Cybersecurity

Cyber: Cyberstrikeai Tool Adopted By Hackers For Ai-powered Attacks

2026-03-03 0 views admin
Cyber: Cyberstrikeai Tool Adopted By Hackers For Ai-powered Attacks

Researchers warn that a newly identified open-source AI security testing platform called CyberStrikeAI was used by the same threat actor behind a recent campaign that breached hundreds of Fortinet FortiGate firewalls.

Last month, BleepingComputer reported on an AI-assisted hacking operation that compromised more than 500 FortiGate devices in five weeks. The threat actor behind this campaign used multiple servers, including a web server at 212.11.64[.]250.

In a new report, Senior Threat Intel Advisor for Team Cymru, Will Thomas (aka BushidoToken), says that the same IP address was observed running the relatively new CyberStrikeAI AI-powered security testing platform.

Analyzing NetFlow data, Team Cymru identified a "CyberStrikeAI" service banner running on port 8080 on 212.11.64[.]250 and saw network communications between that IP and Fortinet FortiGate devices the threat actor targeted. The FortiGate campaign infrastructure was last seen running CyberStrikeAI on January 30, 2026.

CyberStrikeAI's GitHub repository describes itself as an "AI-native security testing platform built in Go" that integrates over 100 security tools, an intelligent orchestration engine, predefined security roles, and a skills system.

"Through native MCP protocol and AI agents, it enables end-to-end automation from conversational commands to vulnerability discovery, attack-chain analysis, knowledge retrieval, and result visualization—delivering an auditable, traceable, and collaborative testing environment for security teams," reads the project description. The tool includes an AI decision engine compatible with models such as GPT, Claude, and DeepSeek, a password-protected web UI with audit logging and SQLite persistence, and a dashboard for vulnerability management, task orchestration, and attack-chain visualization.

Its tooling allows it to conduct a full attack chain, including network scanning (nmap, masscan), web and application testing (sqlmap, nikto, gobuster), exploitation frameworks (metasploit, pwntools), password cracking tools (hashcat, john), and post-exploitation frameworks (mimikatz, bloodhound, impacket).

By combining these tools with AI agents and an orchestrator, CyberStrikeAI enables operators, even low-skilled ones, to automate attacks against targets. Team Cymru warns that AI-native orchestration engines like this could accelerate automated targeting of exposed edge devices, including firewalls and VPN appliances.

The researchers say they observed 21 uni

Source: BleepingComputer

🏷️ Tags

securityhackbreachvulnerabilityattack

More from Cybersecurity

Cyber: Critical Openclaw Vulnerability Exposes AI Agent Risks 2026

Cyber: Critical Openclaw Vulnerability Exposes AI Agent Risks 2026

2026-03-02 0
Cyber: 30 Alleged Members Of 'the Com' Arrested In Project Compass 2026

Cyber: 30 Alleged Members Of 'the Com' Arrested In Project Compass 2026

2026-03-02 0
Cyber: Fake Google Security Site Uses Pwa App To Steal Credentials, Mfa Codes

Cyber: Fake Google Security Site Uses Pwa App To Steal Credentials, Mfa Codes

2026-03-02 0
Cyber: Alabama Man Pleads Guilty To Hacking, Extorting Hundreds Of Women

Cyber: Alabama Man Pleads Guilty To Hacking, Extorting Hundreds Of Women

2026-03-02 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views