MFA Prompt Bombing: Why Your Second Factor Isn't Saving You

Multi-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant that, even if an attacker possessed the account credentials, they couldn't log in without the second factor. While that logic was sound, attackers have now figured out that they don't need to steal the second factor: they just need the user to hand it over. If your workforce authenticates with

The article explains how attackers bypass multi-factor authentication (MFA) by using "MFA prompt bombing"—overwhelming users with push notifications or social engineering them into approving a login, even when the second factor is technically enabled. It highlights that human behavior and fatigue can be exploited to defeat otherwise sound authentication controls. From a CyberSE.AI perspective, this pattern maps directly to AI agent abuse risks where users can be socially engineered into approving or enabling dangerous AI actions (e.g., tool use, data access, or transaction approvals) despite technical guardrails. Organizations should simulate and red team these social and workflow attack paths around AI agents, not just their underlying models, to harden high-risk approval flows and reduce reliance on fatigued or confused human consent.