AI-Powered Cyberattack: How an Unskilled Hacker Hit 600+ FortiGate Devices
An AI-powered cyberattack recently compromised over 600 FortiGate devices (firewalls and other security appliances) across 55 countries. The crazy part? There was no high-tech exploitation involved. Instead, as The Hacker News reported, the attacker used simple hacking methods to exploit security gaps that should have been closed.
How did an unskilled hacker pull off a worldwide cyberattack? With the help of AI.
Here’s what you need to know.
Simple Hacks Boosted by AI
According to a deep dive by Amazon Threat Intelligence, this specific AI-powered cyberattack allowed a surprisingly unsophisticated hacker who targeted FortiGate devices to extract critical information. These devices protect company networks and hold key information, including:
- User & Admin Credentials along with recoverable passwords
- Network Maps and firewall policies
- VPN Configurations
With the help of AI, the hacker sifted through these configurations and decrypted data that would usually take a team of experts to handle. They even started targeting backup infrastructure, which Amazon notes is usually a tell-tale sign that a ransomware attack is coming next.
AI-Powered Cyberattack in Action
The hacker used a “multi-model” approach, using DeepSeek and Claude, as discovered by Cyber and Ramen. Both of these AI tools acted as the hacker’s partners in crime throughout this AI-powered cyberattack.
Here’s how AI helped:
- Generated Attack Plans: These AI tools gave the hacker step-by-step instructions, estimated how long the hack would take, and told them which victims and attack paths to prioritize.
- Wrote the Code: The hacker used AI to generate scripts in multiple programming languages to steal credentials and scan for vulnerabilities.
- The Backup Plan: If one plan didn’t work, the hacker used a second AI as a backup to help them pivot their AI-powered cyberattack as needed.
How’d we know this was AI?
Amazon noted the hacker actually struggled when things got rough. Because they relied so heavily on AI without understanding the deeper levels of hacking, they often bounced off hardened systems and moved on to easier targets.
Furthermore, the code they used had the tell-tale signs of AI generation—code that prioritized form over function with many comments explaining what it was doing. But it was also fragile and broke easily if the situation wasn’t perfect.
The Target
This is a financially motivated individual using an AI-powered cyberattack to find the easiest, most direct route to sensitive info. They want to find one entry point and use “lateral movement” to jump to the most important parts of your company, like your server, backup, or customer database.
This AI-powered cyberattack is specifically searching for businesses with the weakest security. If your company is even slightly better than the next person’s, this hacker will likely bounce off and move to a more vulnerable victim.
How You Stay Safe
This is a worrying trend for 2026, but the good news is that these hackers are looking for the lowest-hanging fruit. Here’s what you need to do to stay safe:
If you’re using FortiGate (or any firewall), do these four things immediately:
- Hide Your Devices: Make sure management interfaces are not exposed to the public internet.
- Change Default Passwords: Change every single default password, especially for Admin and VPN accounts.
- Use MFA: Deploy multi-factor authentication for everything.
- Watch the Logs: Have your IT team audit your VPN logs for connections from weird or unexpected locations.
Beyond FortiGate devices, continue with security best practices such as MFA, strong passwords, encryption, team training, and keep your software updated.
Moral of the Story
AI is lowering the bar of entry for hackers across the globe. The best way to stay safe is by locking down your basics and staying aware of evolving threats. Even something as simple to set up as MFA can save you from these opportunistic attacks.
If you need help or just have some security questions, don’t hesitate to reach out. At The 20 MSP, we’ve been helping our clients lock down their environments for decades while keeping our clients informed through blogs just like this one.
Want more tips like this?
Subscribe using the form on the right and get our latest insights delivered straight to your inbox.
About The 20 MSP
As a leading provider of managed IT services, The 20 MSP serves thousands of businesses nationwide, including single and multi-location organizations, delivering white-glove service, secure and streamlined IT infrastructure, and 24/7/365 support. We believe in building lasting relationships with clients founded on trust, communication, and the delivery of high-value services for a fair and predictable price. Our clients’ success is our success, and we are committed to helping each and every organization we serve leverage technology to secure a competitive advantage and achieve new growth.
