- A single Russian-speaking threat actor used generative AI tools — including Anthropic Claude and DeepSeek — to breach over 600 FortiGate firewall devices across 55 countries.
- CyberStrikeAI, an open-source AI-native offensive security platform, was central to the attack — and it dramatically lowered the technical skill required to pull it off.
- Exposed management interfaces and weak credentials were the primary entry points — not sophisticated zero-day exploits.
- GenAI is no longer just a defender’s tool — attackers are now using it to automate reconnaissance, exploit development, and parallel intrusions at scale.
- There are five concrete steps you can take right now to protect your FortiGate devices — and one of them is so simple it takes under five minutes.
AI-driven cyber attacks just moved from theoretical threat to documented reality — and a single amateur hacker just proved it at a scale that should concern every enterprise security team on the planet.
In early 2026, cybersecurity firm Team Cymru uncovered a campaign in which a financially motivated, Russian-speaking threat actor systematically targeted Fortinet FortiGate firewall appliances using commercially available generative AI services. The attacker wasn’t part of a nation-state group with a massive budget and a team of elite hackers. This was one person, leveraging open-source tooling and AI to punch far above their technical weight class. Enterprises looking to stay ahead of this evolving threat landscape need to understand not just what happened, but exactly how it happened — and why it worked.
600 FortiGate Devices Breached Across 55 Countries — Here’s What Happened
Between late 2025 and early 2026, a coordinated intrusion campaign compromised more than 600 Fortinet FortiGate appliances spanning 55 countries. Team Cymru, the threat intelligence firm that first identified and tracked the campaign, observed the attacker methodically scanning for vulnerable FortiGate devices exposed to the internet, exploiting weak credentials, and extracting configuration files and VPN credentials — all at a speed and scale that would be extremely difficult for a single human operator to achieve manually.
The Role of CyberStrikeAI in the Attack
The attacker’s primary weapon was CyberStrikeAI, an open-source, AI-native security testing platform that was originally designed for legitimate penetration testing. CyberStrikeAI integrates directly with large language models (LLMs) to automate the most time-consuming parts of an offensive operation — reconnaissance, vulnerability mapping, and exploit chaining. In this campaign, the attacker used CyberStrikeAI as the operational backbone, with Anthropic Claude and DeepSeek serving as the AI engines powering real-time decision-making during the intrusions.
What made this attack different: Traditional automated attacks follow rigid, pre-programmed scripts. CyberStrikeAI-powered attacks adapt in real time, using AI to analyze device responses and adjust tactics on the fly — mimicking the decision-making of a skilled human attacker, but at machine speed.
This is a fundamental shift in how intrusion campaigns operate. The attacker didn’t need deep expertise in FortiGate internals or advanced knowledge of network exploitation. CyberStrikeAI and its integrated AI models handled the heavy lifting, translating high-level attack objectives into precise technical actions against each targeted device.
Why FortiGate Devices Were Targeted
FortiGate firewalls are among the most widely deployed network security appliances in the enterprise world — which makes them a high-value target by default. Many organizations expose their FortiGate management interfaces directly to the internet, often with default or weak credentials still in place. This combination of widespread deployment and common misconfigurations made FortiGate devices the ideal target for a mass-scanning, credential-harvesting campaign designed to maximize reach with minimal effort.
How AI Acted as a Force Multiplier
The most alarming aspect of this campaign isn’t the number of devices compromised — it’s the efficiency. A single threat actor, without nation-state resources or an elite technical background, was able to run parallel intrusion operations against hundreds of targets simultaneously. AI effectively turned one person into the operational equivalent of a small hacking team, handling multiple active intrusions, adapting to device-specific responses, and extracting high-value data with minimal human intervention required at each step.
What Is CyberStrikeAI?
CyberStrikeAI is an open-source, AI-native offensive security platform — and its existence represents one of the most significant developments in the cybersecurity threat landscape in recent years.
An Open-Source AI Offensive Security Tool
Unlike traditional penetration testing frameworks such as Metasploit, which rely on a library of pre-built exploits and manual operator input, CyberStrikeAI is built from the ground up to integrate with large language models. This means the platform can interpret natural language instructions, reason about target environments, generate custom exploit code on demand, and chain multiple attack techniques together in an automated workflow. It was publicly released as an open-source project, meaning any threat actor with internet access can download and deploy it — for free.
Ties to a China-Based Developer
Investigations into CyberStrikeAI’s origins traced the platform’s development to a China-based developer. It is critically important to note that no evidence has linked the developer to the Chinese government, and there is no indication this was a state-sponsored tool. However, the fact that an offensive AI platform of this capability was developed, open-sourced, and ultimately weaponized by a financially motivated criminal actor in an entirely separate country underscores just how quickly these tools proliferate once they enter the public domain.
How CyberStrikeAI Differs From Traditional Hacking Tools
| Feature | Traditional Tools (e.g., Metasploit) | CyberStrikeAI |
|---|---|---|
| Skill Required | Moderate to High | Low to Moderate |
| Attack Customization | Manual scripting required | AI-generated on demand |
| Adaptability During Attack | Rigid, pre-programmed | Real-time AI decision-making |
| Parallel Operations | Limited by operator capacity | Scales with AI processing power |
| Cost | Free / Low cost | Free (open-source) |
The practical implication of this comparison is stark. A threat actor who previously lacked the technical depth to execute a sophisticated multi-target campaign can now deploy CyberStrikeAI, point it at a class of vulnerable devices, and let the AI do the work that previously required years of specialized training.
How the Attack Actually Worked
Understanding the attack mechanics is essential for building an effective defense. This wasn’t a random spray-and-pray operation — it was a structured, AI-assisted campaign with clear phases.
Automated Mass Scanning for Vulnerable Devices
The first phase involved automated mass scanning of internet-facing IP address ranges to identify FortiGate devices with exposed management interfaces. CyberStrikeAI coordinated this reconnaissance at scale, identifying thousands of potential targets and filtering them down to those most likely to yield successful access. This scanning phase is where AI provided its first major advantage — processing and triaging target data far faster than any manual approach could achieve.
Exposed Management Interfaces and Weak Credentials Were the Entry Points
Once targets were identified, the attack pivoted to credential-based access attempts. The vast majority of successfully compromised devices shared two characteristics: their management interfaces were accessible from the public internet, and they were protected by weak or default credentials. This is not a sophisticated exploitation technique — it is a fundamental configuration failure that continues to plague enterprise deployments of network security hardware at alarming rates.
How Anthropic Claude and DeepSeek Were Used in the Attack
Once inside a target device, the attacker used Anthropic Claude and DeepSeek as real-time reasoning engines to guide the exploitation process. Claude was used to interpret device configuration outputs, identify exploitable misconfigurations, and generate targeted command sequences tailored to each specific FortiGate environment. DeepSeek handled elements of the automated intrusion workflow, processing device responses and determining the next logical step in the attack chain — essentially acting as an AI co-pilot that kept the operation moving without requiring constant human input.
What makes this particularly significant is that both Claude and DeepSeek are commercial, publicly accessible AI services. The attacker didn’t build or train a custom AI model. They simply used tools that anyone can access today, feeding them attack-relevant prompts and leveraging their reasoning capabilities as an offensive asset. This is a blueprint that any motivated threat actor can replicate right now.
Parallel Intrusions at Scale: What That Means
Traditional single-operator hacking campaigns are bottlenecked by the attacker’s ability to manage one or a small number of active sessions at a time. CyberStrikeAI eliminated that bottleneck entirely. The platform enabled the attacker to run simultaneous intrusion sessions across hundreds of FortiGate devices in parallel, with AI managing the progression of each session independently. The result was a campaign that compressed what would normally take a large team weeks of work into a timeframe achievable by one person operating with AI assistance.
Who Was Behind the Attack?
Team Cymru’s threat intelligence analysis traced the campaign to a single, financially motivated threat actor — not a nation-state group, not a sophisticated cybercriminal organization, but one individual operating with commercially available tools and open-source software.
A Financially Motivated, Russian-Speaking Threat Actor
Linguistic and behavioral analysis of the attacker’s operational patterns and communications identified them as a Russian-speaking individual. The campaign’s objectives were consistent with financial motivation — the primary targets of data extraction were VPN credentials and device configuration backups, both of which have significant resale value on criminal marketplaces and both of which are ideal staging assets for follow-on ransomware attacks. The attacker showed no interest in espionage-style data collection, which further supports the financially motivated profile over any state-aligned attribution.
How Team Cymru Traced the Attacker’s IP Address
Team Cymru’s Pure Signal Recon platform was central to unmasking the attacker. By correlating network flow data, passive DNS records, and IP reputation intelligence, Team Cymru was able to identify a consistent source IP infrastructure that the attacker used across the campaign. The attacker made the critical mistake of reusing infrastructure across multiple intrusion attempts, which created a traceable pattern in the network telemetry data that Team Cymru’s platform was able to surface and analyze.
This infrastructure reuse is a common operational security failure among financially motivated threat actors who prioritize speed and efficiency over stealth. Nation-state actors typically rotate infrastructure aggressively to avoid exactly this kind of attribution. The fact that this attacker was caught through infrastructure reuse reinforces the profile of a skilled-but-not-elite individual who relied on AI to compensate for gaps in traditional tradecraft — not a seasoned operator with rigorous operational security discipline.
Which Countries and Regions Were Hit Hardest
The attack campaign spanned 55 countries across multiple continents, reflecting the attacker’s strategy of targeting any accessible FortiGate device regardless of geography — the selection criteria was vulnerability and accessibility, not geopolitical targeting.
South Asia, Latin America, and West Africa Among Most Affected
While the campaign was geographically broad, South Asia, Latin America, and West Africa emerged as the regions with the highest concentration of compromised devices. These regions share a common characteristic: a high density of enterprise and government FortiGate deployments where patch management and security hardening practices often lag behind those in North America and Western Europe. Organizations in these regions frequently lack the dedicated security operations resources to monitor for and respond to automated scanning campaigns, making them disproportionately represented among the 600+ compromised devices.
What This Attack Reveals About AI-Powered Cyber Threats
This campaign isn’t just a story about one hacker and 600 firewalls. It is a signal — clear and loud — about the direction the entire threat landscape is moving, and every enterprise security team needs to internalize what it means.
GenAI Is Lowering the Technical Bar for Attackers
Generative AI tools like Claude and DeepSeek were designed to democratize access to knowledge and capability — and they are doing exactly that for cybercriminals. Tasks that previously required deep technical expertise, such as interpreting device configurations, generating custom exploit payloads, and chaining attack techniques together, can now be delegated to an AI model through natural language prompts. The skill gap between an amateur threat actor and a seasoned one is narrowing at a pace the security industry wasn’t fully prepared for.
Open-Source Offensive Tools Are Now Accessible to Low-Skill Actors
CyberStrikeAI’s open-source availability means the barrier to entry for sophisticated AI-assisted attacks is effectively zero from a cost perspective. Any threat actor with a laptop, an internet connection, and access to a commercial AI API can now deploy the same tooling used in this campaign. The FortiGate attack should be treated as a proof-of-concept that the security community will see replicated — and iterated upon — across different target classes and industries in the months and years ahead.
The Shift From Zero-Days to Credential-Based Attacks
Key Insight: Of the 600+ FortiGate devices compromised in this campaign, the attacker did not rely on a single zero-day vulnerability. Every successful intrusion exploited one of two fundamental security failures: an exposed management interface or a weak/default credential. This means the most effective defense against AI-driven attacks at scale is not advanced threat detection — it is basic security hygiene applied consistently and without exception.
This shift away from zero-day exploitation toward credential-based attacks is not a sign that attackers are getting lazier — it is a sign that they are getting smarter. Zero-day vulnerabilities are expensive, finite resources that sophisticated actors guard carefully. Credential attacks against misconfigured devices are infinitely scalable, require no proprietary exploit code, and succeed at a rate that makes them enormously attractive when AI can automate the process at the volume demonstrated in this campaign.
The implications extend well beyond FortiGate devices. Any internet-facing network appliance — firewalls, VPN concentrators, remote access gateways, network management platforms — that is protected only by weak credentials and has its management interface exposed to the internet is a viable target for this exact same attack methodology. The tooling is generic, the AI is adaptable, and the attack surface across the enterprise world is vast.
What this campaign ultimately reveals is that the era of AI-augmented cybercrime is not approaching — it has arrived. The FortiGate campaign is documented proof that a single threat actor, armed with open-source AI tooling and commercially available language models, can execute a global intrusion campaign at a scale previously achievable only by organized criminal groups or nation-state actors with significant resources.
How to Protect Your FortiGate Devices Right Now
The good news is that the attack techniques used in this campaign are well-understood, and the defenses against them are concrete and actionable. None of the 600+ compromised devices needed to be compromised — every single one could have been protected through a combination of basic configuration hardening and credential management practices that are within reach of any enterprise security team.
1. Disable Public-Facing Management Interfaces Immediately
If your FortiGate management interface is reachable from the public internet, you are operating with an open invitation for exactly this type of automated scanning campaign. Log into your FortiGate admin console and verify that HTTPS and SSH management access is restricted to internal network segments only. This single change eliminates the primary attack surface exploited in over 600 compromises — and it takes less than five minutes to implement.
2. Enforce Strong, Unique Credentials Across All Devices
Default credentials on FortiGate devices are documented in publicly available product manuals — and CyberStrikeAI knows them all. Every FortiGate appliance in your environment needs a unique, complex administrator password that does not follow a predictable naming convention across devices. Implement multi-factor authentication (MFA) on all administrative accounts where FortiGate firmware supports it, and audit your credential inventory across every device in your estate immediately. Password reuse across network appliances is one of the highest-risk practices in enterprise environments and one of the easiest to eliminate.
3. Monitor for Automated Scanning Activity on Your Network
AI-assisted campaigns like the one documented here generate distinctive network traffic patterns during the reconnaissance phase — high-volume, rapid-sequence connection attempts from external IP ranges targeting management ports such as TCP 443, TCP 8443, and TCP 22. Configure your SIEM or network detection platform to alert on unusual inbound connection volumes targeting these ports from external sources. Early detection of scanning activity gives your team the window needed to verify device configurations and shut down exposure before active exploitation begins.
4. Apply All Available Fortinet Security Patches
While this specific campaign relied primarily on credential-based attacks rather than software vulnerabilities, FortiGate devices have a documented history of critical CVEs — including several that have been actively exploited in the wild in 2024 and 2025. Running unpatched firmware is compounding your risk exposure unnecessarily.
Establish a patch cadence for all network appliances that treats Fortinet security advisories as a priority queue. Subscribe to Fortinet’s Product Security Incident Response Team (PSIRT) advisories so your team receives notification of new vulnerabilities as they are disclosed, and set a target of applying critical patches within 72 hours of release across your FortiGate estate. Delayed patching is one of the most preventable contributors to enterprise network compromise.
5. Restrict Management Access to Trusted IP Ranges Only
Even if you have disabled public-facing management access at the interface level, implementing explicit IP allowlisting for administrative access adds a critical second layer of control. Configure FortiGate trusted host settings to restrict administrative login attempts to only the specific IP addresses or subnets used by your network operations and security teams. Any authentication attempt originating from outside these defined ranges should be automatically blocked and logged for review.
This control is particularly effective against AI-assisted campaigns because it makes credential stuffing attacks functionally useless — even a correct username and password combination cannot result in a successful login if the source IP is not on the approved list. Pair this with your SIEM alerting on blocked login attempts from unauthorized IP ranges, and you have a detection and prevention layer that addresses the exact methodology used in the FortiGate campaign.
AI in Cyberattacks Is No Longer Theoretical — It Is Here
The FortiGate campaign documented by Team Cymru is one of the clearest demonstrations to date that AI has fundamentally changed the economics of cybercrime. A single financially motivated threat actor, using open-source tooling and commercially available AI services, executed a global intrusion campaign that compromised over 600 enterprise-grade security devices across 55 countries. The skill floor for executing sophisticated, large-scale attacks has dropped dramatically — and it is going to keep dropping as AI capabilities continue to advance and proliferate.
The enterprises that will weather this shift are the ones that treat basic security hygiene not as a baseline minimum but as a non-negotiable operational standard. Exposed management interfaces, weak credentials, and unpatched firmware are not acceptable risks in an environment where AI can systematically identify and exploit them at scale in hours. The defenses exist. The question is whether your organization has implemented them with the consistency and rigor that the current threat environment demands.
Frequently Asked Questions
Below are the most common questions enterprises are asking about the CyberStrikeAI-assisted FortiGate attack campaign and what it means for network security going forward.
What Is CyberStrikeAI and Why Is It Dangerous?
CyberStrikeAI is an open-source, AI-native offensive security platform that integrates directly with large language models to automate complex attack workflows. It is dangerous because it dramatically lowers the technical expertise required to execute sophisticated, multi-target intrusion campaigns. Tasks that previously required advanced skills — such as interpreting device configurations, generating custom payloads, and chaining attack techniques — can be handled by the AI, allowing low-to-moderate skill threat actors to operate at a level previously achievable only by elite hackers or well-resourced criminal organizations. Its open-source, zero-cost availability means any motivated threat actor can deploy it today.
How Did Attackers Compromise Over 600 FortiGate Devices?
The attacker used CyberStrikeAI to automate mass scanning of internet-facing IP ranges, identifying FortiGate devices with exposed management interfaces. Once targets were identified, AI-assisted credential attacks exploited weak or default administrator passwords to gain access. Anthropic Claude and DeepSeek were then used as real-time reasoning engines to guide post-access exploitation — extracting VPN credentials, configuration files, and other high-value data. The entire operation was run in parallel across hundreds of targets simultaneously, with AI managing the progression of each individual intrusion session.
Was This Attack Sponsored by the Chinese Government?
No. While CyberStrikeAI was traced to a China-based developer, there is no evidence of any connection between the developer and the Chinese government, and no indication that the attack campaign was state-sponsored. The threat actor responsible for the FortiGate compromises was identified as a financially motivated, Russian-speaking individual — not a state-aligned actor. The tool’s open-source nature means it is available to anyone, regardless of nationality or affiliation, and its use in this campaign should not be interpreted as any form of state attribution.
Which Countries Were Most Affected by the FortiGate Attack Campaign?
The campaign spanned 55 countries across multiple continents, with South Asia, Latin America, and West Africa among the most heavily affected regions. These regions had a high concentration of FortiGate deployments where management interfaces were publicly accessible and credential hardening practices lagged behind those common in North America and Western Europe. The attacker’s target selection was driven purely by vulnerability and accessibility — geographic location was not a factor in which devices were targeted.
How Can I Tell If My FortiGate Device Was Compromised?
Several indicators can suggest your FortiGate device may have been accessed without authorization. Start by reviewing administrator login logs for any successful authentications from unrecognized IP addresses, particularly from external or geographically unexpected locations. Check for any recent changes to configuration files, VPN user accounts, or administrator credentials that your team did not initiate.
Examine your FortiGate’s event logs for evidence of automated command execution patterns — rapid sequential commands executed in short time windows are a behavioral indicator consistent with AI-assisted post-exploitation activity. If you have network flow monitoring in place, look for unusual outbound data transfers from the device, particularly to IP addresses outside your known business partner ranges.
If compromise is suspected, isolate the device from the network immediately, preserve all available logs for forensic analysis, rotate all credentials associated with the device and any systems it has VPN access to, and engage your incident response team or an external forensics provider. Do not attempt to remediate in place without first capturing a full snapshot of the device state — overwriting evidence is one of the most common mistakes organizations make in the immediate aftermath of a suspected compromise, and it can significantly impair your ability to understand the full scope of what was accessed.
Enterprises serious about staying ahead of AI-driven threats like this one can look to cybersecurity intelligence providers and managed security service partners who specialize in network appliance hardening and real-time threat detection to build the operational resilience needed to defend against the next generation of AI-assisted attack campaigns.