Microsoft details an AI-enabled device code phishing campaign against organizational accounts
Original: Inside an AI‑enabled device code phishing campaign View original →
Microsoft Defender Security Research on April 6, 2026 disclosed a widespread phishing campaign that abuses the OAuth device code authentication flow to compromise organizational accounts at scale. Microsoft says the campaign stands out from earlier device code attacks because it uses AI-driven infrastructure and automation end to end, which increases the odds that victims complete the flow before the short-lived code expires.
In the Microsoft description, the attack begins with reconnaissance and convincing lures such as document access, e-signing, or voicemail prompts. When a target clicks, a malicious page generates a live device code in real time, redirects the victim to the legitimate microsoft.com/devicelogin page, and sometimes copies the code to the victim’s clipboard to reduce friction. Once the user completes the flow, the attacker receives a live access token without stealing the password directly, because the legitimate device code flow has been misused.
- Dynamic device code generation starts the 15-minute window only after the victim clicks.
- Short-lived backend nodes on services such as Railway.com help the campaign scale and avoid simple pattern detection.
- Microsoft links the activity to the rise of EvilTokens, a phishing-as-a-service toolkit tied to device code abuse.
The research matters because it shows how attackers are layering automation on top of trusted cloud workflows rather than simply cloning log-in pages. The phishing page, token polling infrastructure, clipboard tricks, and post-authentication actions work together as a coordinated system. That raises the bar for defenders, since blocking a malicious domain alone is no longer enough when the final sign-in happens on a real Microsoft URL.
Microsoft’s mitigation guidance is practical: block device code flow wherever possible, restrict it with Conditional Access where it is needed, train users to verify what application they are authorizing, and revoke refresh tokens quickly when abuse is suspected. For enterprises, the report is a reminder that identity workflows built for convenience can become high-value attack surfaces once automation makes them scalable.
Related Articles
Microsoft Threat Intelligence said on March 6, 2026 that attackers are now using AI throughout the cyberattack lifecycle, from research and phishing to malware debugging and post-compromise triage. The report argues that AI is not yet running fully autonomous intrusions at scale, but it is already improving attacker speed, scale, and persistence.
GitHub code scanning can now show AI-powered security detections directly on pull requests. The preview extends coverage beyond languages and frameworks supported by CodeQL, while requiring GitHub Code Security, a Copilot license, and AI credits.
Dependabot will now wait until a new package release has been on its registry for at least three days before opening a version-update pull request. Security updates still open immediately, and teams can tune or opt out through cooldown configuration.