In modern enterprises, it is common to feed user data from HR systems into identity providers – your HR system is the true source of authority for employees. In Entra ID, two of the biggest HR platforms – Workday and SuccessFactors, have pre-built integrations to support these scenarios. Unknowingly, however, within these integrations lurked a hidden attack path from HR that could lead to a complete tenant takeover. And what do you do when you find this attack path? Well, fam, you go ask chat to help weaponize your discovery. This talk will look at the research that lead to discovery of a new privilege elevation in Entra ID, and how a well-crafted abuse could easily "fire" all your Global Admins, overtake break-glass accounts, and bypass commonly used protections. Don't have one of these HR systems in place? AI-driven plot twist time – we'll dive into how AI helped to pull off this abuse without an HR platform, enabling the attack to work in any Entra tenant.