IBM’s 2025 Cost of a Data Breach Report found that 16% of breaches studied involved attackers using AI tools, most often for phishing or deepfake impersonation attacks. For security teams, that has direct implications for the service desk.
The service desk is a natural target for social engineering, as an attacker that convinces an agent they are a legitimate user may not need to bypass technical controls. They can simply ask for help getting around them. AI makes that easier, helping attackers sound more credible by personalizing their approach.
Onboarding is particularly exposed in a threat landscape where AI enables more convincing social engineering attacks.
New employees need fast access, but the organization may not yet have strong familiarity with who they are. Attackers can exploit that gap, so service desk agents need better ways to prove identity before they hand over credentials, reset MFA or approve sensitive changes.
Three ways AI aids service desk attacks
1. AI makes impersonation more convincing
High-profile attacks against M&S, MGM Resorts, Clorox and others all started with a simple question to the service desk: “Can you help me get access?”. From there, the threat actors gained access to accounts, escalated their attacks and cost the victim organizations millions.
Impersonation has long been a risk at the service desk, and AI makes it even harder for agents to judge whether a request is genuine.
Attackers can now use generative AI to create polished emails, convincing chat messages and realistic call scripts in seconds. In more targeted attacks, they can also use AI-generated voice or video to impersonate an employee.
Onboarding is especially exposed. New employees are not always known to IT teams, and first-day access issues are expected. An attacker posing as a new hire can use AI to sound credible, reference the right department and create just enough urgency to push a request through.
... continue reading