Hackers Exploit Open-Source AI Platform to Launch Massive FortiGate Attacks Across 55 Countries

A sophisticated threat actor has weaponized an open-source artificial intelligence security platform called CyberStrikeAI to orchestrate large-scale attacks against Fortinet FortiGate appliances, affecting organizations in 55 countries worldwide.

AI-Powered Attack Campaign Uncovered

Team Cymru researchers have revealed that cybercriminals successfully repurposed CyberStrikeAI, originally designed as a legitimate AI-native security testing platform, to automate and enhance their attack capabilities against critical network infrastructure.

The discovery marks a significant escalation in the sophistication of cyberattacks, demonstrating how threat actors are increasingly leveraging artificial intelligence tools to scale their operations and evade traditional security measures.

Fortinet Infrastructure Under Siege

FortiGate appliances, widely deployed as network security gateways by enterprises globally, became the primary target of this AI-assisted campaign. These devices serve as critical chokepoints in organizational networks, making them high-value targets for attackers seeking to establish persistent access or disrupt operations.

The attackers exploited known vulnerabilities in FortiGate systems, using CyberStrikeAI to automate reconnaissance, vulnerability scanning, and exploitation across thousands of potential targets simultaneously.

Global Scope Reveals Coordinated Effort

The campaign’s reach across 55 countries indicates a highly organized and resource-intensive operation. Affected regions span North America, Europe, Asia-Pacific, and emerging markets, suggesting the threat actors targeted both developed and developing nations indiscriminately.

Team Cymru’s analysis reveals that the attackers demonstrated advanced operational security practices, rotating infrastructure and employing anti-detection techniques to maintain persistence across multipl