Skip to content

Hit enter to search or ESC to close

How AI Is Helping Attackers Bypass MFA

For years, the advice to clients was simple: turn on multi-factor authentication and most account takeover risk goes away. That advice is no longer complete. Adversary-in-the-middle (AiTM) and device-code phishing attacks do not try to steal a password. They steal a live, already authenticated session, which means MFA has already done its job, and the attacker walks straight past it anyway.

Generative AI has accelerated this category of attack by making the lures more convincing and the targeting faster and cheaper to run at scale. This article explains how these attacks work, what role AI plays in scaling them, and what MSPs should change in client tenants now.

Why "We Have MFA" Is No Longer Enough

Multi-factor authentication is still valuable, but it was designed to stop attackers who only have a stolen password. AiTM and device-code phishing attacks do not need a password at all. They intercept or trick a user into handing over an active session, which already carries the authentication the attacker needs. This is why phishing-resistant MFA matters more than MFA in general terms. Traditional one-time codes and push approvals can still be relayed through an AiTM proxy because the user is genuinely completing the login, just through an attacker-controlled relay.

Phishing-resistant methods like FIDO2 and passkeys are designed to prevent this kind of relay attack because the cryptographic key never leaves the user's device. MSPs should treat "we have MFA" as a starting point in client conversations, not an endpoint. The real question is which kind of MFA is deployed, and whether it would actually stop a session-relay attack.

How Device-Code and AiTM Phishing Steal a Session, Not a Password

'Adversary-in-the-Middle (AiTM) phishing' works by placing a malicious proxy between the user and the legitimate Microsoft sign-in page. The user enters their credentials and completes MFA as normal, unaware that the proxy is intercepting the session token. Once captured, the attacker can use that token to access the account without needing to authenticate again.

'Device-code phishing' abuses a legitimate Microsoft authentication process designed for devices without a web browser. Attackers trick users into entering an attacker-generated device code on a genuine Microsoft sign-in page, unknowingly authorizing the attacker's device instead of their own. Both attack techniques are designed to achieve the same outcome: stealing an authenticated session rather than a password.

For MSPs, the key takeaway is that these attacks:

  • Don't rely on stealing passwords.
  • Bypass traditional MFA by capturing or replaying an authenticated session.
  • Exploit legitimate Microsoft authentication workflows.
  • Require additional protections beyond password security and standard MFA.
     

The Reality of Email Threats

90%

of cyber attacks start with email

1 in 3

users click malicious links in phishing emails

80%

phishing causes over 80% of reported security incidents

94%

of malware is delivered via email

The Role of AI in Scaling These Attacks (Lures, Targeting, Speed)

AiTM and device-code phishing are not new techniques in themselves. What has changed is how easily they can now be scaled. Generative AI lets attackers write convincing, personalized lure emails at speed, in the victim's own language and tone, with none of the grammar or phrasing issues that once gave phishing away. AI also speeds up targeting. Attackers can quickly research an organization, identify likely high-value accounts, and tailor a device-code or AiTM lure to appear to come from a specific internal team or trusted vendor.

The combination of a convincing lure and a technically sound session-theft method makes this category of attack significantly more dangerous than it was even two years ago. This is consistent with the broader pattern of AI in cyberattacks: the underlying techniques are not new, but AI removes the friction that once limited how many targets an attacker could realistically pursue at once.

Detection and Response: ICES, Conditional Access, Identity Backup

No single control stops AiTM and device-code phishing on its own. A layered approach works because each layer addresses a different part of the attack chain. Integrated Cloud Email Security (ICES) helps by detecting the lure itself, the email that starts the chain, through behavioral and contextual analysis rather than relying on a malicious link or attachment that traditional filters can scan.

Conditional access policies in Microsoft 365 can reduce the blast radius once a session is stolen, for example by restricting sign-ins to known devices or locations. These policies are valuable, but they are also configurable and can be changed, accidentally or maliciously, which is why having a backup of the identity configuration matters. This is where Entra ID backup plays its role in response, not prevention. If an attacker compromises an account and changes roles, permissions, or conditional access policies to maintain access or cover their tracks, having an immutable, off-cloud backup of Entra ID means those changes can be identified and reversed quickly, rather than reconstructed manually under pressure.

What MSPs Should Change in Client Tenants This Quarter

MSPs don't need to wait for a major security transformation to reduce the risk of AI-powered phishing. A few practical changes can significantly strengthen customers' identity protection and provide a clear opportunity to demonstrate the ongoing value of security. Start by helping customers:

  • Review MFA deployments and identify accounts still using SMS or basic push notifications.
  • Prioritize phishing-resistant authentication methods, such as FIDO2 security keys or passkeys, where supported.
  • Layer email protection with a Secure Email Gateway (SEG) and Integrated Cloud Email Security (ICES) to improve the chances of stopping phishing emails before users interact with them.
  • Verify that Entra ID backup is enabled, tested, and ready to restore identity configurations in the event of an account compromise.

These measures also create a valuable opportunity to broaden customer conversations. Rather than treating MFA as a one-time project, position it as one layer of a comprehensive identity security strategy that includes phishing-resistant authentication, layered

AI Phishing FAQs

Yes. AiTM and device-code phishing attacks steal an already-authenticated session rather than a password, so they can bypass traditional MFA methods like SMS codes and push approvals. Phishing-resistant MFA, such as FIDO2 or passkeys, is built specifically to prevent this kind of session theft.

Typical phishing attempts to steal a password directly. AiTM, or adversary-in-the-middle phishing, places a proxy between the victim and the real login page, allowing the victim to complete a genuine login, including MFA. At the same time, the attacker silently captures the resulting session token.

It abuses a legitimate sign-in flow meant for devices without a browser. The attacker tricks a victim into entering attacker-generated code on a legitimate login page, thereby authorizing the attacker's device using the victim's already authenticated session.

If an attacker compromises an account through session theft, they may change roles, permissions, or conditional access policies to maintain access. An immutable backup of Entra ID lets those changes be identified and reversed quickly during recovery.

Ready to get started

Ready to get started