AI automates Entra ID tenant destruction

A Netwrix blog post published on May 21 showed how AI-assisted browser automation could be used to drive destructive actions inside a Microsoft Entra ID tenant through Microsoft Graph Explorer, provided the signed-in account already had privileged access. The post described a lab scenario in which browser-based AI tooling, Chrome developer tools and JavaScript were used to automate administrative actions that would otherwise be carried out manually. Netwrix said the demonstration was run in a test tenant and warned readers not to reproduce it in production. The demonstration matters because it did not hinge on a new Microsoft vulnerability. Netwrix framed the issue as the speed and scale that AI-assisted browser control can bring once an attacker has already obtained a privileged session. In the company’s description, the browser became a control surface for Microsoft Graph requests that can disable access, remove identities and support wider destructive activity across a tenant. (netwrix.com) ### What exactly did the blog say was being automated? Netwrix said Microsoft Graph Explorer, a browser tool for sending Graph API requests, could be turned into a destructive administration interface when paired with an AI browser agent and browser-side scripting. The company wrote that the workflow used “Claude for Chrome,” Chrome developer tools and JavaScript to automate Graph Explorer actions against Entra ID. (netwrix.com) The post described the outcome as “ransomware for the cloud,” according to the article summary surfaced in search results. Netwrix said the actor in its scenario had already gained Global Administrator privileges, elevated access to Azure subscriptions and then deleted cloud data and backup resources before making a ransom demand. ### Was this a new flaw in Entra ID or Microsoft Graph? (netwrix.com) Microsoft’s public documentation shows that Graph and Entra already expose administrative functions for deleting users, revoking access and bulk user removal, subject to the permissions and roles attached to the account making the request. Microsoft’s Graph API documentation says deleting a user through the API returns “204 No Content,” while Entra documentation separately describes bulk deletion of users through the admin system. (netwrix.com) That makes the Netwrix post a demonstration of abuse of legitimate administrative capability rather than evidence, on its face, of a newly disclosed product defect. Netwrix’s own write-up said the attack path assumed a signed-in account with the “required permissions.” ### Why compare it to ransomware? Microsoft said in an August 2025 threat-intelligence post that Storm-0501 had shifted toward “cloud-based ransomware” tactics, using cloud-native actions to exfiltrate data, destroy data and backups, and demand ransom without relying on traditional malware deployment. (learn.microsoft.com) Netwrix’s wording tracks that broader industry concern: tenant-wide disruption can be created through identity and cloud control planes, not only through file encryption on endpoints. (netwrix.com) Security reporting in 2025 also described attacks in which threat actors used stolen Entra credentials and cloud permissions to wipe Azure resources and pressure victims for payment. Those reports similarly emphasized account compromise and privilege abuse over custom malware. ### What does this suggest about the attack path? The Netwrix scenario suggests the bottleneck is no longer only whether destructive cloud actions are possible, but how quickly they can be chained once a privileged operator or attacker is in the browser. (microsoft.com) The company said AI assistance plus JavaScript automation could execute workflows inside Graph Explorer that a human administrator would otherwise click through manually. (thehackernews.com) Microsoft’s documentation shows those actions are already scriptable through Graph APIs and PowerShell, including user deletion and restoration windows. The added element in the Netwrix post was the use of consumer-facing browser AI tooling to operate the interface and generate or run the needed browser-side code. ### Where can readers verify the underlying materials? (netwrix.com) The Netwrix post is available on the company’s site under the headline “Automating Entra ID Tenant Destruction with AI,” and the social post linking to it was published on X on May 22 under post ID 2057758611917426753, according to the source briefing. Microsoft’s related reference material is on Microsoft Learn, including pages for deleting users through Microsoft Graph, revoking user access in Entra ID and bulk user deletion. (learn.microsoft.com) (netwrix.com)