• Home
  • cyber
  • Fortinet: Hackers Leveraged CyberStrikeAI Tool to Breach Fortinet FortiGate Devices
cyber Cyber Attack

Fortinet: Hackers Leveraged CyberStrikeAI Tool to Breach Fortinet FortiGate Devices

Jan 20, 2026 2 min read
Fortinet: Hackers Leveraged CyberStrikeAI Tool to Breach Fortinet FortiGate Devices

AI-Powered CyberStrikeAI Tool Emerges as a Growing Threat to Fortinet FortiGate Devices

A new offensive security tool, CyberStrikeAI, is being actively used by threat actors to target Fortinet FortiGate appliances, marking a significant escalation in AI-driven cyberattacks. Developed by a China-based individual with suspected ties to state-sponsored operations, the open-source platform integrates over 100 security tools with an AI orchestration engine, enabling large-scale, automated exploitation campaigns.

First identified by Amazon’s CTI team, CyberStrikeAI is written in Go and hosted on GitHub under the alias "Ed1s0nZ." The tool features a centralized dashboard for monitoring operations, role-based testing, and lifecycle management, lowering the technical barrier for attackers. Analysis by Team Cymru linked the tool to an IP address (212.11.64.250) actively scanning FortiGate devices, with 21 unique IPs detected running the platform between January and February 2026 primarily in China, Singapore, and Hong Kong.

The developer, Ed1s0nZ, has a history of creating AI-driven exploitation tools, including PrivHunterAI (privilege escalation detection) and InfiltrateX (automated vulnerability scanning). More concerning are their connections to Chinese state entities: in December 2025, they submitted CyberStrikeAI to the Starlink Project, managed by Knownsec 404, a firm linked to the Chinese Ministry of State Security (MSS). Additionally, Ed1s0nZ previously received a "Level 2 Contribution Award" from the Chinese National Vulnerability Database (CNNVD), another MSS-affiliated program, before scrubbing the reference from their profile.

The rapid adoption of CyberStrikeAI signals a shift toward AI-native attack frameworks, enabling threat actors to automate reconnaissance and exploitation at scale. Given the developer’s affiliations, security researchers warn the tool may soon be leveraged by Chinese state-sponsored APT groups, increasing the risk of sophisticated attacks on vulnerable edge infrastructure.

Source: https://cybersecuritynews.com/cyberstrikeai-tool-breach-fortigate-devices/

Fortinet cybersecurity rating report: https://www.rankiteo.com/company/fortinet

"id": "FOR1772526283",
"linkid": "fortinet",
"type": "Cyber Attack",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Cybersecurity',
                        'location': 'Global',
                        'name': 'Fortinet',
                        'type': 'Technology vendor'}],
 'attack_vector': 'Automated exploitation via AI orchestration engine',
 'date_detected': '2026-01-01',
 'description': 'A new offensive security tool, CyberStrikeAI, is being '
                'actively used by threat actors to target Fortinet FortiGate '
                'appliances, marking a significant escalation in AI-driven '
                'cyberattacks. Developed by a China-based individual with '
                'suspected ties to state-sponsored operations, the open-source '
                'platform integrates over 100 security tools with an AI '
                'orchestration engine, enabling large-scale, automated '
                'exploitation campaigns.',
 'impact': {'operational_impact': 'Increased risk of sophisticated attacks on '
                                  'vulnerable edge infrastructure',
            'systems_affected': 'Fortinet FortiGate devices'},
 'initial_access_broker': {'high_value_targets': 'Fortinet FortiGate devices'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'The rapid adoption of CyberStrikeAI signals a shift '
                    'toward AI-native attack frameworks, enabling threat '
                    'actors to automate reconnaissance and exploitation at '
                    'scale.',
 'motivation': 'State-sponsored operations, large-scale automated exploitation',
 'post_incident_analysis': {'root_causes': 'AI-driven tool lowering technical '
                                           'barrier for attackers, suspected '
                                           'state-sponsored development'},
 'references': [{'source': 'Amazon’s CTI team'}, {'source': 'Team Cymru'}],
 'response': {'third_party_assistance': 'Amazon’s CTI team, Team Cymru'},
 'threat_actor': 'Ed1s0nZ (China-based individual with suspected '
                 'state-sponsored ties)',
 'title': 'AI-Powered CyberStrikeAI Tool Emerges as a Growing Threat to '
          'Fortinet FortiGate Devices',
 'type': 'AI-driven cyberattack tool',
 'vulnerability_exploited': 'Fortinet FortiGate appliances'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.