Eviltokens: A Conversation with Huntress on an AI‑Enabled Device Code Phishing Campaign

This Microsoft Threat Intelligence Podcast episode examines EvilTokens, an AI-driven phishing-as-a-service that uses device code phishing to bypass multi-factor authentication and automate large-scale credential theft, highlighting how attackers leverage trusted infrastructure and AI-generated lures to blend into normal enterprise traffic and evade traditional defenses.