March 3, 2026

Open-Source CyberStrikeAI Malware Spreads Through AI-Powered FortiGate Attacks Globally

Vaibhav March 3, 2026
Open-Source-CyberStrikeAI-Malware-Spreads-Through-AI-Powered-FortiGate-Attacks-Globallydata
Post Views: 7

Recent Campaign Targets Fortinet FortiGate Appliances with CyberStrikeAI

A recent campaign targeting Fortinet FortiGate appliances has been linked to an open-source, AI-native security testing platform called CyberStrikeAI. The platform was used by a threat actor, suspected to be of Russian origin, to conduct automated mass scanning for vulnerable appliances across 55 countries. This discovery was made by Team Cymru, who analyzed an IP address (212.11.64[.]250) used by the attacker.

CyberStrikeAI: An AI-Augmented Offensive Security Tool

CyberStrikeAI is a Go-based tool that integrates over 100 security tools to enable vulnerability discovery, attack-chain analysis, knowledge retrieval, and result visualization. The platform is maintained by a Chinese developer, known by the alias Ed1s0nZ, who has ties to the Chinese government.

According to Will Thomas, a security researcher, CyberStrikeAI is an example of an AI-augmented offensive security tool that is becoming increasingly popular.

Campaign Compromises Over 600 FortiGate Devices

The campaign, which was first detected by Amazon Threat Intelligence, compromised over 600 FortiGate devices using generative AI services such as Anthropic Claude and DeepSeek. Team Cymru observed 21 unique IP addresses running CyberStrikeAI between January 20 and February 26, 2026, with servers primarily hosted in China, Singapore, and Hong Kong.

Developer’s Background and Ties to Chinese Government

Ed1s0nZ has also developed other tools that demonstrate an interest in exploitation and jailbreaking AI models. These include watermark-tool, banana_blackmail, PrivHunterAI, ChatGPTJailbreak, InfiltrateX, and VigilantEye. The developer has interacted with organizations that support the Chinese government, including Knownsec 404, a Chinese security vendor that suffered a major data leak last year.

Concerns over Adoption and Proliferation of AI-Augmented Offensive Security Tools

The adoption of CyberStrikeAI is expected to accelerate, representing a concerning evolution in the proliferation of AI-augmented offensive security tools. As AI-powered threats continue to grow, it is essential for organizations to prioritize their security measures to protect against these types of attacks.



About Author

Vaibhav

See author's posts

More Stories

Abuse-of-arpa-Top-Level-Domain-in-Phishing-Scams-Exposeddata

Abuse of .arpa Top-Level Domain in Phishing Scams Exposed

Vaibhav March 3, 2026
Building-a-High-Impact-Tier-1-Cybersecurity-Program-3-Essential-Steps-for-CISOsdata

Building a High-Impact Tier 1 Cybersecurity Program: 3 Essential Steps for CISOs

Vaibhav March 3, 2026
Building-Secure-Systems-from-the-Ground-Up-A-Proactive-Approach-to-Cybersecuritydata

Building Secure Systems from the Ground Up: A Proactive Approach to Cybersecurity

Vaibhav March 3, 2026

Latest Cyber Security News

Kaithal-Man-Loses-Lakhs-in-Online-Investment-Scam-A-Cautionary-Tale-of-Financial-Lossdata

Kaithal Man Loses Lakhs in Online Investment Scam: A Cautionary Tale of Financial Loss

Vaibhav March 3, 2026
Abuse-of-arpa-Top-Level-Domain-in-Phishing-Scams-Exposeddata

Abuse of .arpa Top-Level Domain in Phishing Scams Exposed

Vaibhav March 3, 2026
Open-Source-CyberStrikeAI-Malware-Spreads-Through-AI-Powered-FortiGate-Attacks-Globallydata

Open-Source CyberStrikeAI Malware Spreads Through AI-Powered FortiGate Attacks Globally

Vaibhav March 3, 2026
Building-a-High-Impact-Tier-1-Cybersecurity-Program-3-Essential-Steps-for-CISOsdata

Building a High-Impact Tier 1 Cybersecurity Program: 3 Essential Steps for CISOs

Vaibhav March 3, 2026
Google-Chrome-Vulnerability-Exposes-Gemini-Panel-to-Rogue-Extension-Hijackingdata

Google Chrome Vulnerability Exposes Gemini Panel to Rogue Extension Hijacking

Vaibhav March 3, 2026
en_USEnglish
en_USEnglish