IBM’s 2025 Cost of a Data Breach Report found that 16% of breaches studied involved attackers using AI tools — most often for phishing or deepfake impersonation attacks. That figure, short and stark, reframes a routine interaction inside many organizations: the service desk call asking for help to get access.
How AI makes impersonation more convincing
Service desks are a natural target for social engineering because an agent who believes a caller is legitimate can be asked to bypass or undo technical controls. The source material cites multiple high-profile breaches that began with a single service-desk prompt — “Can you help me get access?” — naming M&S, MGM Resorts and Clorox as examples of organizations whose incidents followed that pattern. The report explains that generative AI accelerates the craftsman’s work of the impersonator: polished emails, convincing chat messages and realistic call scripts can be produced in seconds, and, where targeted efforts demand it, attackers can generate voice or video content that mimics an employee.
Onboarding is highlighted as an especially exposed process. New hires need fast access and IT teams may not yet have deep familiarity with them. An attacker who poses as a first-day employee can use AI to reference the right department, create a sense of urgency and push a request through before an agent has time or evidence to disprove it.
AI-enabled reconnaissance: scraping public detail into believable pretexts
The material notes that “more personal information is available on the internet than ever before,” and AI helps threat actors find and stitch that information into a convincing story. Public signals — LinkedIn profiles, welcome posts, job adverts, press releases and company web pages — often reveal names, roles, reporting lines, systems in use and office locations. Attackers can use AI to pull and synthesize those signals into a script that sounds routine to a service-desk agent.
That level of personalization shifts a malicious request from obvious to ordinary. When a request feels routine — when it includes the right manager’s name, the correct team name and the expected technical pretext — it moves faster through busy queues and becomes harder to challenge without better verification tools.
Scaling the attack: how automation multiplies attempts
Beyond individual impersonations, the source explains, AI helps attackers scale social engineering. Rather than crafting a single bespoke email, an adversary can generate dozens of phishing variations, test different pretexts and adapt wording across channels. The result: persistent, multi-channel pressure that exploits service desks’ operational imperative to respond quickly.
The stakes are underscored by Verizon’s Data Breach Investigation Report finding that stolen credentials are involved in 44.7% of breaches. Service-desk decisions that lead to credential exposure — resets, releases or recovery-method changes — are therefore a common pivot for larger compromises.
Specops Secure Onboarding: the vendor’s three proposed defenses
The article is sponsored and written by Specops Software and presents Specops Secure Onboarding as a purpose-built response to AI-enabled service-desk threats. It frames three technical measures designed to reduce reliance on an agent’s split-second judgment:
- Secure password delivery: Instead of creating or sending initial credentials by SMS or email — channels that can be intercepted — the Specops approach is to send secure enrollment links that let new hires create their own passwords locally, removing a transmitted credential from the equation.
- Biometric liveness detection: To address impersonation — including deepfake audio or video — the solution uses liveness checks so verification confirms a live person is present rather than a static image, recorded voice or manipulated media. The material positions this as particularly useful for remote onboarding where face-to-face confirmation is unavailable.
- Verification before sensitive actions: Specops recommends enforcing strong identity checks, such as biometric liveness, prior to sensitive service-desk actions (for example, privileged-account password resets) so agents do not have to decide on trust alone.
Specops summarizes the benefits as stronger protection against identity-based attacks, a consistent onboarding experience across locations and reduced risk for service-desk teams. The source also includes a standard vendor call-to-action to contact Specops or book a demo.
What this means for service desk teams, IT leaders, and new hires
- Service desk teams: Expect more believable social-engineering pretexts that blend public detail and AI-polished language; prioritize tooling that elevates identity verification above subjective judgment.
- IT leaders and procurement: Review onboarding workflows that create one-off exceptions or send credentials over SMS/email, and consider solutions that centralize and harden initial access delivery and verification.
- New hires and HR teams: Avoid public signals that reveal technical detail or privileged reporting lines where possible; standardized, secure onboarding processes reduce the window of exposure for first-day access problems.
The central lesson in the source material is explicit: AI shifts social engineering from noisy to normal. When attackers can make a malicious request look routine, the onus moves from agents’ intuition to concrete verification controls. For organizations that continue to treat onboarding and high-risk resets as matters of polite trust, the statistics cited — 16% of breaches involving AI tools and stolen credentials present in 44.7% of breaches — are a clear argument to change the process, not merely the training.
Read the original story: https://www.bleepingcomputer.com/news/security/3-ways-ai-powers-service-desk-attacks-and-how-to-prevent-them/




