Amazon Threat Intelligence has revealed that a single “unsophisticated” attacker has compromised more than 600 organisations across 55 countries in just over a month. According to the company’s findings, the campaign ran from January 11 to February 18, 2026, and targeted FortiGate firewalls – some of the most common security devices used by businesses worldwide.
The hacker didn’t use any complex “zero-day” exploits or secret software flaws. Instead, they used commercial AI tools to automate the “grunt work” of cybercrime. the company said. it added.
How AI powered the attack
Amazon researchers described the operation as an “AI-powered assembly line”. While the hacker appeared to have limited technical skills, they used multiple commercial AI services (including tools like Claude and DeepSeek) to act as their “staff. ”
According to the investigation, the AI was used for:
Generating step-by-step instructions for moving through a victim’s network. Writing custom scripts in Python and Go to steal passwords and map out internal systems. Scaling well-known attack techniques so that one person could do the work of a whole team.
