Eviltokens: A Conversation with Huntress on an AI‑Enabled Device Code Phishing Campaign

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo joins researchers from Huntress to break down the rise of EvilTokens, an AI-powered phishing-as-a-service platform designed to bypass MFA and automate credential theft at scale. Together, they explore how attackers are leveraging legitimate authentication flows, trusted infrastructure, and AI-generated phishing lures to blend malicious activity into normal enterprise traffic. The conversation also examines how modern phishing operations have evolved into highly professionalized cybercrime ecosystems and what defenders must do to adapt their identity security strategies.  

In this episode you’ll learn:      

• How EvilTokens bypasses MFA using device code phishing 

• Why AI-powered phishing campaigns are harder to detect 

• What makes modern phishing kits highly scalable and automated 

Some questions we ask:     

• What role does trusted infrastructure play in these attacks? 

• Why are traditional phishing defenses struggling against these tactics? 

• How are modern phishing kits becoming more professionalized? 

Resources:  

• Watch the LinkedIn live recording 

• Read Huntress’ related research 

• View Lindsay O’Donnell-Welch on LinkedIn 

• View Jamie Levy on LinkedIn 

• View Sherrod DeGrippo on LinkedIn  

Related Microsoft Podcasts:                   

• Security Insider Conversations 

• The BlueHat Podcast 

• Uncovering Hidden Risks     

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.