![[Video] The TTP Ep 21: When Attackers Become Trusted Users](https://blog.talosintelligence.com/content/images/2026/04/2025YiR-report_cover.jpg)
[Video] The TTP Ep 21: When Attackers Become Trusted Users
In this episode of the Talos Threat Perspective, we explore how identity is being used to gain, extend, and maintain access inside environments.
Drawing on insights from the 2025 Talos Year in Review, we break down how attackers are:
· Targeting identity systems and MFA workflows
· Establishing persistent, high-trust access
· Using internal phishing to move laterally
· Could potentially exploit over-permissioned AI agents and identity-linked access
· Blending into normal user behaviour
This episode focuses on how identity enables attackers to scale their operations, and what that means for defenders trying to detect and contain them.
![[Video] The TTP Ep 21: When Attackers Become Trusted Users](https://blog.talosintelligence.com/content/images/2026/03/YiR2025_background-2.jpg)
Read the 2025 Cisco Talos Year in Review
Cisco Talos Blog – Read More
