man in the middle

In the context of cybersecurity and cryptography, "man in the middle" (often abbreviated as MITM) refers to a specific type of cyberattack where a perpetrator secretly intercepts, relays, and potentially alters communications between two parties who believe they are communicating directly with each other. The attacker positions themselves between the sender and the receiver—much like the children's game of the same name—to eavesdrop on data, steal credentials, or manipulate the message content without the legitimate parties realizing the breach has occurred.

The term has become a focal point in discussions regarding inclusive language in technology. Critics of the term argue that using "man" as a default for a malicious actor is unnecessarily gendered and exclusionary, preferring terms that describe the action or the entity (such as "adversary" or "machine") rather than a specific gender. Major organizations, including NIST and various open-source communities, have moved toward gender-neutral alternatives to foster a more inclusive environment. Conversely, some industry professionals argue that the term is a fossilized idiom where "man" represents "human" or "agent," and that replacing a universally recognized industry standard creates confusion, particularly regarding the widely used MITM acronym.

Example:
"The banking app uses certificate pinning to ensure that no man in the middle can intercept the transaction data."

Example:
"During a man in the middle attack, the hacker effectively acts as a proxy, forwarding messages between the victim and the server."