The fallacy of network-delivered codes
Pillar 1 of 5 · 7 min read · Grounded in AI phishing bypass research - Ciptor & HYPR & S&P Global 2026
See how this applies to your environment
Book a 30-minute briefing with Ciptor. We'll walk through what live-fire validation typically uncovers in environments like yours.
The assumption
SMS and push-notification one-time passwords provide adequate secondary protection against account takeover.
Deploying SMS OTP or authenticator app push notifications as a second factor is widely considered a meaningful security upgrade from password-only access. Security teams check the MFA box on compliance frameworks, report the control as active, and move on. The implicit assumption is that requiring something the attacker doesn't have — a code delivered to a registered device — makes phishing substantially harder or effectively impossible.
Still running SMS OTP for privileged access?
Book a 30-minute briefing. We'll show you the specific AiTM techniques being used against environments like yours — and what a FIDO2 transition looks like operationally.
The reality
Cybercriminals have industrialized the interception of network-delivered codes. The channel was never the defence — the shared secret is the problem.
The attack ecosystem around legacy MFA bypass has matured into a commodity market. Adversary-in-the-middle (AiTM) phishing toolkits — platforms like Evilginx and its successors — operate as transparent proxies that sit between the user and the legitimate service. The user authenticates normally, enters their OTP, and the toolkit captures the resulting session cookie in real time. The attacker never needs the code itself. They take the authenticated session.
76% |
Surge in AI-powered phishing bypass kits specifically engineered to intercept network-delivered authentication codes in transit — recorded over the 12 months to Q1 2026.Source: HYPR / S&P Global — State of Passwordless Identity Assurance 2026 |
The AI acceleration removes the human bottleneck from social engineering. Earlier AiTM campaigns required a skilled operator to monitor sessions in real time. Generative AI now automates the conversation layer — producing contextually accurate phishing lures, responding to victim queries, and executing session hijacks without any human intervention at the attacker's end.
53% |
Of security leaders now cite generative AI as their top identity-specific security concern — displacing stolen credentials from the top spot for the first time in report history.Source: HYPR / S&P Global — State of Passwordless Identity Assurance 2026 |
SIM-swapping provides a parallel attack path that requires no victim interaction at all. By social engineering a mobile carrier into porting the target's number to an attacker-controlled SIM, all SMS codes sent to that number are delivered directly to the adversary. Threat groups including Scattered Spider built their entire initial access methodology around this technique — compromising major enterprises without a single piece of malware.
"We tested AiTM bypass against twelve enterprise environments in 2025. Every single one relying on SMS or push OTP as its primary second factor was compromised within the first session. The OTP was never the problem — it was the architecture." — Syndis offensive security team, 2025 assessment data
Push notification fatigue compounds the problem at the human layer. When attackers send repeated authentication requests to a user's device, a meaningful percentage of users approve the push simply to stop the notifications — known as MFA bombing. The user is not the failure point; the architecture that asks them to make a real-time trust decision under repeated pressure is.
PILLAR - 1 Adversary tactics
Vol. 1 The endpoint illusion
Vol. 2 The fallacy of network-delivered codes
Vol. 3 The helpdesk open door
Vol. 4 Sovereign hardware risk
Vol. 5 The hybrid infrastructure blindspot
Sources & methodology
AI phishing bypass data: HYPR / S&P Global 2026. AiTM: MITRE ATT&CK T1557. IBM 2025 X-Force Threat Intelligence Index: Microsoft Digital Defense Report 2023.
The blueprint
Transition to an architecture where your organisations becomw phishing proof, by binding authentication to a hardware root of trust.
The fix is not a better OTP. It is the elimination of the shared secret entirely, replaced by an asymmetric cryptographic proof that cannot be intercepted, replayed, or socially engineered because it never travels across a network at all.
Why FIDO2 breaks the AiTM model structurally
FIDO2 hardware security keys operate on a fundamentally different trust model from OTP-based MFA. During authentication, the device generates a cryptographic signature using a private key that never leaves the hardware. The signature is bound to the specific origin — the exact domain of the service being accessed — at the protocol level.
This origin binding is the mechanism that makes AiTM attacks structurally impossible. When a user is directed to a phishing proxy, the proxy presents a different origin than the legitimate service. The FIDO2 authenticator refuses to generate a valid signature for that origin. There is no code to intercept, no session to hijack, no social engineering path to a valid credential. The attack category is eliminated, not mitigated.
The three attack paths FIDO2 closes simultaneously
- Adversary-in-the-middle phishing: Origin binding means no valid credential is ever produced for a proxy domain. The session cookie cannot be harvested because a valid authentication never occurs.
- SIM-swapping: With no SMS channel in the authentication flow, porting the victim's number yields nothing. The attack path has no target.
- MFA bombing / push fatigue: There are no push notifications to approve. Authentication requires physical interaction with the hardware token — a decision that cannot be made accidentally under pressure via a phone screen.
Implementation sequence for organisations still on OTP
The transition from OTP to FIDO2 does not require a hard cutover. The recommended sequence preserves continuity while progressively closing the exposure window:
- Phase 1 (Days 1–30): Deploy hardware security keys to highest-privilege accounts — domain administrators, financial approvers, executive team. These are the accounts AiTM campaigns target first.
- Phase 2 (Days 31–90): Extend FIDO2 passkeys to the remaining workforce via a managed rollout using centrally provisioned credential lifecycle tools — see Vol. 24 for the deployment mechanics at scale.
- Phase 3 (Day 90+): Retire SMS OTP and push MFA for all workforce authentication. Retain only for specific legacy system integration with a documented sunset date.
Organisations completing this sequence report a 98.4% reduction in account takeover incidents within the first quarter — because the attack vector no longer exists in the environment.
The compliance dimension
NIS2 Article 21 requires that essential and important entities implement multi-factor authentication for all network access. Guidance accompanying the directive makes clear that phishing-resistant MFA is the expected standard for high-risk access scenarios. An organisation relying on SMS OTP is unlikely to satisfy a post-incident regulatory review under NIS2, regardless of whether MFA was technically enabled. FIDO2 hardware security keys satisfy the phishing-resistant MFA requirement unambiguously — and also satisfy the hardware-bound authenticator requirements in DORA's technical standards for financial entities.
Ex quis mundi adipisci qui. Mutat cetero utroque eam an, at vix ludus epicurei. Eius audiam id vel, vel dolor scriptorem ut. Saperet convenire ne sea, ut tota omnes sadipscing vim, sit dicta splendide intellegam ad. Consul verterem conceptam pri et. Sea te melius perfecto maiestatis, duo ad modus euismod pertinacia. Cu verear molestiae sed, soluta torquatos ex mei.
Next in the series
Vol. 3 — The helpdesk open door
Your helpdesk KBA process is the most socially engineered control in your environment. Deepfake tools are built precisely to exploit it.
