AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started
Image
Episode 7  •  Mar 14, 2026  •  37 Min

Social Engineering, Phishing-as-a-Service, Edge Device Exploits & AI-Assisted Attacks

This week’s conversation focuses on a question red teamers think about constantly: how attackers actually get in. While headlines often focus on dramatic zero-day exploits, many successful compromises still begin with far simpler techniques: impersonation, credential theft, or misconfigured infrastructure.

In this episode, the team explores several real-world examples of initial access paths. Social engineering campaigns are abusing trusted communication platforms like Microsoft Teams. Phishing infrastructure is becoming commoditized, allowing low-skill operators to steal credentials and session tokens at scale. Edge infrastructure vulnerabilities continue to provide attackers with direct entry into corporate networks. And at the same time, AI is accelerating the speed at which reconnaissance, tooling, and offensive workflows can be developed.

The common thread across these stories isn’t entirely new techniques, it’s the increasing speed, scale, and accessibility of offensive capabilities.

Key Takeaways:


Attackers Impersonate IT Support via Microsoft Teams, Cybersecurity News

https://cybersecuritynews.com/hackers-attack-over-microsoft-teams/

  • What Matters: Attackers are abusing collaboration tools like Microsoft Teams to impersonate internal IT support and convince employees to install remote access software. These attacks succeed because they operate inside a trusted communication environment where users are less suspicious than they would be with email. Once remote access is installed, attackers gain an immediate foothold inside the network.
  • What’s Overhyped: The technique itself isn’t new. Social engineering has always been one of the most effective initial access methods. What’s changing is the channel, Attackers are moving from email to collaboration platforms that employees trust more.

Typhoon 2FA Enables Industrial-Scale Session Hijacking, Microsoft Security Blog

https://www.microsoft.com/en-us/security/blog/2026/03/04/inside-tycoon2fa-how-a-leading-aitm-phishing-kit-operated-at-scale/

  • What Matters: New phishing platforms allow operators to steal not just credentials but authenticated session tokens, enabling attackers to bypass traditional multi-factor authentication protections. These services package infrastructure, phishing templates, and credential harvesting into a subscription model, allowing even low-skill actors to launch sophisticated campaigns.
  • What’s Overhyped: MFA bypass isn’t a new phenomenon. Reverse-proxy phishing frameworks have existed for years. The real shift is accessibility: tools that once required technical expertise are now packaged as services.

Fortinet Vulnerabilities Demonstrate the Risk of Network Edge Devices, Cybersecurity News

https://cybersecuritynews.com/fortinet-security-update-march/

  • What Matters: Vulnerabilities in internet-facing infrastructure such as firewalls, VPN gateways, and network management platforms remain extremely valuable targets. Compromising one of these devices often provides direct internal network access and, in some cases, administrative control over the network itself.
  • What’s Overhyped: This isn’t unique to any single vendor. Every organization relies on a small number of edge devices to connect to the internet, which naturally makes them high-value targets.

Leaked iOS Exploit Kits Show the Growing Commoditization of Zero-Days, The Hacker News

https://thehackernews.com/2026/03/coruna-ios-exploit-kit-uses-23-exploits.html

  • What Matters: Researchers discovered an exploit framework containing multiple iOS vulnerabilities that can be chained together to fully compromise devices. Exploits of this caliber have historically been reserved for government or intelligence agencies, but leaks and secondary markets are beginning to spread these capabilities more broadly.
  • What’s Overhyped: These attacks still require specific conditions and older device versions in many cases. The average user is unlikely to be targeted, but the broader trend of exploit commoditization is significant.

Automation Improves Reconnaissance, Tool Development, and Attack Speed, Microsoft Security Blog

https://www.microsoft.com/en-us/security/blog/2026/03/06/ai-as-tradecraft-how-threat-actors-operationalize-ai/

  • What Matters: AI tools are enabling attackers to automate reconnaissance, generate phishing materials, develop custom tooling, and process large datasets faster than before. Instead of replacing human operators, AI is acting as a force multiplier that speeds up existing offensive workflows.
  • What’s Overhyped: Fully autonomous attacks remain rare. Most successful operations still require skilled operators who provide context, interpret results, and guide the attack process.
Brandon Kovacs Headshot

Brandon Kovacs

Senior Security Consultant

Brandon Kovacs (CRT, OSCP) is a Senior Security Consultant at Bishop Fox, where he specializes in red teaming, network penetration testing, and physical penetration testing. As a red team operator, he is adept at identifying critical attack chains that an external attacker could use to fully compromise organizations and reach high-value targets.

To support physical and external testing, Brandon has built the 2023 edition of Bishop Fox’s Tastic RFID Thief to include Wi-Fi and remote control, allowing for more effective capture of RFID badges from a few feet away. He actively performs research and development into artificial intelligence for use in offensive security engagements.

Brandon is also recognized as a deepfake expert, conducting speaking sessions and live demonstrations at several global security and technology conferences. His research focuses on using AI and high-quality deepfakes to perform social engineering.

More by Brandon Kovacs
Leron Gray Headshot BF

Leron Gray

Senior Security Consultant - Red Team

Leron Gray is a Senior Security Consultant II on Bishop Fox's Red Team. He previously worked at Microsoft on the Azure Red Team and as a Cryptologic Technician (Networks) for the U.S. Navy.

Leron holds a Masters in Cyber Defense from Dakota State University and is a PhD candidate for Cyber Operations. He has a graduate certification in penetration testing and ethical hacking from SANS Technology Institute.

More by Leron Gray
Bfx25 Thomas Wilson Bio

Thomas Wilson

Senior Red Team Operator

Thomas Wilson is a senior red team operator at Bishop Fox and a musician. From IDEs to DAWs, he is as at home on his own computer as he is on someone else's. You can usually find him at the local card shop slinging spells, up on stage blasting tunes, or with his eyes glued to his monitor for hours at a time (thank goodness for blue light filtering lenses).

More by Thomas Wilson

Subscribe to our PODCAST

Real talk on the threats, trends, and tactics shaping security today

Listen Anywhere

Spotify iHeartRadio YouTube Apple Podcasts Amazon Music

Recommened Resources

You might be interested in these related Resources.

Datasheets

AI-Powered Application Penetration Testing Datasheet

AI-Powered Application Penetration Testing Datasheet

Most enterprises are managing dozens — sometimes hundreds — of applications with the same constrained budgets and headcount. Bishop Fox AI-Powered Application Penetration Testing delivers validated, expert-reviewed findings across your entire portfolio without the noise or overhead.

Download Datasheet
Guides

Secure AI-Assisted Development: 15 Guardrails for Shipping AI-Generated Code

Secure AI-Assisted Development: 15 Guardrails for Shipping AI-Generated Code

Before releasing AI-developed software, use our recommended security guardrails checklist to learn how to constrain generated code, enforce security controls, and prevent silent risk from prompt to production.

Read Guide
Reports

2026 GigaOm Radar for Attack Surface Management

2026 GigaOm Radar for Attack Surface Management

Get an overview of the 2026 Attack Surface Management (ASM) market — along with the key features and business criteria met by the top solutions — and learn why Bishop Fox was named Leader and Fast Mover by the analysts at GigaOm.

Read Report