Microsoft described a widespread device code phishing campaign that uses AI-driven automation to compromise organizational accounts at scale. The attack abuses legitimate OAuth device code flows, dynamic code generation, and backend polling infrastructure.
Microsoft Threat Intelligence said on March 6, 2026 that attackers are now using AI throughout the cyberattack lifecycle, from research and phishing to malware debugging and post-compromise triage. The report argues that AI is not yet running fully autonomous intrusions at scale, but it is already improving attacker speed, scale, and persistence.