A new artificial intelligence (AI) offensive security tool called CyberStrikeAI, which is being actively leveraged by threat actors to target edge devices, particularly Fortinet FortiGate appliances.<\/p>\n
This open-source platform, developed by a China-based individual with potential ties to state-sponsored operations, represents a significant escalation in the weaponization of AI for cyber attacks.<\/p>\n
According to its GitHub repository, CyberStrikeAI is an \u201cAI-native security testing platform<\/a> built in Go,\u201d integrating over 100 security tools along with an intelligent orchestration engine.<\/p>\n It features role-based testing, specialized skills systems, and comprehensive lifecycle management capabilities, all accessible via a centralized dashboard.<\/p>\n The tool first garnered attention following a report by the Amazon CTI team, which identified AI-augmented infrastructure targeting FortiGate devices at scale.<\/p>\n CyberStrikeAI is an open-source offensive security tool (OST)<\/a> written in Go and hosted publicly on GitHub under the profile \u201cEd1s0nZ.\u201d<\/p>\n According to its own repository description, the platform is \u201can AI-native security testing platform built in Go\u201d that integrates over 100 security tools alongside an intelligent orchestration engine, role-based testing, a specialized skills system, and comprehensive lifecycle management capabilities.<\/p>\n The tool features a web dashboard that allows operators to monitor platform state and manage active operations, significantly lowering the technical barrier to conducting large-scale, automated network exploitation campaigns.<\/p>\n Team Cymru\u2019s analysis of a specific IP address <\/a>shared by Amazon (212.11.64.250) revealed the presence of a \u201cCyberStrikeAI\u201d banner on an open port. By monitoring global NetFlow data, researchers observed this IP actively communicating with target Fortinet FortiGate devices, highlighting the platform\u2019s role in network reconnaissance and exploitation.<\/p>\n While the CyberStrikeAI repository was initially established on November 8, 2025, active deployments remained scarce until early 2026. However, between January 20 and February 26, 2026, researchers tracked 21 unique IP addresses running the CyberStrikeAI platform.<\/p>\n This rapid proliferation indicates a sharp increase in operational usage. Geographically, these servers are heavily concentrated in Chinese-speaking regions, including China, Singapore, and Hong Kong, aligning with the developer\u2019s background.<\/p>\n The developer behind CyberStrikeAI, operating under the alias \u201cEd1s0nZ,\u201d has a history of creating tools focused on exploitation and privilege escalation.<\/p>\n Their other GitHub projects include<\/a> PrivHunterAI and InfiltrateX, which utilize AI engines to automate vulnerability detection, as well as a steganographic document watermarking tool.<\/p>\n More concerning are the developer\u2019s documented interactions with entities linked to the Chinese Ministry of State Security (MSS). In December 2025, Ed1s0nZ submitted CyberStrikeAI to the Starlink Project managed by Knownsec 404, a private firm with known ties to the MSS and the Chinese People\u2019s Liberation Army.<\/p>\n Additionally, in January 2026, the developer touted a \u201cLevel 2 Contribution Award\u201d from the Chinese National Vulnerability Database (CNNVD), a program overseen by the MSS and widely regarded as a vehicle for the Chinese Communist Party to stockpile zero-day vulnerabilities.<\/p>\n Interestingly, Ed1s0nZ recently scrubbed this CNNVD reference from their profile, likely in an attempt to obscure these state connections as the tool gains notoriety.<\/p>\n The rapid adoption of CyberStrikeAI underscores a concerning evolution in the cybersecurity threat landscape. The platform significantly lowers the barrier to entry for complex network exploitation by automating reconnaissance and targeting through AI orchestration.<\/p>\n Given the developer\u2019s affiliations, there is a high probability that CyberStrikeAI will be integrated into the arsenals of Chinese state-sponsored advanced persistent threat (APT) groups.<\/p>\n As threat actors increasingly embrace AI-native tools, defenders must prepare for a surge in automated, highly sophisticated attacks targeting vulnerable edge infrastructure.<\/p>\n Security teams are urged to proactively monitor their networks using available indicators of compromise and bolster defenses against AI-assisted exploitation techniques.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Hackers Leveraged CyberStrikeAI Tool to Breach Fortinet FortiGate Devices<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEizfQfSo6E1gEGqzvXun9JstOg8rmUzrJlN9ysgX7ASNZfFkSdvPEpfHU4qTSMRR4LKIW1HUwQ56ASysr5DUuvt9SvzlgPewJN7vrIvclFymj-ybu-0Hp3uaydctXXK9LROkijG2xuMEqbWZNxRZEc-95popWSr-KtTqAmZxjMN3e8IBLtUZwLfB4ijALSz\/s16000\/Dashboard%2520cyber.webp?ssl=1\")
![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjWMk6WaCtmqZf0jMtJfUsArVsp4hS55kbZ2869RpmoDAUKbxm9hYRWlQ2VEOlDpqlgSyVD99bcD5fLkimamg8cenuIKLEC11WBQrYk6DuZGtU1Qr6I-XfVkPQz_CSOOetFbb-p3tETSCCbIAzqxJOQ1iJmhYC4KpubkySmNYdiV069NZ2uOqW0Xd3zFabv\/s16000\/Fortigate%2520devices.webp?ssl=1\")
CyberStrikeAI Tool to Breach FortiGate Devices<\/strong><\/h2>\n
\n\n
\n \nTool<\/th>\n Description<\/th>\n<\/tr>\n<\/thead>\n \n CyberStrikeAI<\/strong><\/td>\n AI-native offensive security testing platform with 100+ integrated tools<\/td>\n<\/tr>\n \n PrivHunterAI<\/strong><\/td>\n Passive proxy-based privilege escalation detection using AI engines (Kimi, DeepSeek, GPT)<\/td>\n<\/tr>\n \n InfiltrateX<\/strong><\/td>\n Automated privilege escalation vulnerability scanning tool<\/td>\n<\/tr>\n \n watermark-tool<\/strong><\/td>\n Steganography-based invisible document watermarking with extraction support<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n