On June 17, 2026, the Barracuda Networks security red team published a simulation that traced an AI-powered email attack from the first phishing message to full endpoint compromise and persistent attacker access. The entire chain took under five minutes.
The simulation was not a contrived edge case. It used commercially available tools and realistic attack techniques observed in active campaigns. The target environment ran standard enterprise defenses. The result was a three-stage kill chain that bypassed multifactor authentication, established long-term persistence on the endpoint, and did so starting from a phishing email that would not alarm an experienced user on visual inspection.
DMARC does not appear in the failure list. The attack passed authentication at every stage.
The Three-Stage Attack Chain
Stage one: AI-generated phishing
The attack began with an email crafted by a large language model to mimic a legitimate Microsoft SharePoint file-sharing notification. The message contained no misspellings, no unusual formatting, and no sender address that would trigger visual suspicion. The link pointed to a page styled as a SharePoint document preview.
This is the practical effect of AI on phishing in 2026. The grammatical signals that trained users watched for – inconsistent capitalization, odd phrasing, obvious domain spoofing – have largely disappeared from targeted campaigns. Large language models generate clean, contextually appropriate lure text at scale, and the content passes casual human review as well as many automated content filters. The DMARC record on the sending domain was valid. SPF alignment checked out. DKIM passed.
The email was authenticated. It was also malicious.
Stage two: adversary-in-the-middle and MFA bypass
When the target clicked the link, they encountered a real-time relay proxy. Adversary-in-the-middle (AitM) attacks place this relay between the victim and the genuine login service. The victim completes authentication normally, including entering their MFA code. The relay captures both the credentials and the session token that the legitimate service issues after successful login.
The MFA code is useless to the attacker. The session token – which does not require the MFA factor to reuse – is everything they need. With a valid session token in hand, the attacker has authenticated access to the target account without ever knowing the password or the MFA factor. The authentication requirement has been satisfied by the legitimate service on behalf of the victim. The attacker arrives with a valid credential.
Stage three: ClickFix and endpoint persistence
The third stage presented the victim with a fake troubleshooting prompt appearing to come from a legitimate-looking site. The prompt instructed the user to open their terminal or Run dialog and paste a command. The command was pre-loaded in the clipboard. One confirmation click executed it.
ClickFix works because it offloads execution to the victim. The attacker does not deliver a malicious binary or trigger an endpoint detection signature. The user runs the command themselves, and that command establishes attacker persistence on the machine.
Total elapsed time in the Barracuda simulation: under five minutes from initial email to persistent endpoint access.
What DMARC Protects and What It Does Not
DMARC solves a specific, well-defined problem. It verifies that the domain in the From header of an email aligns with the domain that authenticated the message via SPF or DKIM. This prevents external parties from sending mail that falsely claims to originate from your domain. If your organization has a DMARC record at p=reject, no attacker can send email claiming to be from your domain to recipients whose providers honor DMARC enforcement.
That is an extremely valuable protection. It closes the door on direct domain spoofing, which is the most common mechanism in brand impersonation and business email compromise attacks launched from external infrastructure.
What DMARC does not address is what happens after a message is delivered. An email that passes DMARC has been authenticated at the transport layer. The content of that email – the link it contains, the page that link loads, every instruction the recipient follows after the delivery event – is outside DMARC’s scope entirely.
The Barracuda simulation exploited exactly this boundary. The phishing email was authentic at the sender level. DMARC saw a properly configured domain, valid SPF, and a passing DKIM signature. The attack lived in what came after the delivery event: the AitM relay page, the credential capture, the session token theft, the ClickFix prompt.
None of those stages are visible to DMARC. All of them succeeded.
The Scale of the Authentication Gap in 2026
The Barracuda simulation landed against a backdrop of persistent authentication failures across the broader email ecosystem. Cloudflare’s 2026 Threat Report, drawn from an analysis of 450 million emails, found that 43% failed SPF checks, 44% lacked valid DKIM signatures, and 46% failed DMARC validation entirely.
These numbers represent two distinct problems operating simultaneously. The large share of emails failing authentication are senders who have not implemented the basics correctly – mail that should not pass authentication gates and often does not. That population is the primary target of DMARC enforcement advocacy, and getting them to p=reject closes meaningful attack surface.
But within the email that does pass authentication – the mail that DMARC, SPF, and DKIM all validate – there is a growing subset of AI-crafted phishing designed specifically to pass those checks while executing multi-stage attacks on recipients. The Cloudflare report also documented over $123 million in intercepted BEC financial theft attempts in 2025, with an average attempt calibrated at $49,225, a figure deliberately set just below typical executive payment approval thresholds. Attackers targeting specific organizations do not look like mass phishing campaigns. They pass authentication, they look legitimate, and they rely on what happens after delivery.
What the Simulation Means for Your Email Security Posture
DMARC enforcement at p=reject is still the non-negotiable starting point. The Barracuda simulation is not an argument against DMARC. It is an argument for understanding what DMARC covers so you do not treat it as a complete solution. Without DMARC at enforcement, external parties can spoof your domain directly. That threat is simpler and more pervasive than the AI attack chain. DMARC closes it. If your organization is not yet at p=reject, that remains the first priority.
Post-delivery protection covers the gap DMARC cannot reach. The five-minute kill chain succeeded in the layer that exists after delivery. Post-delivery email security – capabilities that can retract messages after they land, detect AitM relay infrastructure, and flag anomalous session behavior – operates in precisely the layer DMARC does not. The Barracuda Integrated Email Protection platform, launched alongside the red team report, was built specifically to address this: continuous, automated detection and remediation across the full attack lifecycle, including post-delivery message clawback for Microsoft 365 and Google Workspace environments.
AI-powered attacks require automated response at matching speed. An attack chain that achieves persistent endpoint access in five minutes does not allow time for a human analyst to detect, investigate, and respond. Detection and response must operate at automation speed. Alert queues reviewed at human pace are inadequate against attacks with this kind of velocity.
Standard MFA does not stop AitM. The simulation bypassed MFA by capturing the session token after the legitimate authentication completed. This is a well-understood limitation of TOTP-based and SMS-based MFA when AitM infrastructure is in the path. The victim correctly entered their MFA code; the relay simply passed it through and captured the resulting session. Hardware-bound authentication, such as FIDO2 passkeys and device-bound session credentials that bind to the specific origin and device, resists AitM because the credential cannot be replayed from a different machine.
The Authentication Foundation Still Matters – and Is Not Enough Alone
DMARC adoption across the top 1.8 million domains reached 52.1% in 2026, up from 47.7% the previous year and 27.2% three years ago. Google, Yahoo, and Microsoft all require DMARC for bulk senders and enforce delivery penalties against non-compliant mail. The trajectory is clear, and the authentication floor is rising.
That foundation is worth building carefully. Every organization that moves from p=none to p=reject closes the direct spoofing attack surface that DMARC was designed to eliminate. That matters.
What the Barracuda simulation demonstrates is that the attack surface does not end at the authentication gate. An email can be fully authenticated, delivered successfully, pass every filter at the transport layer, and still initiate a kill chain that reaches the endpoint in under five minutes. The organizations that understand this distinction are building a layered posture – DMARC at enforcement, post-delivery protection, AitM-resistant authentication, and endpoint controls – rather than treating any single layer as the complete answer.
Excello Mail gives you full visibility into your DMARC, SPF, and DKIM configuration across all your sending domains, so you can close the authentication gap before attackers exploit it. Sign up for free to Excello Mail and make sure your email authentication foundation is solid.