Behavioral AI exposes where MFA and rule-based controls fail

At a glance

What this is: This analysis argues that MFA, static rules, and single-event verification no longer stop attackers who hijack sessions, mimic trusted workflows, and weaponise AI-generated impersonation.

Why it matters: It matters because IAM, PAM, and security teams need controls that detect misuse after initial trust is granted, across human, NHI, and AI-assisted workflows.

By the numbers:

• 31% of MFA bypass attacks in the 2025 Verizon DBIR relied on token theft, making session hijacking the top MFA evasion technique.
• A deepfake voice clone built from a public webinar nearly enabled $240K in fraud after bypassing a phone-verification control.

👉 Read Abnormal AI's analysis of MFA bypass, PhaaS, and deepfake fraud

Context

MFA bypass and behavioural impersonation are now operational problems, not edge cases. In remote-first, SaaS-first environments, attackers can steal a session, borrow a trusted tool, or imitate a known voice without ever tripping a front-door check. That makes identity security a matter of how access behaves after login, not just whether the login succeeded.

For IAM and identity governance teams, the practical issue is that rule-based controls assume a stable identity event. That assumption fails when attackers reuse legitimate tools, exploit third-party tokens, and blend into ordinary collaboration traffic. The programme question is no longer whether controls exist, but whether they can see abnormal behaviour across the full access path.

Key questions

Q: How should security teams respond when attackers steal a valid session instead of a password?

A: They should treat the session as compromised, not just the password. Contain the affected account, revoke tokens and cookies, inspect downstream SaaS and email activity, and look for reuse across other systems. Session theft often bypasses MFA entirely, so response has to focus on inherited trust, not the original login event.

Q: Why do rule-based controls fail against phishing-as-a-service and deepfakes?

A: Rule-based controls fail because these attacks borrow trusted infrastructure, familiar sender patterns, and convincing human signals. A deepfake voice, a compromised vendor account, or a self-healing phishing page can all look legitimate to a checklist. Security teams need behavioural correlation, not just reputation filtering, to separate routine activity from impersonation.

Q: What should organisations measure to know whether behavioural detection is working?

A: They should measure whether the platform flags abnormal sequences across email, identity, and SaaS activity before the attacker completes a fraudulent action. Useful signals include token reuse across impossible combinations of device and location, unusual remote-tool usage, and payment or file activity that does not match the account’s normal behaviour.

Q: How do IAM and security teams balance MFA with behavioural controls?

A: MFA should remain a baseline control, but it must be paired with session monitoring, anomaly detection, and stronger verification for high-risk actions. The right comparison is not MFA versus behaviour analytics. The practical answer is layered trust, where authentication, session quality, and post-login behaviour are all evaluated together.

Technical breakdown

Why token theft defeats MFA once a session is established

Multi-factor authentication is strongest at the point of login, but it does not continuously prove that the same person or device is still in control. Adversary-in-the-middle phishing proxies capture the session cookie after the user completes MFA, then replay that cookie to inherit the authenticated session. In that model, the attacker does not need to crack MFA; they only need to steal the artefact that represents the completed authentication. This is why session hijacking has become a dominant MFA bypass path in mature phishing campaigns. The technical failure is not password weakness alone. It is the assumption that successful authentication implies trustworthy ongoing activity.

Practical implication: treat session theft as an access-control problem, not just an authentication problem.

How phishing-as-a-service industrialises identity abuse

Phishing-as-a-service packages infrastructure, hosting, templates, and operational support into a subscription model. That lowers the barrier to entry and gives less skilled attackers the same delivery mechanisms once reserved for experienced operators. Self-healing phishing pages, compromised vendor accounts, and trusted platforms such as SharePoint help malicious traffic survive takedowns and blend into normal business use. The important architectural point is that the attack surface now includes legitimate services and familiar collaboration tools, not only suspicious domains. That makes reputation-based filtering and static blocklists far less reliable than they once were.

Practical implication: extend detection beyond domains and inspect the behaviour of the message, link, and follow-on action.

Why behavioural AI sees what checklist-based controls miss

Behavioural AI models patterns across email, identity, and SaaS activity to establish what normal looks like over time. Instead of validating one event in isolation, it evaluates the sequence, context, and consistency of actions. That matters when an attacker uses a real account, a real service, or a convincing voice clone, because each individual step can look legitimate. The control is only as strong as its ability to correlate actions across channels. If the request, sender, device, timing, and downstream access path do not fit the established baseline, the system can flag it even when every surface check passes.

Practical implication: correlate identity, email, and SaaS telemetry before trusting any apparently valid transaction.

Threat narrative

Attacker objective: The attacker aims to inherit trusted access long enough to move money, steal data, or operate inside the environment without triggering standard authentication alarms.

1. Entry begins with token theft, adversary-in-the-middle phishing, or a trusted-service lure that captures valid session material without breaking initial authentication.
2. Escalation occurs when the attacker reuses the stolen session, installs legitimate remote tools, or pivots through trusted platforms such as collaboration or document services.
3. Impact follows when the attacker performs fraud, data theft, or account takeover while appearing to be normal business activity, delaying detection and containment.

Breaches seen in the wild

• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
• Snowflake breach — Snowflake breach compromised Ticketmaster, Santander and others via cloud credential abuse.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Session trust debt is now a governance problem, not just a detection problem: Identity programmes still assume that a successful authentication event buys a period of trustworthy behaviour. That assumption breaks when attackers steal sessions, use real tools, and inherit the legitimacy of normal workflows. The implication is that access assurance has to extend beyond the login checkpoint and into the behaviour of the session itself.

Behavioural impersonation collapses rule-based security: Deepfake voice, compromised vendor accounts, and legitimate SaaS channels all produce traffic that passes surface validation. Static policies are built to recognise known bad indicators, but these campaigns borrow known good signals instead. Practitioners need to treat contextual anomaly as an identity control signal, not an optional analytics layer.

Phishing-as-a-service has turned identity abuse into a commodity: When low-skilled actors can rent advanced phishing, session theft, and evasive infrastructure for a few hundred dollars, the defender no longer faces only elite operators. That changes the economics of identity risk across both human and non-human access, because the frequency of credible attacks rises even when attacker capability is shallow.

Behavioral AI should be evaluated as a control-plane capability, not a point tool: The article’s core lesson is that identity, email, and SaaS telemetry must be analysed together if practitioners want to detect misuse early enough to matter. In NHIMG terms, the decisive shift is from event validation to behaviour governance, which is now a baseline requirement for modern identity programmes.

Identity verification controls are being outpaced by impersonation quality: A phone call, a familiar sender, or a passing MFA challenge no longer guarantees trust. Organisations that still anchor decision-making to single proof points are optimising for a world where attackers looked obviously malicious. Practitioners should reframe trust as a continuous inference problem rather than a point-in-time gate.

From our research:

• 64% of valid secrets leaked in 2022 are still valid and exploitable today, proving that detection alone is not enough without automated revocation, according to Guide to the Secret Sprawl Challenge.
• AI-related credential leaks surged 81.5% year-over-year in 2025, with the surrounding AI infrastructure leaking 5x faster than core LLM providers, according to The State of Secrets Sprawl 2026.
• For a broader breach pattern view, see the 52 NHI breaches Report for how exposed credentials and delegated access turn into account compromise.

What this signals

Session trust debt: organisations are still over-investing in front-door authentication while attackers operate inside valid sessions. The programme shift is toward continuous evaluation of identity behaviour, because a login event no longer proves the current actor is trustworthy.

Behavioural AI will increasingly sit alongside IAM, not outside it, because the decisive signal is now the mismatch between expected and observed access patterns. The teams that get ahead will fuse email, identity, and SaaS telemetry into one control view rather than waiting for a post-authentication alert.

The pressure on identity teams will come from trusted channels being abused at scale, not just from obviously malicious infrastructure. With 64% of valid secrets leaked in 2022 still exploitable today, the operational lesson is that stale trust compounds across people, apps, and connected services.

For practitioners

• Treat session theft as a primary access pathway Instrument detection for token replay, cookie theft, and unusual session reuse across identity and SaaS logs. Correlate device, location, and tooling signals so a valid login does not automatically equal trusted activity.
• Reduce trust in human-verification workflows Require additional verification for payment changes, vendor updates, and other high-risk requests when the request path includes a compromised account, a lookalike domain, or a voice-based confirmation.
• Detect legitimate tools used for malicious control Flag remote-access software, cloud collaboration services, and OAuth-connected apps when their behaviour diverges from the normal role, frequency, or geography of the account using them.
• Build correlation across email, identity, and SaaS telemetry Move from isolated alerts to cross-channel detection so a suspicious message, a reused token, and a downstream payment or file action are evaluated as one chain.

Key takeaways

• MFA alone no longer stops account takeover when attackers can steal sessions, reuse tokens, and operate as the authenticated user.
• The evidence points to a commodity threat market where phishing kits, deepfakes, and trusted tools make sophisticated impersonation widely available.
• Identity programmes need continuous behavioural validation across email, SaaS, and access telemetry, or they will keep trusting compromised sessions.

Key terms

• Session Hijacking: Session hijacking is the takeover of an already authenticated session by stealing or replaying the session artefact, such as a cookie or token. The attack bypasses the original login barrier and allows the attacker to act as the user until the session is revoked or expires.
• Phishing-as-a-Service: Phishing-as-a-Service is a subscription model that provides ready-made phishing infrastructure, delivery tooling, and operational support to attackers. It lowers the skill needed to run advanced campaigns and makes identity abuse easier to scale, automate, and rapidly replace after takedowns.
• Behavioural Detection: Behavioural detection identifies suspicious activity by comparing actions, sequences, and context against established normal patterns. In identity security, it is most useful when attackers use legitimate credentials or tools, because the individual event may look valid even though the overall behaviour does not.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Abnormal AI: Key Insights on MFA bypass, phishing-as-a-service, and behavioural AI detection. Read the original.