When an employee enters a unique sequence of digits into a legitimate Microsoft device login page, they often believe they are fortifying their digital identity, yet they might actually be handing over the keys to the entire corporate kingdom. This paradox of the “microsoft.com/devicelogin” prompt highlights the first step in a modern heist where the appearance of a trusted domain serves as a mask for malicious intent. Unlike traditional phishing that targets secret strings of text, this new wave of attacks seeks to hijack the very authorization mechanisms that define modern collaboration.
The industry’s heavy reliance on Multi-Factor Authentication (MFA) has inadvertently created a false sense of security among both users and administrators. While MFA remains a critical barrier against simple credential theft, it has forced attackers to pivot toward methods that operate within the bounds of legitimate identity flows. The 2026 “EvilTokens” reality demonstrates how threat actors have moved beyond temporary session cookies to secure permanent organizational footholds, turning the user’s “Accept” click into a gateway for persistent, unverified access.
Why Your “Accept” Click Is Now More Dangerous Than a Leaked Password
The modern digital workspace relies heavily on the OAuth protocol to enable seamless integration between disparate platforms. When a user sees a prompt from a legitimate domain, the psychological barrier to entry vanishes, making the “Accept” button the most vulnerable point in the defense chain. Attackers capitalize on this trust by initiating device code flows that require the user to authenticate through a genuine portal, effectively making the victim an unwitting accomplice in their own compromise.
This evolution represents a fundamental shift from stealing credentials to hijacking authorization. In the past, a leaked password was the ultimate prize, but today, an authorized grant provides far more utility to an adversary. By securing an OAuth grant, an attacker bypasses the need for the password entirely, as the system considers the subsequent access to be a continuation of a verified session. The authorization remains active even if the user changes their password, creating a hidden back door that persists in the shadows.
The transition to token-based attacks has rendered many legacy defense strategies obsolete. While a stolen password can be changed in seconds to neutralize a threat, an illicit OAuth token can remain valid for extended periods, often surviving routine security audits. This persistence allows threat actors to maintain a quiet presence within an organization, observing communications and gathering data without triggering the standard alarms associated with unauthorized login attempts.
The Structural Blind Spot in Modern Identity Defense
Phishing-as-a-Service (PaaS) platforms have institutionalized the exploitation of OAuth, making sophisticated attacks accessible to a broader range of threat actors. These automated kits handle the complex handshakes required to establish trust, allowing attackers to focus on social engineering. As these platforms evolve, traditional sign-in monitoring struggles to keep pace, as the illicit activity is buried within thousands of legitimate API calls and integration requests.
Standard security alerts, such as those for “impossible travel” or unrecognized devices, frequently fail to trigger during an OAuth grant attack. Because the user is the one performing the initial authentication from their known device and location, the identity provider sees a perfectly valid session. The resulting token is then used by the attacker, often through cloud infrastructure that mimics legitimate service behavior. This lack of a clear “sign-in trail” makes it incredibly difficult for security teams to distinguish between a useful productivity app and a malicious data harvester.
This creates the “satisfied MFA” problem, where the very security checks designed to protect the environment are used to validate the attacker’s access. Once the MFA challenge is completed during the initial grant, the resulting refresh token is cryptographically signed as “MFA-satisfied.” Subsequent access requests using this token do not prompt for further verification, allowing the attacker to bypass the security perimeter entirely. The system functions exactly as designed, but the underlying trust has been fundamentally compromised.
From EvilTokens to Persistent Refresh Scopes: The Tech Behind the Breach
The technical core of this threat lies in the mechanics of the refresh token. Unlike access tokens, which expire quickly, refresh tokens are designed for longevity, allowing applications to stay connected without requiring the user to re-authenticate constantly. Attackers target these long-lived tokens because they provide a bridge to the environment that is independent of the user’s current password status. Changing a password does not automatically invalidate existing OAuth grants, leaving a gap that adversaries exploit with surgical precision.
Consent fatigue has become a powerful ally for attackers as workers become desensitized to the constant barrage of permission requests. From cookie banners to AI integration prompts, the normalization of the “Accept” click has created a low-friction environment where high-risk permissions are granted without a second thought. Attackers exploit this behavior by requesting scopes that sound benign but offer comprehensive access, such as “Read your mail” or “Access files when you’re not present.”
These specific OAuth scopes allow for deep and persistent data exfiltration. “Read your mail” provides an attacker with a window into every internal conversation and attachment, while “Access files when you’re not present” ensures that the connection remains active even when the user is offline. This technical persistence creates a significant challenge for incident response cycles, as standard remediation protocols often overlook the need to surgically revoke individual application grants, allowing the breach to continue long after the initial discovery.
Toxic Combinations and the 700-Tenant Cascade: Expert Insights into Hidden Risk
The 2025 Salesloft-Drift incident serves as a stark reminder of the interconnected risks within the SaaS ecosystem. In that case, a compromise of a single downstream connector created a vulnerability chain that cascaded across hundreds of Salesforce tenants. This demonstrated that an organization’s security is only as strong as the weakest link in its integration chain. While each tenant had legitimately approved their integrations, they had not authorized the resulting risk surface created by the shared connection.
Security experts have identified the “toxic combination” theory as a primary concern for modern enterprises. This occurs when multiple, seemingly harmless SaaS grants are held by a single user identity, creating a hidden bridge between disparate platforms. For example, a user with grants for an AI summarizer, a CRM tool, and a file storage app inadvertently creates a path for data to flow between these systems without institutional oversight. These combinations create unauthorized risk surfaces that are invisible to traditional siloed monitoring tools.
The emergence of AI agents and the Model Context Protocol (MCP) has further expanded this frontier of unverified trust. These agents require broad access to be effective, yet they often operate through the same OAuth grant mechanisms that lack granular control. This creates a high-velocity environment where automated data exfiltration can occur before a human analyst can even identify the grant. Visualizing these hidden bridges through an identity knowledge graph has become a necessity for identifying where disparate SaaS platforms intersect.
Hardening the Perimeter: Practical Strategies for OAuth Governance
To combat these threats, organizations began establishing real-time OAuth application inventories to replace static, annual audits. This allowed security teams to gain immediate visibility into every third-party integration the moment it was authorized. By implementing “Grant Age” policies, administrators could identify and flag refresh tokens that exceeded thirty days without re-verification. This proactive approach reduced the window of opportunity for attackers to maintain long-term persistence within the environment.
Deploying Conditional Access for Consent moved the security challenge from the initial sign-in to the moment of authorization. This ensured that high-risk permissions triggered an additional layer of scrutiny, even if the user had already completed an MFA challenge earlier in the session. Furthermore, strategic cross-application monitoring allowed teams to flag “bridge identities” that held grants across multiple high-value platforms, identifying potential toxic combinations before they could be exploited by an adversary.
Strategic leaders eventually recognized that the identity knowledge graph offered the only comprehensive view of these hidden relationships. By implementing token-level revocation playbooks, organizations moved toward a model of continuous verification that surgically removed illicit access without suspending user accounts. This proactive stance effectively neutralized the threat of consent fatigue while maintaining the agility of a modern SaaS-driven ecosystem. Security professionals successfully shifted their focus from the perimeter of sign-in events to the internal graph of integrations that defined the modern workspace.
