Researchers have discovered that the threat actor behind a recent AI-assisted cyberattack targeting Fortinet FortiGate appliances used an open-source offensive security platform called CyberStrikeAI. According to Team Cymru, the attacker conducted automated mass scanning using IP address 212.11.64.250 to identify vulnerable FortiGate devices. The activity was previously reported by Amazon Threat Intelligence, which found that the attacker used generative AI tools such as Anthropic Claude and DeepSeek to compromise more than 600 FortiGate devices across 55 countries.

CyberStrikeAI is an AI-native penetration testing platform written in Go that integrates over 100 security tools for vulnerability discovery, attack chain analysis, and automated security testing. The tool is maintained by a Chinese developer known as Ed1s0nZ. Team Cymru observed at least 21 IP addresses running CyberStrikeAI between January and February 2026, mainly hosted in China, Singapore, and Hong Kong. Investigators also noted that the developer has published other offensive tools related to AI exploitation and privilege escalation scanning, raising concerns about potential links to organizations connected to Chinese state-aligned cyber operations. Experts warn that the growing adoption of AI-powered hacking tools like CyberStrikeAI represents a new phase in automated cyberattacks.

Source: https://thehackernews.com/2026/03/open-source-cyberstrikeai-deployed-in.html