In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo joins researchers from Huntress to break down the rise of EvilTokens, an AI-powered phishing-as-a-service platform designed to bypass MFA and automate credential theft at scale. Together, they explore how attackers are leveraging legitimate authentication flows, trusted infrastructure, and AI-generated phishing lures to blend malicious activity into normal enterprise traffic. The conversation also examines how modern phishing operations have evolved into highly professionalized cybercrime ecosystems and what defenders must do to adapt their identity security strategies.  

In this episode you’ll learn:      

How EvilTokens bypasses MFA using device code phishing 

Why AI-powered phishing campaigns are harder to detect 

What makes modern phishing kits highly scalable and automated 

Some questions we ask:     

What role does trusted infrastructure play in these attacks? 

Why are traditional phishing defenses struggling against these tactics? 

How are modern phishing kits becoming more professionalized? 

Resources:  

Watch the LinkedIn live recording 

Read Huntress’ related research 

View Lindsay O’Donnell-Welch on LinkedIn 

View Jamie Levy on LinkedIn 

View Sherrod DeGrippo on LinkedIn  

Related Microsoft Podcasts:                   

Security Insider Conversations 

The BlueHat Podcast 

Uncovering Hidden Risks     

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.