Eviltokens: A Conversation with Huntress on an AI‑Enabled Device Code Phishing Campaign

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo joins researchers from Huntress to break down the rise of EvilTokens, an AI-powered phishing-as-a-service platform designed to bypass MFA and automate credential theft at scale. Together, they explore how attackers are leveraging legitimate authentication flows, trusted infrastructure, and AI-generated phishing lures to blend malicious activity into normal enterprise traffic. The conversation also examines how modern phishing operations have evolved into highly professionalized cybercrime ecosystems and what defenders must do to adapt their identity security strategies.   In this episode you’ll learn:       How EvilTokens bypasses MFA using device code phishing  Why AI-powered phishing campaigns are harder to detect  What makes modern phishing kits highly scalable and automated  Some questions we ask:      What role does trusted infrastructure play in these attacks?  Why are traditional phishing defenses struggling against these tactics?  How are modern phishing kits becoming more professionalized?  Resources:   Watch the LinkedIn live recording  Read Huntress’ related research  View Lindsay O’Donnell-Welch on LinkedIn  View Jamie Levy on LinkedIn  View Sherrod DeGrippo on LinkedIn   Related Microsoft Podcasts:                    Security Insider Conversations  The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.