Amazon: AI-Assisted Hacker Breached 600 Fortinet Firewalls in 5 Weeks

The rise of generative AI as a force multiplier in cybercrime is no longer speculative. Amazon’s latest report details a coordinated campaign where large language models supplied step‑by‑step attack playbooks, auto‑generated reconnaissance scripts, and even parsed configuration files extracted from compromised firewalls. By feeding raw network topology into AI services, the threat actor could instantly produce tailored lateral‑movement plans, dramatically shortening the kill chain and expanding the attack surface without deep technical expertise.

Technical analysis reveals that the adversary focused on internet‑exposed FortiGate management interfaces, exploiting default or weak credentials and the absence of multi‑factor authentication. Once inside, AI‑assisted tools written in Go and Python decrypted VPN credentials, harvested SSL‑VPN user data, and mapped internal routing tables. The operation also targeted Veeam backup servers, using custom PowerShell scripts to extract credentials before potential ransomware deployment. The use of an in‑house Model Context Protocol (MCP) server, dubbed ARXON, illustrates a sophisticated feedback loop where reconnaissance data is fed to LLMs, which then generate actionable commands for automated execution.

For defenders, the lesson is clear: traditional perimeter hardening is insufficient when AI can automate the exploitation of misconfigurations. Organizations must enforce strict MFA on all privileged interfaces, regularly audit exposed ports, and segment backup infrastructure from production networks. Moreover, continuous monitoring for AI‑generated code artifacts—such as redundant comments or naïve JSON parsing—can serve as an early indicator of malicious toolchains. As AI services become more accessible, the security community will need to develop detection capabilities that focus on behavioral anomalies rather than signature‑based threats, ensuring that the same technology that powers innovation does not become a weapon against enterprise resilience.