Cyber Security. 6.05.26

7 ways deepfake voice attacks bypass MFA (and how to respond)

Deepfake voice attacks bypass multi-factor authentication by exploiting identity verification processes rather than breaking authentication controls. Attackers use AI-generated voices and realistic social engineering techniques to convince helpdesks or staff to reset MFA or enrol new devices. This allows them to gain legitimate access without triggering traditional security alerts. These attack paths are increasingly observed in real-world penetration testing, where attackers move through normal workflows instead of exploiting technical vulnerabilities.

How attackers bypass MFA 

Deepfake voice attacks can enable attackers to bypass multi-factor authentication (MFA) by exploiting identity verification processes and support workflows rather than breaking authentication controls.

Attackers use AI-generated voice impersonation alongside realistic social engineering techniques to convince helpdesks or internal teams to reset MFA or enrol new devices. This allows them to gain legitimate access without triggering traditional security alerts.

These attack paths are increasingly demonstrated through human-led penetration testing and adversary‑simulation exercises, where attackers move through normal operational workflows instead of exploiting technical vulnerabilities.

What a deepfake MFA bypass looks like

The attack itself is not technically complex. Its effectiveness comes from its realism and contextual plausibility.

A typical sequence involves reconnaissance using publicly available information, followed by voice impersonation of a known employee. The attacker then contacts the helpdesk with a plausible issue, such as a device problem or access failure, and requests assistance. If the request is approved, MFA is reset or a new device is enrolled, after which the attacker authenticates using legitimate credentials.

At no point is MFA broken. Instead, it is removed or reconfigured through normal operational processes.

MFA Bypass

7 ways deepfake voice attacks bypass MFA

 

1. Helpdesk MFA reset manipulation

In many organisations, the helpdesk is responsible for resolving access issues, including MFA resets. These requests are routine and often handled under time pressure, particularly when they affect business-critical users.

Attackers exploit this by presenting a request that fits expected patterns. A lost phone or a synchronisation issue does not raise concern on its own. If identity verification relies on information that can be gathered or reproduced, the request may be approved. At that point, MFA is reset through a legitimate process, allowing the attacker to register their own device and gain access.

2. Voice impersonation of known staff

Deepfake voice technology allows attackers to replicate the voice of a real employee or executive using publicly available recordings. Content from presentations, webinars, or internal communications is often sufficient to create a convincing model.

When the helpdesk receives a call that sounds like a known individual, the interaction feels familiar rather than suspicious. This familiarity reduces the likelihood that the request will be challenged, particularly when the caller also demonstrates awareness of internal context.

3. Exploiting urgency and exception handling

Most organisations have processes that allow urgent access issues to be resolved quickly. These processes are necessary for business continuity, but they also introduce opportunities for misuse.

Attackers create scenarios that appear time-sensitive and reasonable, such as being locked out before an important meeting or needing immediate access to a system. When combined with impersonation of a senior employee, this can lead to exceptions being made. Those exceptions often reduce the level of verification applied, which increases the likelihood of a successful bypass.

4. Weak identity verification processes

Identity verification often relies on signals such as voice recognition, knowledge of personal details, or familiarity with internal systems. While these checks may have been sufficient in the past, they are increasingly easy to replicate.

AI lowers the skill threshold required to collect, analyse, and convincingly reproduce this information at scale. By combining publicly available data with generated content, attackers can meet the requirements of many verification processes without direct access to internal systems. Without an independent control that cannot be influenced through a single interaction, the process becomes vulnerable to manipulation.

5. Using publicly available organisational context

A significant amount of organisational information is available through public sources. This includes reporting structures, job roles, and even details about ongoing projects.

Attackers use this information to build a detailed understanding of how the organisation operates. This allows them to make requests that align with real workflows and relationships. As a result, the interaction appears credible not because of technical sophistication, but because it reflects the organisation’s actual structure.

6. Generating realistic social engineering scripts

Large language models (LLMs) allow attackers to generate communication that matches the tone and language used within an organisation. This removes much of the uncertainty that previously limited social engineering attempts.

Instead of relying on generic scripts, attackers can tailor their approach to specific roles and situations. This increases the likelihood that the request will be accepted, particularly when combined with accurate context and voice impersonation.

7. Blending into legitimate authentication activity

Once MFA has been reset or a new device has been enrolled, the attacker can authenticate using valid credentials. From a system perspective, the activity appears legitimate.

MFA remains enabled, authentication succeeds, and logs reflect expected behaviour. Because the compromise occurs earlier in the process, within identity verification, few indicators would trigger detection tools.

 Human led penetration testing 

Why these attacks are difficult to detect

These attacks do not rely on exploiting technical vulnerabilities. Instead, they abuse normal operational processes.

There is no malware involved, no brute force activity, and no obvious anomaly in authentication patterns. Because the helpdesk interaction appears legitimate, and subsequent access follows expected workflows, traditional detection mechanisms are unlikely to identify the activity as malicious.

This highlights a broader challenge. Many security monitoring and detection tools are optimised to identify technical abuse, while procedural and decision‑based abuse is significantly harder to observe and measure.

Why most security testing misses this risk

Security testing is often focused on identifying technical weaknesses within systems. While this approach is effective for uncovering vulnerabilities, it doesn't always reflect how attackers behave.

Automated tools do not interact with helpdesks, attempt to influence decisions, or test how identity workflows respond in real scenarios. They identify individual weaknesses, but they do not show how those weaknesses can be combined or exploited through human interaction.

As a result, organisations can appear secure from a technical perspective while still being exposed to realistic attack paths.

Approval automation workflow

What this means for security leaders

MFA continues to play an important role in protecting access, but it cannot be treated as a complete control in isolation. Risk is increasingly concentrated in how identity decisions are made, particularly in helpdesk processes, exception handling, and verification workflows.

These attack paths do not break controls. They move through them.

Most security testing focuses on technical weaknesses within systems. While this approach is effective for uncovering vulnerabilities, it does not reflect how attackers behave in real environments. Automated tools do not interact with helpdesks, attempt to influence decisions, or test how identity workflows respond under pressure.

As a result, organisations can appear secure from a technical perspective while still being exposed to realistic attack paths.

To respond effectively, organisations need to shift focus from individual technologies to how identity workflows operate in practice. That means testing not just whether controls exist, but how they behave under realistic conditions.

This requires a different approach:

  • Test identity workflows under real conditions, not just systems in isolation

    Assess how helpdesk teams handle MFA resets, urgent requests, and identity verification when decisions need to be made quickly.

  • Simulate real-world attack scenarios

    Replicate impersonation, deepfake-enabled social engineering, and exception handling to understand how decisions are made in context.

  • Identify how risks combine across environments

    Expose how low-risk issues across identity, SaaS, and cloud systems can be chained into meaningful attack paths.

  • Strengthen verification beyond replicable signals

    Reduce reliance on knowledge-based or easily reproduced identity signals by introducing controls that require independent validation.

  • Align testing with recognised frameworks

    Map findings to frameworks such as MITRE ATT&CK and OWASP guidance to ensure coverage of real adversary behaviour and emerging AI-driven risks.

Organisations that test workflows rather than isolated controls are far better positioned to detect, contain, and prevent AI-enabled attacks before they escalate. 


How The Missing Link tests these attack paths

The Missing Link assesses these scenarios through human-led, AI-supported penetration testing.

This approach focuses on how attackers move through real environments, rather than evaluating controls in isolation. It includes testing identity workflows, helpdesk processes, and social engineering scenarios alongside technical assessment of cloud and SaaS platforms.

The goal is to understand what an attacker could achieve in a real environment, including how seemingly low-risk issues can be combined into a viable attack path. This level of insight cannot be achieved through automated testing alone. It requires human-led testing that can interpret context, simulate attacker behaviour, and show how individual weaknesses combine into meaningful risk.

 Human led penetration testing v2 

Frequently asked questions

 

Can deepfake attacks really bypass MFA?
Yes. They exploit identity verification processes rather than breaking MFA itself.
Why does MFA not stop this attack?
Because the control depends on the processes around it. If MFA is reset or reconfigured through those processes, the protection is effectively removed.
Is this a technical vulnerability?
No. The weakness exists in how identity verification is designed and executed.
Who is most at risk?
Organisations with large support teams, inconsistent verification processes, or reliance on trust-based identity checks.
How do organisations test for this risk?
Through human-led penetration testing that includes social engineering and validation of identity workflows. 

 

Read the full whitepaper

Understand how real-world attacks bypass traditional controls and how to uncover them before attackers do. This scenario is explored in detail in Human-led penetration testing in an AI-driven threat landscape, including how attackers move from initial access to broader compromise and why these attack paths are often missed. 

Download the whitepaper

Latest Insights

 

Author

Matt Dobinson

As Head of Security Consulting at The Missing Link, I lead offensive security engagements focused on red teaming, penetration testing, and adversary simulation. With a background in software development and systems engineering, I help organisations uncover real-world vulnerabilities and strengthen their defences. Outside of work, I’m usually experimenting with firmware or pulling apart how systems behave under pressure. If it runs code, I’m interested in how it works and how it can be broken.