Amazon warns AI-assisted actor breached more than 600 firewalls in 55 countries

Amazon Threat Intelligence said it observed a Russian-speaking, financially motivated threat actor use commercial generative AI to compromise more than 600 FortiGate firewall appliances across over 55 countries between January 11 and February 18, 2026. Amazon found no evidence that the actor exploited FortiGate software vulnerabilities. Instead the intrusions succeeded by scanning for exposed management ports and abusing weak single-factor administrative credentials without multi-factor authentication.

Amazon’s investigators located publicly accessible infrastructure that hosted malicious tooling and AI-generated operational artifacts, including attack plans, victim configurations, and source code for custom tools. Those stolen configurations contained VPN credentials, administrative accounts, and network data that create direct pathways into enterprise Active Directory environments and backup systems, increasing the risk of downstream ransomware or extortion.

“This campaign succeeded by exploiting exposed management ports and weak credentials with single-factor authentication, fundamental security gaps that AI helped an unsophisticated actor exploit at scale,” said CJ Moses, chief information security officer for Amazon Integrated Security. Amazon described the workflow as an AI-powered assembly line for cybercrime, saying it helped lower-skilled operators scale reconnaissance, scripting, command generation, and brute-force processes across many targets simultaneously.

Amazon observed the attacker using at least two distinct commercial large language model providers to generate detailed attack plans that included step-by-step instructions, expected success rates, time estimates, and prioritized task trees. While AI produced technically accurate commands, investigators noted the actor struggled to adapt when operations deviated from AI-generated plans and could not build custom exploits or debug failed attempts. That combination of automation and limited human skill gave defenders clearer forensic visibility even as it compressed the time window for response.

Cybersecurity experts framed the incident as a structural warning about perimeter security. Damon Small, a board member at Xcape, Inc., called the report a turning point, saying we have entered the age of the automated assembly-line cyberattack. Krell, an independent analyst, said when multiple actors choose the same target class in the same window, that signals the state of perimeter security and underscores a grim shift: we used to worry about nation-states deploying this capability. Now we worry about individuals with a laptop and a credit card.

The operational consequences reach beyond private companies. Firewall configuration theft and Active Directory compromise can disrupt hospital networks, clinic telehealth services, public health reporting systems, and other safety-net institutions that rely on perimeter appliances to protect patient records and continuity of care. Underfunded community providers and local health departments often lack the staff and budget to enforce multi-factor authentication or to close exposed management interfaces, amplifying social equity harms when outages or data theft interrupt services for vulnerable populations.

Security practitioners and the LinkedIn post that prompted much of the industry response urged immediate, practical fixes. “Before investing in ‘next-gen AI defense,’ ensure your perimeter devices are hardened, MFA is enforced everywhere, and credential governance is tested and not assumed. AI risk is no longer theoretical. It is operational,” the post said. Another industry note added that speed is the new threat variable, with AI reducing attacker dwell time and increasing attack velocity.

The Amazon findings point to a policy and funding imperative: prioritize basic cyber hygiene for critical care providers and public agencies, mandate MFA on management interfaces, and expand resources for smaller organizations to test and rotate credentials. Without those measures, automation will continue to let mid-tier actors inflict outsized harm on communities that can least afford disruption.