Abstract
This publication discloses fourteen specialized attack detection modules operating within an SDK event observation pipeline at zero incremental infrastructure cost, covering both pre-authentication and post-authentication phases across web, mobile, and AI agent applications. Pre-authentication modules (A5–A10) detect password spraying via cross-account fingerprint correlation, mass registration abuse, AI agent tool-call sequence violations and infinite loops, OAuth redirect hijacking, and SDK configuration tampering. Post-authentication modules (A11–A18) detect MFA fatigue attacks, session fixation, business logic abuse via learned transaction flow graphs, refresh token theft via device fingerprint binding, indirect prompt injection via pre-ingestion content scanning, feedback poisoning, and clock manipulation via dual-clock comparison. All fourteen modules are implemented in DevFortress SDK v4.8.0 and validated across 7 production applications with 26 attack scenarios and 703/703 assertions passed.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Ndungu, Duncan Ndegwa, "Comprehensive Pre/Post-Authentication Attack Detection and Mitigation Framework for Web, Mobile, and AI Agent Applications", Technical Disclosure Commons, (April 24, 2026)
https://www.tdcommons.org/dpubs_series/9906