The rise of OAuth consent phishing is a silent revolution in the cybersecurity landscape, and it’s one that has me deeply concerned. Let me explain why. In February 2026, a platform called EvilTokens emerged, compromising over 340 Microsoft 365 organizations in just five weeks. What’s truly alarming is how it operated: by exploiting the very trust mechanisms we’ve grown accustomed to. Users were tricked into granting OAuth permissions, effectively handing over refresh tokens that bypassed multi-factor authentication (MFA). This isn’t just a new attack vector—it’s a fundamental shift in how phishing works.
What makes this particularly fascinating is how it exploits human behavior. We’ve all become numb to consent screens. Personally, I think this is the real Achilles’ heel here. OAuth consent has become an instinctive click, much like how we mindlessly accept cookie banners. But unlike cookies, these clicks grant access to sensitive data—emails, calendars, contacts, and more. The language on these screens is deceptively benign. For instance, 'Read your mail' sounds harmless, but it grants access to every message, attachment, and shared thread. If you take a step back and think about it, this is a masterclass in social engineering.
From my perspective, the normalization of consent screens is a cultural issue as much as a technical one. Every new app, AI agent, or browser extension demands permissions, and we’ve been trained to comply. What many people don’t realize is that these permissions often outlive their usefulness. A refresh token issued months ago can still be valid, even after a password reset. This longevity creates a shadow access layer that most security tools can’t detect. MFA, which we’ve long relied on as a safety net, is blind to this threat because the user has already authenticated.
One thing that immediately stands out is the concept of 'toxic combinations.' This happens when multiple OAuth grants intersect through a single user, creating a risk surface that no single application owner ever intended. For example, a finance user might grant access to their calendar, shared drive, and customer database to different tools. Individually, these permissions seem reasonable, but together, they form a bridge that an attacker can exploit. What this really suggests is that our current security models are fragmented—they don’t account for the cumulative risk of cross-application access.
This raises a deeper question: How do we secure a system where trust is granted in milliseconds but can be abused for months? Procedural checks, like reviewing OAuth grants, are necessary but insufficient. The real solution lies in continuous monitoring of the runtime layer where these trust relationships form. Platforms like Reco are stepping in to fill this gap by mapping OAuth grants, AI agents, and integrations in real time. What’s especially interesting here is how AI is being used to combat AI-driven threats—a sort of digital arms race.
In my opinion, the OAuth consent phishing trend is a wake-up call. We’ve spent years fortifying authentication, but the consent layer has been left largely unchecked. Closing this gap requires a paradigm shift: treating OAuth grants with the same rigor as authentication itself. This isn’t just about technology; it’s about rethinking how we educate users and design trust mechanisms.
As I reflect on this, I’m reminded of how quickly attack surfaces evolve. Just as we adapted to credential phishing, we must now adapt to consent phishing. The challenge is immense, but so is the opportunity to build a more resilient security framework. Personally, I think this is the next frontier in cybersecurity—one that demands not just technical innovation but a reevaluation of our collective trust habits.
