UrsaClimb Logo

CyberStrikeAI tool adopted by hackers for AI-powered attacks

Bleeping Computer
by Lawrence Abrams
March 3, 2026
AI-Generated Deep Dive Summary
Researchers have identified a new open-source AI-powered security testing platform called CyberStrikeAI that has been repurposed by hackers to launch sophisticated attacks. The same threat actors responsible for breaching hundreds of Fortinet FortiGate firewalls were observed using this tool, which integrates over 100 security tools and an AI-native orchestration engine. This development highlights the growing trend of cybercriminals leveraging advanced technologies like artificial intelligence to automate and scale their attack operations. CyberStrikeAI operates by combining traditional security tools with AI agents and a decision engine compatible with models such as GPT, Claude, and DeepSeek. The platform enables operators to conduct full attack chains, including network scanning, web application testing, exploitation, password cracking, and post-exploitation activities. This integration significantly lowers the barrier for even less skilled attackers to carry out complex network exploitation. Team Cymru’s analysis revealed that servers running CyberStrikeAI were primarily hosted in China, Singapore, and Hong Kong, with additional infrastructure spotted in the U.S., Japan, and Europe. The tool was active between January 20 and February 26, 2026, targeting FortiGate devices. Researchers warned that such AI-driven tools could accelerate automated attacks on exposed edge devices like firewalls and VPNs, making it critical for defenders to adapt their strategies. The platform’s developer, Ed1s0nZ, has ties to Chinese government-affiliated cyber operations, further raising concerns about the potential state-sponsored nature of these attacks. The developer is also known for other AI-assisted tools like PrivHunterAI and InfiltrateX, which focus on privilege escalation vulnerabilities. These connections suggest a broader shift in cyber warfare tactics, where AI-powered tools are increasingly being used to target vulnerable infrastructure. As cybercriminals adopt more sophisticated AI-driven platforms, security professionals must remain vigilant. The rise of tools like CyberStrikeAI underscores the need for enhanced defenses and proactive threat detection to counter automated, large-scale attacks on critical systems. Organizations must prioritize securing their edge devices and staying ahead of evolving threats in this new era of AI-powered cybercrime.
Verticals
securitytech
Originally published on Bleeping Computer on 3/3/2026