Amazon’s threat intelligence team has uncovered a major AI-powered cyberattack that breached over 600 Fortinet FortiGate firewalls across more than 55 countries within a five-week period — highlighting how generative AI tools are lowering the bar for large-scale intrusions.

According to a report by CJ Moses, Chief Information Security Officer of Amazon Integrated Security, the campaign ran from January 11 to February 18, 2026 and did not exploit any zero-day software vulnerabilities. Instead, the threat actor leveraged exposed firewall management interfaces and weak credentials without multifactor authentication (MFA) to gain access — dramatically scaling operations with the help of AI-assisted tooling.

Attack Summary

Compiled from Amazon Integrated Security and third-party analysis.

How the Attack Unfolded

Opportunistic Targeting and Weak Credentials

Instead of leveraging software vulnerabilities, the attacker scanned for FortiGate management interfaces exposed to the internet on common ports (443, 8443, 10443, and 4443). Devices lacking strong authentication — particularly those without MFA — were compromised through brute-force attempts against weak or reused credentials.

Once access was achieved, the threat actor exfiltrated firewall configuration files, which typically included:

• SSL-VPN usernames and recoverable passwords

• Administrative credentials

• Complete firewall policies and topology

• IPsec VPN peer configurations and routing information

These configuration backups became a rich source for internal network reconnaissance and future pivoting.

AI-Assisted Tools Were Central to the Campaign

Amazon’s investigation found that the threat actor relied on AI-assisted Python and Go tools to parse, decrypt, and analyze stolen configuration files — and to automate many aspects of post-access activity.

Analysis of the tooling revealed several markers of AI generation, such as:

• Redundant comments reflecting AI-style verbosity

• Simplistic architectural design

• Naive parsing techniques

• Sparse or placeholder documentation

While not robust against complex or hardened environments, these tools facilitated rapid reconnaissance and lateral movement planning that would traditionally require more advanced expertise.

AI in Operational Planning and Execution

According to the report, the attacker used multiple commercial generative AI services to accelerate the campaign:

• Drafting step-by-step attack methodologies

• Generating custom code in various languages

• Organizing reconnaissance frameworks

• Planning lateral movement strategies

• Creating operational documentation

In one documented instance, the attacker uploaded an entire internal victim network topology — including IP addresses, hostnames, and credentials — to an AI service to help strategize further exploitation.

Lessons for Defenders

Amazon’s report underscores that AI-powered attacks aren’t threats only to large organizations with high-profile targets — even basic perimeter weaknesses and poor credential hygiene can be weaponized at scale when combined with AI-driven automation.

Recommended defensive measures include:

• Avoid exposing firewall management interfaces to the internet

• Enforce MFA for all administrative and VPN accounts

• Eliminate credentials reuse between systems

• Harden backup infrastructure

• Audit SSH activity and creation of new VPN accounts

These controls, while fundamental, remain among the most effective barriers against opportunistic attackers empowered by AI.

Final Takeaway

This widespread FortiGate compromise highlights a pivotal shift in how threat actors operate: commercial AI services are lowering the technical threshold for impactful intrusions. Even attackers with modest skills can achieve large-scale compromise and automation when supported by generative AI tools — reinforcing the need for strong security hygiene as a first line of defense.

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.