EvilTokens: Big Cybercrime’s AI Platform Built to Bypass Your MFA

May 5, 2026 | 3pm ET | 12pm PT

In February 2026, a phishing operation called EvilTokens popped up on Telegram with its own storefront and pricing. By mid-March, it had compromised identities at hundreds of organizations across five countries, all without using malware.

Cybercriminals wasted no time putting AI to work. They were early adopters because AI makes phishing more convincing and makes it easier to stand up infrastructure on demand. In this case, the operation abused legit authentication flows and routed victims through trusted services their own security tools were built to trust, making MFA far less protective.

Microsoft and Huntress will break down how attackers are actually using AI. Join two of the best in the business as they examine a watershed moment in cybercrime.

Join the Event

First Name*

Last Name*

Business Email*

Company Name*

What best describes your business*

Please select your country*

Privacy • Terms

By submitting this form, you accept our Terms of Service & Privacy Policy

Sherrod DeGrippo

Sherrod DeGrippo is General Manager of Global Threat Intelligence and host of the Microsoft Threat Intelligence Podcast. She has been recognized as Cybersecurity Woman of the Year (2022) and Cybersecurity PR Spokesperson of the Year (2021).

Before her current role, Sherrod served as Director of Threat Intelligence Strategy at Microsoft. Her background also includes serving as Vice President of Threat Research and Detection at Proofpoint, where she led a global team focused on threat research, malware analysis, and intelligence operations. With more than two decades of cybersecurity experience, she has held senior roles at Nexum, Symantec, Secureworks, and the National Nuclear Security Administration.

Sherrod is a frequently cited expert across major media outlets and a regular speaker at global security conferences.

Casey Smith

Casey Smith's cybersecurity journey began in the early 2000s at Cisco Systems, where he contributed to the groundbreaking SAFE (Secure Architecture for Enterprise) initiative — sparking a career-long passion for testing the boundaries of defensive systems. He is the co-creator of Atomic Red Team, a widely adopted open-source testing framework, and has held impactful roles at Red Canary, Thinkst Canary, and in the financial sector.

At Huntress, Casey focuses on adversary tactics with a keen interest in identity-based attacks. He's driven by a simple but powerful philosophy: if you haven't tested it, it doesn't work. When he's not outsmarting adversaries, Casey can be found exploring the Colorado outdoors or diving into a good non-fiction book.