An authenticated attacker is a person who has successfully logged into a system or application, typically by using valid credentials. Unlike external attackers who try to breach systems from the outside, authenticated attackers already have some level of authorized access. They exploit this legitimate access to find and abuse vulnerabilities, escalate privileges, steal sensitive data, or disrupt operations. This type of attacker can be an insider, such as a disgruntled employee, or an outsider who has obtained login details through phishing or other means. Because they operate with valid credentials, detecting their malicious actions can be more challenging than spotting external threats.