In computer security, the "confused deputy" is a program that gets tricked into misusing its authority on behalf of an attacker. Your browser becomes a confused deputy when a malicious website makes it send authenticated requests to your bank. The deputy has legitimate access. The attacker doesn't. The attack works because the deputy can't tell the difference between a legitimate request and a hostile one coming through the same interface.