{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreiblbodhthnhx7iqcdro4iry7awq2jewkcpfqoclllamjzffnv5tkm",
"uri": "at://did:plc:iir655mcoipvnewhnkv6fb3u/app.bsky.feed.post/3mmtvnkyz2lo2"
},
"coverImage": {
"$type": "blob",
"ref": {
"$link": "bafkreidzhnv2t75motollxreehvmokt2mnqhckfpuviodsq3ynjlldarz4"
},
"mimeType": "image/png",
"size": 31727
},
"path": "/resources/blog/attackers-went-agentic-first",
"publishedAt": "2026-05-27T14:24:04.000Z",
"site": "https://binarydefense.com",
"textContent": "\nMandiant's M-Trends 2026 report puts the median time from initial access to handoff to a secondary threat group at 22 seconds in 2025. What changed is that initial access brokers started pre-staging secondary group malware before the handoff, turning what used to be a marketplace transaction into an automated delivery pipeline. The vishing-to-MFA-reset path is the cloud entry of choice now Voice phishing is the top initial access vector in cloud-specific compromises at 23%, per M-Trends 2026. This is what commoditization looks like on the attacker side: a moderately skilled operator can run enterprise-scale credential theft through software they rented this week. The bypass is session-cookie theft, which means the MFA prompt fires, the user authenticates, and the attacker wins anyway. The attacker still walked away with an authenticated session token. What MFA blocks What AiTM bypasses Credential interception (attacker captures username + password) Session-cookie interception (attacker captures authenticated session after MFA succeeds) Replay of static credentials Replay of live, valid session tokens Brute-force and spray against the password layer Post-authentication access using a stolen token the identity provider trusts That is the point about MFA worth holding onto: it is not the control that catches AiTM. The controls that catch it are session-token telemetry, conditional access policies that bind tokens to device posture and network signals, and detections tuned for anomalous token reuse from a new device or geography. Pull all of that together and the defender response that matches it is correlation across endpoint, identity, and network telemetry, anchored by analysts working campaign-shaped timelines rather than ticket-shaped events. Against a sophisticated actor running an AI-orchestrated kill chain, the assumption that an attacker still has to manually advance each step is not reliable. That is the structural shift, and it is what compressed the time window and lowered the skill floor on the attacker side. The defender response that matches this is not a faster automated triage layer on its own. Each of those is a place where attacker tooling created a gap that the corresponding defender response closes through judgment, not just throughput. That is not a story about defenders refusing to adopt. It is a story about defenders still calibrating what good looks like. The attacker side did not wait for that calibration to finish. That gap is closable, and being precise about where attacker tooling actually changed the threat is the first move toward closing it. If attacker speed is the edge AI gave the offense, the question that follows is what defenders keep human, and where. The question is what defenders optimize for in response, and whether \"faster\" is even the right axis.",
"title": "Attackers Went Agentic First"
}