An authenticated user is someone who has successfully proved their identity to a system, usually by logging in with a password, token, certificate, or another authentication method. In security terms, this is different from an anonymous visitor: the system now treats the person as a known account holder with whatever roles and permissions that account has.
This matters because many attacks begin after login. A flaw that affects an authenticated user can be more dangerous than a public-facing bug, since the attacker already has valid access and may only need a weak permission check or parsing error to escalate privileges. Defenders focus on limiting what authenticated accounts can do, enforcing least privilege, using multi-factor authentication, and monitoring post-login activity for unusual admin actions, role changes, or access to management functions. In practice, “authenticated user” often marks the boundary between ordinary access and a possible path toward higher system rights.