In a striking example of how artificial intelligence is transforming AI-enabled cyber threats, a Russian-speaking hacker—described as having low-to-medium technical skills—successfully compromised over 600 Fortinet FortiGate firewalls across 55 countries in just five weeks. The campaign, active from January 11 to February 18, 2026, was uncovered by Amazon Threat Intelligence and detailed in reports from sources including BleepingComputer and Amazon’s security blog.
This wasn’t a sophisticated zero-day exploit campaign. Instead, the attacker targeted basic security gaps: publicly exposed management interfaces (on ports like 443, 8443, 10443, and 4443) and weak or default credentials without multi-factor authentication (MFA). Once inside, the hacker extracted sensitive data—including SSL-VPN credentials, administrative passwords, firewall policies, IPsec VPN configurations, and network topology details. They then deployed custom tools to automate reconnaissance, lateral movement, and even attempts to compromise backup systems like Veeam servers.
What elevated this from a routine opportunistic attack to a large-scale operation was the heavy use of generative AI tools. The threat actor leveraged commercial large language models (including services like Claude and DeepSeek) to:
- Generate step-by-step attack methodologies
- Develop custom scripts in Python and Go for parsing configurations and automating network scans
- Build reconnaissance frameworks (e.g., using tools like gogo scanner and Nuclei)
- Create an AI-orchestrated system called ARXON (a Model Context Protocol server) that ingested victim network data and queried LLMs for tailored lateral movement plans, credential harvesting strategies, and even operational documentation in Russian
Amazon’s analysis noted telltale signs of AI-generated code: redundant comments, simplistic architecture, naive JSON handling, and overemphasis on formatting rather than robustness. While these tools often failed in more hardened environments, they allowed the attacker to scale intrusions dramatically—turning limited skills into a high-volume campaign that targeted organizations opportunistically across regions like South Asia, Latin America, Northern Europe, and beyond. This case exemplifies how AI-enabled cyber threats can empower even novice actors to orchestrate widespread damage, amplifying the need for robust preventive measures.
This incident underscores a troubling trend: the rise of AI-enabled cyber threats is dramatically lowering the barrier to entry for cybercriminals. What once required deep expertise in scripting, network analysis, and evasion techniques can now be augmented—or even largely automated—by publicly available AI services. Reports from Amazon, Google, and others indicate this is part of a broader surge in AI-augmented attacks in 2025–2026, where generative AI accelerates reconnaissance, crafts personalized phishing, automates malware development, and enables scaling that outpaces traditional defenses. As AI-enabled cyber threats continue to evolve, they pose unique challenges to detection systems, often blending human ingenuity with machine efficiency to exploit vulnerabilities more effectively.
The Dangers Are Clear and Escalating
- Amplified scale and speed — A single low-skill actor can now compromise hundreds or thousands of targets quickly, increasing ransomware risks by targeting backups to block recovery.
- Democratization of advanced tactics — AI removes technical bottlenecks, empowering more actors (including financially motivated criminals) to execute complex post-compromise operations.
- Evasion of traditional defenses — AI-generated tools adapt rapidly, produce convincing code/comments, and exploit basic hygiene failures at unprecedented volume.
- Broader ecosystem impact — As AI commoditizes these capabilities, expect higher volumes of ransomware, data theft, and supply-chain-like compromises in the coming year. Moreover, the integration of AI-enabled cyber threats into everyday hacking toolkits could lead to more frequent and sophisticated incidents, affecting small businesses and large enterprises alike.
For businesses relying on edge devices like firewalls, VPNs, and backup solutions, the message is urgent: fundamental security practices are more critical than ever in an AI-accelerated threat landscape. To combat these AI-enabled cyber threats, organizations must prioritize ongoing education for their teams, regular vulnerability assessments, and the adoption of advanced threat intelligence platforms that can identify AI-generated anomalies in real-time.
Recommendations to Strengthen Your Defenses Against AI-Enabled Cyber Threats
- Eliminate public exposure — Ensure management interfaces for firewalls, VPNs, and other critical devices are not internet-facing. Use IP allowlisting or VPN-only access.
- Enforce strong authentication — Mandate MFA everywhere, especially on administrative and VPN accounts. Avoid password reuse between VPN and domain credentials.
- Harden backups — Isolate backup systems (e.g., Veeam), apply immutable storage, and regularly test restores to counter ransomware tactics.
- Monitor and audit — Watch for unusual activity like rogue account creation, unexpected configuration exports, or anomalous SSH/VPN logins.
- Leverage expert oversight — Partner with a managed security services provider (MSSP) for 24/7 threat monitoring, AI-driven intelligence, and proactive risk assessments.
At Black Belt Secure, our vCISO services, managed cybersecurity monitoring, and Jutsu Program help organizations stay ahead of these evolving threats. We combine human expertise with advanced tools to detect AI-amplified attacks early, ensure compliance, and build resilient infrastructures. By implementing these strategies, companies can significantly reduce their vulnerability to AI-enabled cyber threats and maintain operational continuity even in the face of sophisticated adversaries.
The FortiGate campaign shows that AI isn’t just a tool for defenders—it’s increasingly a force multiplier for attackers. By addressing basic vulnerabilities now, businesses can reduce their exposure in this new era of AI-enabled cyber threats. Furthermore, fostering a culture of cybersecurity awareness within your organization can go a long way in preventing such breaches, as employees become the first line of defense against phishing and other entry points exploited by AI-assisted actors.