FBI — Kali365 AI Phishing-as-a-Service Bypasses MFA via OAuth Device Codes

AI relevance: Kali365 uses AI-generated phishing content and voice clones at scale — lowering the skill floor for credential theft against AI agent platforms (Microsoft 365 Copilot, Entra-protected agent tooling) that share the same identity infrastructure.

The FBI issued a warning about Kali365, a phishing-as-a-service (PhaaS) platform that bypasses multi-factor authentication by stealing Microsoft 365 OAuth tokens via the OAuth Device Code flow. The service packages AI-generated phishing lures, pre-built templates, tracking dashboards, and AI voice cloning into a subscription offering accessible to low-skill operators.

• OAuth Device Code phishing — victims are directed to a Microsoft authentication page where they enter a device code, granting the attacker a persistent OAuth refresh token
• MFA bypass — stolen OAuth tokens establish sessions that appear as legitimate authenticated users, rendering password changes and MFA re-enrollment ineffective against the hijacked session
• AI-generated content at scale — phishing emails, landing pages, and voice messages are produced using generative AI tools, dramatically increasing volume and personalization quality
• Low-skill accessibility — the PhaaS model provides ready-made templates, tracking dashboards, and infrastructure, enabling less experienced threat actors to launch sophisticated campaigns
• Persistent access — OAuth refresh tokens provide long-lived access to Microsoft 365 and Entra resources without requiring password re-authentication
• AI agent impact — Microsoft 365 Copilot, Graph API integrations, and Entra-protected agent tooling all rely on the same OAuth token infrastructure that Kali365 targets

Why it matters

As organizations deploy AI agents with delegated Microsoft 365 and Entra permissions, the OAuth tokens stolen by Kali365 grant attackers the same access as the compromised user — including permissions granted to AI agents. This creates a dual risk: traditional data exfiltration and AI agent misuse (sending emails, accessing files, invoking MCP-connected tools).

What to do

• Block or restrict the OAuth Device Code flow in Entra ID where not business-required
• Implement conditional access policies that evaluate sign-in risk and device compliance for OAuth token issuance
• Monitor for anomalous OAuth token grants and unusual application consent patterns
• Educate users about device-code phishing — legitimate services will never ask users to manually enter device codes from unsolicited links
• Review delegated permissions for AI agents and service principals; apply least-privilege principles
• Implement token lifetime policies and revoke suspicious refresh tokens immediately

Sources

• IT BOLTWISE — FBI Warns of Kali365 PhaaS for M365 Access Despite MFA
• IT BOLTWISE — Kali365 Uses OAuth Device Codes for M365 Phishing
• Memeburn — Hackers Aren't Just Stealing Passwords in 2026
• Forbes — AI-Powered Cybersecurity News