AWS reports AI-augmented attack compromised 600+ FortiGate firewalls
Attack details from AWS incident report
AWS security teams documented a campaign from mid-January to mid-February 2026 where Russian-speaking cybercriminals compromised more than 600 FortiGate firewalls across 55 countries. The attackers used commercial generative AI tools to generate attack playbooks, scripts, and operational notes, enabling a relatively low-skilled group to run what would typically require more resources.
Attack methodology
The campaign focused on scanning for exposed FortiGate management interfaces on the public internet. Attackers then attempted commonly reused or weak credentials. Once inside, they extracted configuration files containing:
- Administrator and VPN credentials
- Network topology details
- Firewall rules
From there, they moved deeper into environments, targeting Active Directory, dumping credentials, and probing for lateral movement opportunities. Backup systems including Veeam servers were also targeted.
AI tooling characteristics
AWS observed that the AI-generated tooling was functional but rough around the edges, with simplistic parsing logic and redundant comments suggesting machine-generated code. The tools were embedded throughout the workflow rather than just used for occasional scripting. CJ Moses, CISO at Amazon, noted: "The volume and variety of custom tooling would typically indicate a well-resourced development team. Instead, a single actor or very small group generated this entire toolkit through AI-assisted development."
Attack patterns and defense
The attackers tended to abandon targets that put up resistance and move on to softer ones, emphasizing volume over finesse. Activity was geographically opportunistic rather than tightly targeted, with victims across Europe, Asia, Africa, and Latin America. Some compromises may have enabled access to managed service providers or larger shared environments, amplifying downstream risk.
AWS emphasized that basic security hygiene would have prevented most compromises:
- Keep management interfaces off the public internet
- Enforce multi-factor authentication
- Avoid password recycling
The findings follow recent warnings from Google about criminals increasingly integrating generative AI directly into operations, including using Gemini AI for reconnaissance, target profiling, phishing, and malware development.
📖 Read the full source: HN AI Agents
👀 See Also
Caelguard: Open-Source Security Scanner for OpenClaw Instances
Caelguard is an open-source security scanner built for OpenClaw that runs 22 checks across your instance, including Docker isolation, tool permission scoping, and skill supply chain verification. It provides a score out of 140 with a letter grade and specific remediation steps.
openclaw-credential-vault addresses four credential leakage paths in AI agents
openclaw-credential-vault provides OS-level isolation and subprocess-scoped credential injection to prevent four common credential exposure paths in OpenClaw setups. It includes four-hook output scrubbing and works with any CLI tool or API.
Claude Code Finds 23-Year-Old Linux Kernel Vulnerability
Anthropic researcher Nicholas Carlini used Claude Code to discover multiple remotely exploitable heap buffer overflows in the Linux kernel, including one that had been hidden for 23 years. The AI found the bugs with minimal oversight by scanning the entire kernel source tree.
Agent-Drift Security Tool v0.1.2 Released: A Leap Forward in AI Security
The Agent-Drift Security Tool v0.1.2 is now available, offering enhanced safety features for AI coding agents. This update addresses key security challenges in automation.