Credential stuffing attacks had a massive impact in 2024, driven by a vicious cycle of infostealer infections and data breaches. However, a new threat is emerging—Computer-Using Agents (CUAs)—AI-powered tools that enable low-cost, automated web attacks, making it easier than ever for cybercriminals to exploit stolen credentials.
Credential-based attacks dominated 2023 and 2024, accounting for 80% of web app breaches. With billions of leaked credentials available online, attackers can buy fresh credential dumps for as little as $10, making credential stuffing a cost-effective and scalable attack method.
The criminal marketplace for stolen credentials has thrived, fueled by high-profile breaches, including the attack on Snowflake customers. This incident saw attackers exploit credentials leaked in data breaches and infostealer malware logs, compromising 165 customer tenants and exposing hundreds of millions of records.
Despite the widespread impact of identity-based attacks, cybercriminals haven’t yet reached their full potential—but that could change with automation.
The Evolution of Credential Attack Automation
Brute-force and credential stuffing attacks have long been part of the hacker toolkit. However, the shift to SaaS-based IT environments has introduced new challenges for attackers:
1. Decentralized Identities Create Complexity
Instead of a single centralized network, organizations now use hundreds of web apps, each requiring unique credentials. Unlike traditional Active Directory environments, where attackers could target a single system, modern SaaS-based identities are distributed across different platforms.
Additionally, modern web apps use highly customized authentication systems with built-in security measures like CAPTCHAs and rate limiting, making large-scale automated attacks harder.
2. The Overwhelming Volume of Stolen Credentials
With 15 billion+ compromised credentials in circulation, attackers have a massive pool of login data to work with. However, most of these credentials are outdated or invalid. Research by Push Security found that less than 1% of credentials in multi-vendor threat intelligence feeds were still valid.
Yet, some credentials remain valuable—as seen in the Snowflake attack, where credentials dating back to 2020 were successfully exploited. Attackers are always searching for these hidden vulnerabilities.
3. Attackers Must Prioritize Targets
Due to the complexity of modern SaaS environments, attackers must choose targets carefully:
- Writing custom scripts for each of the 40,000+ SaaS apps is impractical.
- Even with botnets, security controls like rate limiting, CAPTCHAs, and account lockouts make large-scale credential stuffing harder.
- High-volume attacks generate traffic spikes, increasing detection risk.
Instead, attackers focus on a few high-value apps (e.g., Microsoft 365, Snowflake) or target specific credentials linked to critical infrastructure.
The Growing Risk of AI-Powered Credential Attacks
Password Reuse Increases the Risk
Many users reuse passwords across multiple accounts, increasing the impact of credential leaks:
- 1 in 3 employees reuse passwords.
- 9% of identities use the same password without MFA.
- 10% of SSO accounts have non-unique passwords.
This means that a single compromised credential can provide access to multiple accounts across different apps.
Scaling Credential Attacks with Computer-Using Agents (CUAs)
Until now, AI has played a limited role in identity-based attacks, mostly aiding in phishing campaigns and malware development. However, AI-driven automation is set to change everything.
OpenAI Operator introduced a new class of AI—Computer-Using Agents (CUAs)—which can interact with web apps just like a human. Unlike traditional automation tools, CUAs don’t require custom scripts to interact with different sites. This makes large-scale credential stuffing significantly easier.
Security researchers at Push Security tested Operator’s capabilities for credential attacks by:
- Identifying companies with existing accounts on different SaaS apps.
- Attempting to log in using stolen credentials.
The Results? A Game-Changer for Attackers
Operator successfully targeted multiple business apps using compromised credentials, performing in-app actions at scale. The implications are clear:
- Mass credential testing across thousands of apps becomes feasible.
- AI agents can bypass traditional bot detection techniques.
- Attackers can orchestrate large-scale automated campaigns using API-driven AI agents.
While OpenAI may introduce restrictions (e.g., rate limits and better guardrails), similar malicious AI agents are likely to emerge. The democratization of AI-driven credential attacks could worsen the security landscape dramatically.
The rise of AI-driven credential stuffing represents a significant escalation in cyber threats. Organizations must proactively secure their identity attack surfaces to stay ahead:
How to Defend Against AI-Driven Credential Attacks
- Enforce Multi-Factor Authentication (MFA): Reduces reliance on passwords alone.
- Monitor for Compromised Credentials: Use threat intelligence to detect and respond to leaked credentials.
- Eliminate Password Reuse: Encourage unique, complex passwords across accounts.
- Deploy AI-Powered Security Solutions: Leverage behavioral analytics and zero-trust frameworks to detect suspicious login attempts.
- Enhance SaaS Security Posture: Implement identity and access management (IAM) best practices to reduce exposure.
AI-powered credential attacks may redefine cybersecurity threats, but organizations can still defend themselves with proactive security measures. By securing identities before attackers can exploit them, businesses can stay one step ahead of the next wave of AI-driven cybercrime.