The report warns CSOs that while AI is helping unsophisticated threat actors, failure to implement cybersecurity basics is fatal regardless of the attacker's skill.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

Amazon Threat Intelligence reports that a Russian-speaking threat actor used commercial generative AI tools to compromise over 600 Fortinet FortiGate firewalls across 55+ countries between January and February. The attackers exploited no software vulnerabilities — instead relying on exposed management ports, weak credentials, and single-factor authentication. AI enabled a small, unsophisticated group to operate at a scale previously requiring a larger skilled team, generating custom Python and Go tooling with clear signs of AI-generated code. The report emphasizes that cybersecurity basics — MFA, credential hygiene, network segmentation, and patch management — remain the most effective countermeasure, and that AI is raising the bar for what constitutes acceptable security practice.

Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon