In this session, I walk through a realistic attack path that starts with trusted Microsoft sign-in experiences and escalates into enterprise application compromise, without relying on fake login pages or suspicious URLs.

You will see how AI can be used to analyse identity access, application permissions, and cross-tenant relationships to uncover hidden attack paths that are often missed in traditional security reviews.

The session demonstrates how application ownership, excessive permissions, and default configurations can unintentionally expand access, even in environments with strong user-focused security controls.

Attendees will leave with a clear understanding of how these attack paths work in practice, and what concrete steps to take to reduce risk, including tenant restrictions, enterprise application governance, and better control over application permissions.