What happened
Threat researchers have confirmed that an open‑source artificial intelligence‑native offensive security platform called CyberStrikeAI is being actively used by threat actors to conduct automated AI‑driven attacks against Fortinet FortiGate network appliances, compromising hundreds of devices across more than 55 countries.
Who is affected
Organizations using Fortinet FortiGate firewalls and VPN devices with exposed management interfaces or weak authentication are the primary targets, with over 600 appliances reported compromised during the campaign.
Why CISOs should care
The operational deployment of CyberStrikeAI marks a significant escalation in the weaponization of AI for cyber offense. By lowering the barrier for automated reconnaissance, exploitation and campaign orchestration, open‑source AI tools like CyberStrikeAI expand threat actor capabilities and put critical perimeter infrastructure at elevated risk.
3 practical actions
- Harden perimeter devices: Ensure all Fortinet FortiGate devices are fully updated with the latest firmware, disable unused services, and restrict management access to trusted networks.
- Strengthen authentication: Enforce multi‑factor authentication (MFA) for administrative access and review access controls to reduce reliance on single‑factor credentials.
- Enhance detection: Deploy network monitoring and anomaly detection specifically tuned to identify unusual scanning, AI‑style automation patterns, and command‑and‑control behaviors.