Back to Feed
AI SecurityJul 8, 2026

3 Ways AI Powers Service Desk Attacks and How to Prevent Them

AI enhances service desk impersonation attacks through convincing personalization and scalability.

Summary

AI is increasingly used by attackers to impersonate users and exploit service desk vulnerabilities, particularly during employee onboarding. Generative AI tools enable more convincing phishing, voice, and video impersonations, while AI-powered reconnaissance helps attackers gather personal details for tailored social engineering scripts. This allows for more scalable and personalized attacks that can bypass traditional security controls.

Full text

3 Ways AI Powers Service Desk Attacks and How to Prevent Them Sponsored by Specops Software July 8, 2026 10:01 AM 0 IBM’s 2025 Cost of a Data Breach Report found that 16% of breaches studied involved attackers using AI tools, most often for phishing or deepfake impersonation attacks. For security teams, that has direct implications for the service desk. The service desk is a natural target for social engineering, as an attacker that convinces an agent they are a legitimate user may not need to bypass technical controls. They can simply ask for help getting around them. AI makes that easier, helping attackers sound more credible by personalizing their approach. Onboarding is particularly exposed in a threat landscape where AI enables more convincing social engineering attacks. New employees need fast access, but the organization may not yet have strong familiarity with who they are. Attackers can exploit that gap, so service desk agents need better ways to prove identity before they hand over credentials, reset MFA or approve sensitive changes. Three ways AI aids service desk attacks 1. AI makes impersonation more convincing High-profile attacks against M&S, MGM Resorts, Clorox and others all started with a simple question to the service desk: “Can you help me get access?”. From there, the threat actors gained access to accounts, escalated their attacks and cost the victim organizations millions. Impersonation has long been a risk at the service desk, and AI makes it even harder for agents to judge whether a request is genuine. Attackers can now use generative AI to create polished emails, convincing chat messages and realistic call scripts in seconds. In more targeted attacks, they can also use AI-generated voice or video to impersonate an employee. Onboarding is especially exposed. New employees are not always known to IT teams, and first-day access issues are expected. An attacker posing as a new hire can use AI to sound credible, reference the right department and create just enough urgency to push a request through. 2. AI accelerates reconnaissance and personalization More personal information is available on the internet than ever before, and AI helps threat actors find it. When defending against onboarding attacks, this is a real concern. Organizations often share more than they realize. A welcome post might name a new employee, or a job advert might mention the systems the company uses. A LinkedIn profile might show the hiring manager, team structure and office location. Threat actors can pull this information, then use AI to scrape more from LinkedIn, company websites, job posts, press releases and social media. They can then turn those details into a believable story. Names, roles, locations, departments, internal tools and reporting lines can all be worked into a script that sounds credible. That level of detail can make a malicious request look routine. And when a request feels routine, it is more likely to move quickly. 3. AI helps attackers scale service desk attacks An attacker no longer needs to create a social engineering campaign from scratch. They can use AI to create dozens of phishing email variations, test different pretexts and adapt their wording to tailor their efforts. That creates a problem for service desks because they are built to respond quickly. Attackers know this, so use urgency and persistence to make a malicious request feel like another routine task in a busy queue. AI makes it easier for attackers to adjust their approach, and they can try the same basic request across multiple channels or agents until someone approves the reset, releases the credential or changes the recovery method. Secure your Active Directory passwords with Specops Password Policy Verizon’s Data Breach Investigation Report found stolen credentials are involved in 44.7% of breaches. Effortlessly secure Active Directory with compliant password policies, blocking 6+ billion compromised passwords, boosting security, and slashing support hassles! Try it for free How to prevent AI-enabled service desk attacks AI-enabled attacks are designed to look normal, so prevention cannot rely on service desk agents making perfect judgment calls under pressure. It’s here that specialized solutions can help secure an especially high risk process the service desk deals with: onboarding. Specops Secure Onboarding helps secure onboarding end-to-end and beyond, ensuring agents have the tools they need to confidently verify identity and protect new credentials from interception. 1. Secure password delivery during onboarding A new starter needs credentials quickly, but sending a password via SMS or email creates risk if it’s intercepted. A safer approach is to not send credentials at all. Specops Secure Onboarding instead allows the IT team to send secure enrollment links to new hires, with instructions explaining how to create their own strong passwords. As there’s no credential created or shared from the service desk, this eliminates the risk of interception. 2. Use biometric liveness detection to defeat impersonation Traditional identity checks are becoming less reliable; for instance, the answers to security questions can often be guessed from information an attacker can source from social media profiles. Especially in instances where the service desk may not be familiar with the employee, such as a new starter on their first day, agents need confidence that the person requesting access isn’t an attacker impersonating a genuine employee. Biometric liveness detection, delivered through solutions like Specops Secure Onboarding, can help by confirming that a real person is present during verification, rather than a static image, recording, mask or deepfake. This is especially useful for remote onboarding, where the service desk may never meet the employee face to face. 3. Verify identity before sensitive service desk actions Sensitive actions need stronger identity verification before they are approved. For instance, a request to reset the password of a privileged account should trigger checks as biometric liveness detection to provide high assurance that the request is genuine and the person making it linked to the correct account. Specops Secure Onboarding ensures that verification takes place before agents complete actions like password resets. Agents can enforce verification through strong identity checks and make trust decisions with greater confidence. Protect your service desk from AI-enabled attacks with Specops Specops Secure Onboarding helps organizations secure the service desk during high-risk actions by placing identity verification at the center of processes like onboarding, delivering: Stronger protection against identity-based attacks: Replace assumed trust with verified identity throughout onboarding, helping service desk teams defend against AI-powered impersonation. A consistent onboarding experience: Give every new starter the same secure process, wherever they are based, without adding unnecessary friction for HR teams or employees. Less risk at the service desk: Verify identity before sensitive actions are taken, so agents are not left to judge whether a request is genuine based on trust alone. If you’re interested in seeing how Specops Secure Onboarding can help your service desk defend against sophisticated social engineering attacks, contact us today or book a demo. Sponsored and written by Specops Software.

Entities

Active Directory (product)Specops Software (vendor)IBM (vendor)Verizon (vendor)