AI MFA bypasses rise

A lot of “multi-factor authentication bypass” no longer looks like malware at all. In Microsoft’s April 6, 2026 write-up, the attackers’ trick was to get a victim to approve a real sign-in flow, then let automated systems harvest the resulting access without planting software on the laptop. (microsoft.com) Multi-factor authentication is the extra lock after your password, like a bank asking for both your card and a texted code. It blocks most password-only break-ins, but it does not help if the attacker can talk you into completing a legitimate login on their behalf. (techcommunity.microsoft.com) One route uses something called the device code flow. That flow was built for devices like smart televisions that cannot type a full password easily, so the screen shows a short code and asks you to finish sign-in on a second device. (microsoft.com) In Microsoft’s February 13, 2025 report, a group it calls Storm-2372 sent fake meeting invites over Signal, WhatsApp, and Microsoft Teams, then told targets to enter a device code on a legitimate Microsoft page. When the victim typed that code, Microsoft said the attackers captured the authentication tokens that came back from the real login. (microsoft.com) An authentication token is the digital wristband a website gives you after you pass the checkpoint. If an attacker gets that wristband, they often do not need your password again and may not need your one-time code either. (techcommunity.microsoft.com) The newer shift is speed and scale. Microsoft said the April 2026 campaign used artificial intelligence and automation to generate live device codes on demand and to spin up thousands of short-lived polling nodes, which are little cloud workers that keep checking whether the victim has finished signing in. (microsoft.com) That changes the economics of phishing. Older scams often relied on a human operator sitting there at the right second; the newer setup lets software handle the timing, the infrastructure, and the follow-up, which raises the odds that a stolen session is still fresh when the attacker uses it. (microsoft.com) A second route is called adversary-in-the-middle phishing, which works like a fake cashier standing between you and the real store. Microsoft says kits such as Tycoon2FA relay the victim’s login to the real service in real time, then steal the session material that comes back after the multi-factor authentication check. (microsoft.com) Microsoft’s March 4, 2026 post said Tycoon2FA was marketed as a phishing kit service and was used across education, healthcare, finance, nonprofit, and government targets. The company said that kind of kit lowers the skill needed to run account-takeover campaigns at scale because the operator rents the machinery instead of building it. (microsoft.com) Leaked passwords from old breaches make both methods stronger. Cloudflare said in a 2024 analysis that nearly half of observed login attempts across sites it protects involved leaked credentials, and Okta said attackers were hitting customer sign-in endpoints with credential stuffing, which means trying huge lists of reused usernames and passwords from earlier breaches. (blog.cloudflare.com) (sec.okta.com) So the pattern behind the recent reports is not “artificial intelligence magically cracks multi-factor authentication.” It is that stolen passwords, realistic phishing lures, legitimate sign-in flows, and automated token capture now fit together cleanly enough that high-value account takeovers can happen with much less visible malware than defenders used to expect. (microsoft.com 1) (microsoft.com 2)