
Eviltokens: A Conversation with Huntress on an AI‑Enabled Device Code Phishing Campaign
From Microsoft Threat Intelligence Podcast by Microsoft
May 20, 2026 · 42 min · Season 3 · Episode 69
About this episode
The episode discusses the rise of EvilTokens, an AI-powered phishing platform that bypasses MFA and automates credential theft.
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo joins researchers from Huntress to break down the rise of EvilTokens, an AI-powered phishing-as-a-service platform designed to bypass MFA and automate credential theft at scale. Together, they explore how attackers are leveraging legitimate authentication flows, trusted infrastructure, and AI-generated phishing lures to blend malicious activity into normal enterprise traffic. The conversation also examines how modern phishing operations have evolved into highly professionalized cybercrime ecosystems and what defenders must do to adapt their identity security strategies. In this episode you’ll learn: How EvilTokens bypasses MFA using device code phishing Why AI-powered phishing campaigns are harder to detect What makes modern phishing kits highly scalable and automated Some questions we ask: What role does trusted infrastructure play in these attacks? Why are traditional phishing defenses struggling against these tactics? How are modern phishing kits becoming more professionalized? Resources: Watch the LinkedIn live recording Read Huntress’ related research View Lindsay O’Donnell-Welch on…
People in this episode
Host: Sherrod DeGrippo
Guest: Huntress
Topics covered
- AI-powered phishing
- credential theft
- MFA bypass
- cybercrime ecosystems
- identity security strategies
Keywords
- EvilTokens
- phishing-as-a-service
- MFA
- credential theft
- cybersecurity
- AI-generated phishing
- enterprise traffic
More episodes of Microsoft Threat Intelligence Podcast
- Supply Chain Attacks: Open Source or Open Door? · June 3, 2026 · 39 min
- Russia’s Forest Blizzard Is Abusing Home + Small Office Routers for Cred Theft · May 6, 2026 · 52 min
- The Cybercrime Shift: From Opportunistic Attacks to Marketplace-Driven Ecosystem · April 22, 2026 · 40 min
- Ransomware: From Isolated Attacks to Global Criminal Ecosystem · April 8, 2026 · 48 min
- Winter SHIELD: Closing the Security Control Gap · March 25, 2026 · 37 min
- AI as Tradecraft: How Threat Actors Are Operationalizing AI · March 11, 2026 · 22 min
Explore listener stats, chart rankings, contacts and more on the Microsoft Threat Intelligence Podcast podcast page.