Upcoming Webinar
Off the Rails: How Hackers Are Using AI to Bypass MFA
The earliest adopter of AI wasn't your security team. It wasn't your vendor. It was the adversary.
While the industry was still debating AI's potential, a Phishing-as-a-Service operation called EvilTokens was already in production, with AI-assisted lure generation, a 24/7 support team, customer feedback channels, and a product store. In February 2026, they weaponized Railway, a legitimate cloud deployment platform, to stand up token-harvesting infrastructure at machine speed. By March 2, Huntress was watching anomalous authentication events fire across dozens of organizations simultaneously. By March 19, more than 340 organizations across five countries had been hit.
Legacy cybercrime scaled by adding people and automation. This scales by adding compute, better prompts, and tighter workflows. The tradecraft didn't just get faster. It became autonomous and productized.
This is the most influential attack campaign you've probably never heard of. And the way it was built—modular, AI-assisted, running like a business—changes what defenders need to understand about the threat landscape going forward.
In this live conversation, a Huntress Threat Intelligence Analyst, Casey Smith, and GM of Global Threat Intelligence at Microsoft unpack what EvilTokens and the Railway campaign actually reveal about how adversaries are using AI — and where the defense gaps are widest.
Is MFA still meaningful when attackers are abusing legitimate auth flows to bypass it entirely? When AI turns attack infrastructure into a subscription service with a support team, what does the defender's playbook actually need to look like? And what does it mean that a single detection from Huntress blocked Railway CIDR ranges across hundreds of thousands of organizations in a single move — while most of those organizations didn't even know they'd been targeted?
What you'll walk away with:
A clear-eyed picture of how AI has fundamentally changed the economics and speed of adversary operations — not in theory, but documented, in the wild, still active. Two experts. One watershed moment. Enough disagreement to make it worth your time.
Come ready to push back.
Speakers
Casey Smith
Staff Threat Intelligence Analyst
Sherrod DeGrippo
GM Global Threat Intelligence, Microsoft
* HUNTRESS WEBINAR GIVEAWAY TERMS. Live webinar participants may be eligible to receive one (1) Nintendo Switch 2™ + Mario Kart™ World Bundle (“Gift”), worth approximately USD $500.00. This gift giveaway (“Giveaway”) is sponsored by Huntress Labs Incorporated (“Huntress”). By registering for the above Huntress webinar (“Webinar”), you accept the following Huntress Webinar Giveaway Terms and all decisions of Huntress, which are final and binding in all respects. NO PURCHASE NECESSARY. PURCHASE OF HUNTRESS PRODUCTS OR SERVICES DOES NOT ENHANCE CHANCES OF RECEIVING THE GIFT. Eligibility: The Giveaway is applicable to individuals who are 18 years of age or older who register for and participate in the Webinar. All applicable laws and regulations apply. Void where prohibited or restricted by law, including, but not limited to, international sanctions. Subject to applicable law, the Gift is offered “as is” without any express or implied warranty of any kind or nature, including without limitation, any warranty respecting condition, merchantability, quality, title, or fitness for a particular purpose. Selection: One (1) gift recipient will be selected at Huntress's sole discretion based on their live engagement in the Webinar (e.g., asking questions, participating in a poll, or making comments in the Webinar chat). Huntress may identify the gift recipient during the Webinar or afterwards and will contact the gift recipient by email to notify them they have been selected to receive the Gift. Taxes: The Gift recipient is solely responsible for all applicable taxes. If requested by Huntress, a gift recipient who is a U.S. citizen or U.S. taxing resident must complete a Form W-9. If the gift recipient is a foreign national or nonresident alien (not a U.S. citizen or taxing resident), the Form W-8BEN must be completed upon request. Contact Information: Huntress Labs Incorporated, 6996 Columbia Gateway Drive, Suite 101, Columbia, MD 21046, Phone: 1-833-HUNT-NOW, Email: [email protected]
