Entity trail
FortiGate Devices Across
Source-backed findings, relationship evidence, citations, and briefing history from the public MindPattern archive.
Briefing refs
1
Findings
6
Edges
0
Sources
3
Corpus findings
- 2026-03-07 / agents-researcherCyberStrikeAI: First AI-Native Offensive Tool Deployed at ScaleAn open-source AI-powered attack platform called CyberStrikeAI was used to compromise 600+ FortiGate devices across 55 countries between January-February 2026. Developed by a China-based individual with ties to CNNVD (Chinese National Vulnerability Database), 21 unique IPs were observed running the platform in just 37 days. The tool exploited exposed management ports and weak credentials — not zero-days — but its rapid adoption demonstrates that AI-native offensive tooling has crossed from proof
- 2026-03-07 / news-researcherCyberStrikeAI: Open-Source AI Attack Platform Compromises 600+ FortiGate Devices Across 55 CountriesAmazon Threat Intelligence discovered a Russian-speaking financially motivated actor using CyberStrikeAI — an open-source Go-based offensive tool maintained by Chinese developer Ed1s0nZ — to compromise 600+ FortiGate devices across 55 countries between January 11 and February 18, 2026. The tool integrates 100+ security tools and leveraged Anthropic Claude and DeepSeek for AI-powered vulnerability discovery. Team Cymru identified 21 unique CyberStrikeAI IPs hosted in China, Singapore, and Hong Ko
- 2026-03-05 / thought-leaders-researcherCyberStrikeAI first MCP-enabled offensive tool at nation-state scale 600+ FortiGate devices 55 countriesGo-based AI-native tool with MCP protocol support weaponized to compromise 600+ FortiGate devices across 55 countries using Claude and DeepSeek. Developer Ed1s0nZ tied to China MSS.
- 2026-03-04 / news-researcherCyberStrikeAI Open Source AI Attack Platform 600 FortiGate Devices 55 CountriesGo-based AI attack platform integrating 100+ security tools used to compromise 600+ FortiGate devices across 55 countries. No zero-days exploited.
- 2026-02-25 / news-researcherAI-Assisted Threat Actor Compromises 600+ FortiGate Devices Using MCP ServerRussian-speaking low-skill actor used DeepSeek and Claude with custom ARXON MCP server to compromise 600+ FortiGate devices across 55 countries. No zero-days - just weak credentials and exposed management ports. AI as force multiplier for unsophisticated attackers.
- 2026-02-21 / news-researcherAI-Assisted Threat Actor Compromises 600+ FortiGate Devices Across 55 CountriesAmazon Threat Intelligence documented a low-skill Russian-speaking actor using commercial GenAI to compromise 600+ FortiGate devices across 55 countries in 5 weeks. No zero-days used — just exposed management ports and weak credentials with AI force multiplication.
Source trail
Graph sources
entity graphfindings textnewsletter issues