diverse range of lures and evasion techniques on phishing web pages. To counter this, security solutions have to deploy AI-ready defenses designed to detect social engineering content and overcome advanced cloaking.

Drawing on nearly a decade of industry experience, this keynote explores the AI-driven evolution of phishing. We will investigate novel attacks developed in our research that demonstrate how Generative AI can obfuscate malicious code and how LLMs can assemble phishing pages in real-time. Because these "runtime assembly" methods can evade traditional network filters, the browser serves as a critical vantage point for detection. We will conclude by discussing a twofold defense strategy: building robust AI-powered detectors and leveraging the browser as a definitive vantage point for protection against patient-zero phishing threats.

Speaker's Biography: Oleksii Starov, Ph.D., is a Security Scientist and the Senior Research Manager for Web Security at Palo Alto Networks. He focuses on protecting users against evolving online threats by developing proactive, data-driven network and browser security solutions. Prior to joining Palo Alto Networks in 2018, Oleksii was a member of the PragSec Lab at Stony Brook University, conducting research in web security and privacy. An active contributor to the academic community, he has published and co-authored over 20 papers and serves on the program committees of top-tier security conferences. Since 2020, Oleksii has supported the MADWeb workshop and currently serves on its steering committee. Oleksii frequently shares his research through the Palo Alto Networks Unit 42 blogs and co-hosts the No Name Podcast, a leading cybersecurity podcast in Ukraine.

Modern browsers are massive, notoriously complex systems. We use them for everything. Unfortunately, they're also largely written in C and C++, and thus as useful to attackers as they are to us. Indeed, few systems are as widely exploited in the wild—to target everyone from ethnic groups to journalists and activists—as browsers. In this talk I'm going to give you an overview of our efforts using programming language techniques—from information flow type systems, to WebAssembly-based sandboxing, and automated verification—to shift the design and implementation of Firefox towards a more secure browser.

Speaker's Biography: Deian is an Associate Professor of Computer Science and Engineering at UC San Diego, where he co-leads the Security and Programming Systems groups. His research lies at the intersection of security and programming languages; he is particularly interested in building secure systems that are deployed in production. He is a co-founder of Cubist, a security and infrastructure digital assets platform, and a board director of the Bytecode Alliance. Previously he was a co-founder of Intrinsic, a runtime security startup acquired by VMware in 2019.