Kasey Cromer, Netlok | June 9, 2026
In 2026, the most dangerous entry point in your organization is no longer a misconfigured firewall or an unpatched server. It is a phone call, a Microsoft Teams message, or a support ticket. According to Palo Alto Networks Unit 42, social engineering is now the top initial access vector globally, present in 36% of all incidents tracked between May 2024 and May 2025. And once an attacker gains that foothold, they are no longer operating at human speed. Mandiant’s M-Trends 2026 report found that the median time between initial access and handoff to a ransomware operator has collapsed from over eight hours in 2022 to just 22 seconds in 2025. In practice, defenders have seconds, not hours, to detect and respond.
Enterprises are responding by automating the helpdesk entirely. AI-powered support agents now handle a large share of IT requests autonomously. But this shift does not eliminate the social engineering threat. It transforms it. The same manipulation that convinced a human helpdesk agent to reset a multi-factor authentication (MFA) device can now be used to convince an AI agent to do the same thing at machine scale.
The only defense that breaks this cycle permanently is not better training for humans or smarter guardrails for AI. It is removing the credential reset as an attack surface entirely. Photolok by Netlok is built for exactly that outcome.
The IT helpdesk has become one of the most valuable targets for hackers in enterprise security. It sits at the intersection of identity management and operational urgency, with the authority to reset passwords, de-register MFA devices, and provision emergency access. That combination makes it irresistible to attackers.
The playbook is straightforward. An attacker gathers basic information about an employee from LinkedIn, public records, or data exposed in previous breaches. They call the helpdesk pretending to be that employee — a technique known as voice phishing (vishing) — cite an urgent situation, and ask for a credential reset or a new MFA device enrollment. In many organizations, a convincing story and a few verifiable details are enough to get the request approved.
Scattered Spider, the threat cluster responsible for the MGM Resorts breach in 2023, used exactly this technique. An operative impersonated an employee over the phone, convinced the helpdesk to clear active MFA devices, and registered their own phone as the trusted authentication device on the account. That single conversation opened the door to ransomware deployment that cost MGM over $100 million in remediation and lost revenue.
The threat has escalated significantly since then. AI-generated voice clones now allow attackers to match the voice profiles of specific executives with alarming accuracy. Real-time deepfake video wrappers can defeat organizations that require employees to appear on camera during support calls. The Health Sector Cybersecurity Coordination Center has issued specific warnings about campaigns where attackers called hospital helpdesks from localized area codes, presented verified employee data including IDs and dates of birth scraped from prior breaches, and requested credential overrides before security teams could respond.
According to the ISACA 2026 Tech Trends and Priorities report, based on a survey of 3,000 IT and cybersecurity professionals, AI-driven social engineering is now the top cybersecurity threat organizations expect to face, cited by 63% of respondents. This is the first time it has topped the ISACA findings, surpassing ransomware at 54% and insider threats at 35%.
The reason this threat is so persistent is structural. As long as the helpdesk retains the authority to reset credentials, attackers will find a way to exploit it.
Faced with rising ticket volumes and lean security teams, enterprises are moving quickly to automate internal IT support. ServiceNow’s $2.85 billion acquisition of Moveworks and the subsequent launch of its Autonomous Workforce platform represents the most visible signal of this shift. AI specialists now resolve a large share of IT and customer support requests end to end, without human involvement.
This automation delivers real operational value in cost and response time. But it does not eliminate the social engineering attack surface — it simply moves it from the call center to the AI agent’s chat window. When the first responder to a locked-out employee is an AI agent, the attack vector shifts from a voice call to a text string. Prompt injection — embedding hidden instructions inside a message to trick an AI into executing unauthorized commands — is ranked the number one risk in the Open Worldwide Application Security Project (OWASP) Top 10 for Large Language Model Applications, and exploits the same vulnerability that human social engineering does: trust. An AI agent does not get suspicious. It cannot sense that a story sounds wrong. A successful injection exploit requires a carefully crafted text string, and once discovered, it can be replicated across thousands of accounts simultaneously.
The pace of modern attacks makes this especially dangerous. Mandiant’s M-Trends 2026, based on more than 500,000 hours of incident response investigations, found that the median time between initial access and handoff to a ransomware group has collapsed to just 22 seconds. With an AI agent processing requests at machine speed, there is no window for second thoughts.
Solving this requires changing what the helpdesk is allowed to touch in the first place. Organizations that automate their helpdesk without rethinking the credential reset workflow are not solving the problem. They are automating their exposure.
The standard response to helpdesk social engineering has been to train humans to be more skeptical and to engineer AI systems to be harder to manipulate. Both approaches are necessary. Neither is sufficient.
Human awareness training reduces susceptibility but cannot eliminate it. Helpdesk staff are trained to be helpful, and that helpfulness is exactly what attackers exploit. They engineer fabricated scenarios to create urgency and iterate constantly as organizations update their verification procedures.
For AI systems, prompt injection guardrails and input validation are important baseline controls. But the attack surface is enormous. AI helpdesk agents ingest data from support tickets, chat logs, email portals, and knowledge bases — every one a potential injection vector. The OWASP guidance acknowledges that defending against prompt injection comprehensively remains an unsolved problem.
Both approaches share the same flaw: they assume the helpdesk must retain authority to reset credentials. The correct strategic response is to eliminate the target, not to fortify it indefinitely.
The most effective way to break the helpdesk social engineering attack sequence is to eliminate the prize the attacker is hunting. If there is no password to reset, the vishing call has no payload and the prompt injection string has no credential to harvest. Photolok by Netlok is a passwordless identity provider that sits at the identity layer and integrates with platforms like Okta Workforce, replacing passwords with photo-based authentication and removing the fixed credential that helpdesk social engineering is designed to obtain.
Photo-based authentication: Users identify images from a personal photo panel rather than entering a password. Because authentication is based on visual recognition of private images rather than recall of a text string, the most common categories of a helpdesk ticket — forgotten passwords, expired credentials, account lockouts from character errors — are removed from the environment entirely. There is no credential for a social engineer to request, and no reset process to manipulate.
1 Time Photo: Users can configure up to five single-use photos for authentication. When a 1 Time Photo is active, only the designated single-use panel appears during login. Regular photos stay hidden. Once the 1 Time Photo is used, it is immediately invalidated and cannot be reused. Even if an attacker observes a session, records the screen, or uses a remote access tool during a support interaction, the credential captured has no replay value whatsoever.
Duress Photo: Users can select up to two rotating photos with the Duress label. If an employee is pressured into authenticating under coercion, selecting a Duress Photo triggers a real-time alert to security teams the moment it is chosen. The attacker sees a completed login. The security operations center receives an immediate distress signal. If both a Duress Photo and a 1 Time Photo are active, both appear on the first photo panel together.
This last capability addresses something no password, passkey, or biometric system provides. Traditional credentials are passive — they cannot communicate whether the person entering them is acting freely or under duress. Photolok’s Duress Photo gives employees a safe way to signal danger while appearing to comply, matching the real-time velocity of modern attacks.
For organizations deploying AI helpdesk systems, Photolok changes the calculus entirely. When there is no password in the environment, an AI agent has nothing to reset and prompt injection attacks targeting credential workflows lose their operational value.
The helpdesk social engineering threat will not be resolved by incremental improvements to verification procedures or AI guardrails. It requires a structural change to how identity is managed. These steps can move an organization in the right direction.
Social engineering has survived every enterprise defense upgrade for a simple reason: the asset it targets has never changed. As long as there is a credential to reset and a helpdesk with the authority to reset it, attackers will find a way to exploit that process. Better training, stricter verification, and smarter AI all raise the cost of the attack. None of them remove the incentive.
In 2026, with attack handoff times measured in seconds and AI enabling social engineering at industrial scale, organizations cannot afford to keep defending a credential infrastructure that was designed for a different era.
Photolok eliminates passwords at the identity layer, removes the credential reset from the helpdesk workflow, and gives security teams a real-time signal when an employee is authenticating under duress. It does not make the helpdesk more resilient. It makes the helpdesk irrelevant as an attack surface.
The conversation attackers are counting on cannot happen if the elements they are after do not exist.
Request Your Personalized Demo
About the Author
Kasey Cromer is Director of Customer Experience at Netlok.
Sources
[1] Palo Alto Networks Unit 42. ‘2025 Global Incident Response Report: Social Engineering Edition.’ July 2025. unit42.paloaltonetworks.com
[2] Google Threat Intelligence Group / Mandiant. ‘M-Trends 2026.’ March 2026. mandiant.com
[3] ISACA. ‘2026 Tech Trends and Priorities Pulse Poll.’ October 2025. isaca.org
[4] ServiceNow. ‘ServiceNow Completes Moveworks Acquisition.’ December 2025. servicenow.com
[5] OWASP. ‘OWASP Top 10 for Large Language Model Applications.’ January 2026. owasp.org
[6] Health Sector Cybersecurity Coordination Center (HC3). ‘Social Engineering Threats Targeting Healthcare IT Helpdesks.’ 2025. hhs.gov/hc3
[7] CISA. ‘Scattered Spider Threat Advisory.’ 2025. cisa.gov
[8] Netlok. ‘How Photolok Works.’ netlok.com
Helpdesk is the Easiest Breach in Your Organization
Kasey Cromer, Netlok | June 9, 2026 Executive Summary In 2026, the most dangerous entry point in you[...more]
Leaner Teams, Smarter Logins: Why Eliminating Passwords Is the Right Move for 2026
Kasey Cromer, Netlok | May 27, 2026 Executive Summary In 2026, security leaders are being asked to d[...more]
When anyone can be faked: Photolok as the identity layer for the AI era
Kasey Cromer, Netlok | May 13, 2026 Executive summary As we move through 2026, the corporate world i[...more]
App Overload: Why SaaS apps and AI Sprawl Are Breaking Enterprise Security
Kasey Cromer, Netlok | April 29, 2026 Executive summary In 2026, most enterprises are running more a[...more]
Identity Crisis: When Attackers Log In Instead of Break In
Kasey Cromer, Netlok | April 10, 2026 Executive Summary Geopolitical escalation reliably coincides w[...more]
Protecting the Person, Not Just the Account
Kasey Cromer, Netlok | March 31, 2026 Executive Summary Traditional authentication was designed to a[...more]
Why Passwords and Biometrics are Failing in 2026
Kasey Cromer, Netlok | March 18, 2026 Executive Summary The identity and authe[...more]
Pig Butchering Has Gone Big Time. Your Identity Layer Has to Catch Up.
Kasey Cromer, Netlok | February 28, 2026 Executive Summary “Pig butchering” refers[...more]
Your Workforce Runs on Apps. So Do Attackers.
Kasey Cromer, Netlok | February 23, 2026 Executive Summary Your employees rely on dozens of mo[...more]