How attackers are bypassing MFA using AI in 2026

Multi-factor authentication (MFA) has long been a cornerstone of digital security, blocking 99% of automated attacks, but evolving threats have exposed its vulnerabilities, necessitating a shift in strategy. Attackers are increasingly targeting session tokens, using Adversary-in-the-Middle (AiTM) attacks to bypass MFA by capturing session cookies in real-time, facilitated by commercial tools like EvilProxy and Tycoon 2FA available on platforms like Telegram. With the integration of AI, attackers can automate reconnaissance, craft highly convincing phishing emails, and use deepfakes for voice phishing, significantly enhancing the efficacy of their campaigns. Despite these advancements, MFA remains a critical security measure, but it must be implemented with phishing-resistant methods like FIDO2 security keys, and complemented by continuous session management and OAuth governance. The persistence of legacy fallback methods, inadequate session security, and lack of updated training contribute to the gaps in current MFA deployments, underscoring the necessity for organizations to adapt their strategies to address these sophisticated threats.