CyberStrikeAI uses artificial intelligence to launch automated attacks against Fortinet systems

Between January and March 2026, anomalous activity targeting corporate firewalls began to be detected. The first alerts emerged in mid-January from incident response teams, who observed an unusual increase in unauthorized access to FortiGate devices. However, it wasn’t until early March 2026 that more in-depth investigations revealed the use of an AI-based tool to automate these attacks. This context makes it clear that the incident was not sudden, but rather the result of a gradual and coordinated campaign.

CyberStrikeAI is a platform that integrates multiple offensive tools and uses artificial intelligence models to automate all phases of a cyberattack, from reconnaissance to exploitation and persistence. The most affected have been organizations using Fortinet’s FortiGate devices, with hundreds of systems compromised across dozens of countries. The investigation, attributed to entities such as Team Cymru and supported by analysis from Amazon Threat Intelligence, identified malicious infrastructure and highly automated attack patterns. Measures taken include alerts issued by CSIRT teams, recommendations to update systems, strengthen credentials, and monitor access, as well as the deployment of security patches. These actions aim to contain the spread and mitigate the impact of a campaign that has demonstrated a high capacity for scalability.

Currently, the incident continues to be monitored by the cybersecurity community, although no new waves of the same initial intensity have been reported. The campaign has served as a turning point by demonstrating that artificial intelligence tools can be effectively used in real-world attacks and not just in theoretical or experimental settings.