Dominic Jainy stands at the forefront of the battle against modern cyber threats, bringing a wealth of expertise in machine learning and decentralized technologies to the complex world of information security. As an IT professional who has watched the rapid evolution of artificial intelligence from a laboratory curiosity to a cornerstone of criminal infrastructure, he offers a rare perspective on how these tools are reshaping the digital battlefield. In an era where a single compromised session token can bypass the most expensive security perimeters, Jainy’s insights into the mechanics of identity-centric attacks provide a critical roadmap for enterprise leaders navigating the current landscape of high-frequency, AI-driven phishing.
The conversation centers on the alarming industrialization of cybercrime, where phishing-as-a-service platforms have made large-scale targeting more efficient and professional than ever before. We explore the transition from traditional malware infections to sophisticated identity theft, noting how the focus has shifted toward capturing persistent access through session cookies and authenticated tokens rather than just simple passwords. The discussion also addresses the significant operational hurdles organizations face, specifically the dangerous visibility gap that leaves security teams in the dark for hours after a breach occurs, and the specific industries currently bearing the brunt of these automated campaigns.
With the rise of artificial intelligence and specialized service platforms, how has the barrier to entry for cybercriminals changed, and what impact is this having on the sheer scale of attacks?
The technical barrier that once kept amateur hackers at bay has effectively crumbled because of the rise of phishing-as-a-service (PhaaS) platforms. We are seeing a dramatic shift where 78% of organizations have reported a noticeable increase in phishing volume over just the last 12 months, a surge fueled by the ability of threat actors to launch highly effective campaigns at a massive scale. Furthermore, the integration of AI-generated lures has made these attacks incredibly difficult to detect, with 84% of security professionals admitting that AI-driven phishing is becoming significantly harder to defend against. These aren’t the clumsy, poorly written emails of the past; they are sophisticated, automated interactions that can mimic legitimate corporate communications with frightening accuracy. By professionalizing the infrastructure used for these attacks, criminals can now focus on the “business” of theft while the automated platforms handle the heavy lifting of delivery and credential harvesting.
The latest research indicates that even the most well-resourced organizations are struggling, with 86% of Fortune 100 companies seeing employee data exposed; why is corporate size no longer an effective defense?
The sheer scale of a Fortune 100 company actually creates a broader attack surface, making it nearly impossible to protect every single entry point when 86% of these top-tier organizations have already seen their data exposed in the last year. We’ve observed a clear and deliberate focus on enterprise targets, with the technology sector experiencing the highest level of exposure, followed closely by the airline and automotive industries. Large organizations often suffer from a false sense of security provided by legacy systems, yet only 38% of them feel very confident in their ability to detect and respond to credential theft within a 24-hour window. This lack of confidence is rooted in the complexity of modern environments where 58% of teams struggle to identify exactly which credentials or session tokens were compromised during an incident. When you are dealing with thousands of employees, the manual effort required to remediate users at scale becomes a logistical nightmare that many are simply not equipped to handle.
We are seeing a massive shift where phishing is now roughly five times more likely to target enterprise users than malware is; what does this tell us about the current strategic goals of threat actors?
The data reveals a strategic pivot away from traditional malware toward the high-value world of enterprise identities, which are now five times more likely to be targeted by phishing. This is a significant jump from late 2025, when phishing was only three times more likely than malware to be the chosen vector. Attackers have realized that stealing an identity is far more efficient than trying to bypass a security scanner with a malicious file; once they have a corporate email account, they have the keys to the kingdom. This trend is perfectly illustrated by kits like Tycoon 2FA, where a staggering 80% of the captured credentials belonged to corporate accounts rather than personal ones. By focusing on these identities, threat actors can move laterally within a network, gain authenticated access, and set the stage for more damaging follow-on attacks like ransomware or large-scale fraud.
Beyond simple passwords, attackers are now focused on session hijacking and adversary-in-the-middle techniques; how does this complicate the traditional security response?
The move toward adversary-in-the-middle (AiTM) techniques has completely changed the “post-phishing playbook” because resetting a password is no longer a guaranteed fix. Attackers are now capturing session cookies and refresh tokens, which allow them to maintain authenticated access that persists long after a user changes their password. This explains why 20% of respondents are increasingly worried about session hijacking, as it effectively bypasses traditional multi-factor authentication. We are also seeing a rise in device code phishing, which abuses legitimate OAuth authentication workflows to trick users into granting trusted access without ever revealing their credentials. Security teams now have to think beyond the simple login and focus on revoking specific tokens and sessions, a process that only 30% of organizations have fully integrated into their automated response workflows.
A significant number of organizations—about 68%—require four hours or more to identify and remediate a phishing exposure; what is happening during those critical hours of delay?
Those four hours represent a massive window of opportunity for an attacker to establish a permanent foothold, and it is deeply concerning that 68% of organizations take that long or longer to act. During this delay, an attacker who has successfully phished a user can move from a simple account takeover to session hijacking, privilege escalation, or even deploying ransomware. The problem is exacerbated by the fact that 42% of organizations struggle to remediate exposed users at scale, meaning the infection can spread faster than the cure. When security teams lack visibility into exactly what was stolen—whether it was a password, a cookie, or an authentication artifact—they are essentially flying blind while the adversary explores their internal systems. This visibility gap is the single greatest advantage a criminal has once the initial phishing lure has been swallowed by an unsuspecting employee.
What is your forecast for the future of identity threat protection as these automated phishing platforms continue to evolve?
I forecast that the industry will move toward a model of “continuous identity verification” where the focus shifts entirely away from perimeter prevention and toward the real-time monitoring of identity data harvested from the darknet. As phishing-as-a-service platforms become even more sophisticated, organizations will have no choice but to automate their remediation workflows, as the manual process of identifying and revoking compromised access is simply too slow to stop a modern attack. We will see a greater emphasis on recapturing data directly from criminal infrastructure to identify phished credentials and tokens before they can be used for fraud. Ultimately, the winners in this space will be the companies that can bridge the visibility gap and reduce their response times from hours to seconds by integrating darknet intelligence directly into their identity response systems.