Recent investigations have revealed that the mass compromise of over 600 Fortinet FortiGate appliances was facilitated by an open-source, AI-native offensive security platform known as CyberStrikeAI. Developed by a Chinese programmer with suspected ties to state-sponsored operations, the tool allowed Russian-speaking threat actors to automate vulnerability scanning and exploitation across dozens of countries.
Security researchers identified the activity by tracking specific IP addresses involved in systematic scanning for vulnerable devices. This analysis linked the campaign to a sophisticated infrastructure primarily hosted in China, Singapore, and Hong Kong, though servers were also detected in the United States and Japan. The automation provided by the AI-driven platform enabled the attackers to efficiently target and breach high-value networking hardware on a global scale.
The platform at the heart of these attacks, CyberStrikeAI, is a Go-based tool that integrates over 100 different security utilities to streamline the entire attack chain from discovery to visualization. It was created by a developer using the alias Ed1s0nZ, whose portfolio includes various tools designed for ransomware deployment, document watermarking, and bypassing the safety protocols of major AI models. This developer’s activity suggests a deep interest in weaponizing generative AI to identify privilege escalation vulnerabilities and sensitive data leaks.
Further scrutiny of the developer’s digital footprint indicates significant interactions with organizations linked to Chinese government cyber operations. This includes associations with private sector firms that have documented ties to the Ministry of State Security. One notable connection involves a security vendor that recently suffered a massive data leak, which exposed internal hacking tools and evidence of state-directed intelligence gathering targeting foreign infrastructure and communications.
The use of services like Anthropic Claude and DeepSeek within this framework highlights a growing trend of threat actors adopting commercial and open-source AI to enhance their offensive capabilities. By leveraging these models to automate complex exploitation tasks, attackers can bypass traditional security barriers with unprecedented speed. This incident underscores the escalating risk posed by the intersection of state-sponsored interests and accessible, high-powered AI exploitation tools.
Source: Open-Source CyberStrikeAI Powers AI-Driven FortiGate Attacks In 55 Countries