FBI Warns Microsoft 365 Users of AI-Powered Account Theft Attack

Federal Bureau of Investigation (FBI) has issued a new warning to Microsoft 365 users regarding an artificial intelligence (AI)-based cyber attack. The agency stated the attack, dubbed ‘Kali365’, can steal account access without requiring the victim’s password. In a public service announcement released on 21 May 2026, the FBI said the attack was first detected in April 2026 and is now being widely deployed through Phishing-as-a-Service (PhaaS) platforms. PhaaS involves cyber attack tools sold or rented to other criminals. The Kali365 method allows attackers to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA). The attack begins with phishing emails masquerading as trusted cloud productivity or document-sharing services. The Kali365 platform is distributed via Telegram to cybercriminals, while the actual scams are conducted through phishing emails. Victims receive a device code and instructions to visit a legitimate Microsoft verification page to enter the code. As the page appears genuine, users often trust the process. However, submitting the code sends the victim’s OAuth token to the attackers, enabling them to access the Microsoft 365 account via their own devices without needing the password or additional MFA checks. The FBI warned that once access is gained, perpetrators can exploit services such as Outlook, Teams, and OneDrive.