X post: autonomous AI attack engine reportedly compromised 600+ FortiGate firewalls

Amazon Threat Intelligence said on February 20 that a Russian-speaking, financially motivated threat actor used multiple commercial generative AI services to compromise more than 600 FortiGate devices in more than 55 countries between January 11 and February 18, 2026. AWS said it did not observe exploitation of a FortiGate software vulnerability in the campaign, and instead tied the intrusions to exposed management ports and weak credentials protected only by single-factor authentication. Fortinet, for its part, announced on May 6 that the FortiGate 3500G and 400G are newly introduced G-series firewalls with ASIC acceleration. An X post circulating on May 15 referred to an “autonomous AI attack engine” and linked the episode to “CyberStrikeAI,” but the core public account of the incident comes from Amazon’s threat-intelligence write-up. ### Where does the 600-device claim come from? AWS published the figure in a security blog post dated February 20, 2026. The post said Amazon Threat Intelligence observed a threat actor compromise “over 600 FortiGate devices” across more than 55 countries during a five-week period that began on January 11 and ended on February 18. (aws.amazon.com) The AWS post also described the actor as Russian-speaking and financially motivated. Amazon said the actor was not known to be associated with an advanced persistent threat group backed by state resources, and said the campaign showed how commercial AI services can help a less technically capable operator work at larger scale. (aws.amazon.com) ### Did AWS say an autonomous tool broke into patched firewalls? Amazon said no FortiGate vulnerability exploitation was observed in the campaign. The company said the intrusions succeeded by targeting exposed management ports and weak credentials with single-factor authentication, which it described as basic security gaps rather than a newly disclosed product flaw. (aws.amazon.com) That distinction matters because the public AWS account does not say an autonomous system defeated hardened devices through a new zero-day. Instead, Amazon said the actor used multiple commercial generative AI services to scale reconnaissance and other familiar attack steps against internet-exposed systems with weak access controls. (aws.amazon.com) ### What is verified about “CyberStrikeAI”? The X post’s use of the name “CyberStrikeAI” could not be independently verified from the post itself because the X page did not return readable content in this session. The AWS blog post that underpins the 600-device claim does not use that label in the lines reviewed here. (aws.amazon.com) Other cyber news and blog sites have used “CyberStrikeAI” to describe tooling linked to the campaign, but those accounts are secondary and not the primary source for the incident. On the verified record available here, Amazon documented an AI-augmented campaign and the scale of the compromises; it did not, in the source reviewed, name the operation “CyberStrikeAI.” (aws.amazon.com) ### Were the FortiGate 3500G and 400G actually part of the incident? Fortinet said on May 6 that the FortiGate 3500G and 400G are new additions to its G-series portfolio. The company described them as high-performance next-generation firewalls built with Fortinet’s NP7 and SP5 processors and positioned for AI-driven workloads and encrypted traffic. (cyberpress.org) The timing creates a problem for the claim that those specific models were broadly affected in a campaign AWS said ran from January 11 to February 18. Based on the dates in the public sources reviewed here, Fortinet announced the 3500G and 400G after the campaign period described by Amazon. That means the X-post assertion about those named models was not verified in the primary sources reviewed here. (fortinet.com) ### What did AWS say the attackers did after initial access? Amazon said the actor went beyond firewall access in some cases. The company said the campaign reached multiple organizations’ Active Directory environments, extracted complete credential databases and targeted backup infrastructure, which Amazon described as a potential precursor to ransomware deployment. (aws.amazon.com) AWS also said the actor tended to move on when encountering hardened environments or stronger defenses. Amazon attributed the campaign’s scale to AI-assisted efficiency rather than to advanced tradecraft or persistence against well-defended targets. ### What should readers watch next in the public record? (aws.amazon.com) Fortinet’s PSIRT advisories page remains the company’s public venue for product-security disclosures and fixes. As of the sources reviewed here, the verified campaign account points to exposed management interfaces and weak authentication, while Fortinet’s May 6 newsroom release is the public source for specifications on the 3500G and 400G hardware named in the X post. (aws.amazon.com) (fortiguard.com)