AI Powered Attacks Are Hitting Firewalls

AI powered attacks are no longer theoretical. This week, Amazon's security team published findings on a campaign that breached over 600 FortiGate firewalls across 55 countries in just five weeks. The attacker did not use zero-day exploits. They used brute-force attacks against exposed management interfaces, weak credentials without MFA, and AI-generated tooling to automate reconnaissance at scale.

If you manage firewalls, VPNs, or any internet-facing infrastructure, this is a wake-up call worth paying attention to.

What Actually Happened

Between January and February 2026, a Russian-speaking threat actor targeted FortiGate management interfaces exposed to the internet. They scanned for services running on ports 443, 8443, 10443, and 4443 - all common management ports that should never be publicly accessible without strict controls.

The attack was opportunistic. No specific industries were targeted. The actor simply looked for weak points and found hundreds of them.

Once inside a device, they extracted configuration files containing SSL-VPN user credentials (with recoverable passwords), administrative credentials, firewall policies, internal network architecture details, IPsec VPN configurations, and routing information. That is essentially a complete blueprint of the victim's network.

The stolen configurations were then parsed using AI-assisted Python and Go tools. Amazon's analysis of the source code revealed telltale signs of AI-generated code - redundant comments restating function names, simplistic architecture with disproportionate formatting investment, naive JSON parsing via string matching, and compatibility shims with empty documentation stubs.

Why AI Changes the Threat Landscape

The tools themselves were not sophisticated. Amazon noted they commonly failed in hardened environments. But that misses the point entirely.

What matters is the speed and scale. A single threat actor compromised 600 devices across 55 countries in five weeks. Without AI assistance, building the custom reconnaissance tooling, configuration parsers, and automation scripts would have taken significantly longer. AI compressed the development cycle from weeks to hours.

This is the real shift IT leaders need to understand. AI is not making attackers smarter - it is making them faster. The barrier to entry for creating functional attack tooling has dropped dramatically. A moderately skilled operator can now produce working exploitation tools that would have previously required a team.

The Firewall Management Problem

Here is the uncomfortable truth: most of these breaches were entirely preventable. The attacker exploited exposed management interfaces and weak passwords without MFA. These are basic hygiene failures that have been on every security checklist for a decade.

Yet they persist. In my experience managing infrastructure across 50+ vendors, I see why. Firewall management interfaces get exposed for legitimate reasons - remote administration, vendor support access, emergency troubleshooting. The intent is temporary, but temporary becomes permanent when nobody tracks the change.

The problem compounds across large estates. When you have dozens of firewalls across multiple sites, keeping every management interface locked down requires disciplined processes, not just good intentions.

Common Exposure Patterns

There are predictable ways management interfaces end up exposed:

• Initial deployment shortcuts - vendors or engineers enable remote access during setup and never disable it
• Break-glass access - emergency remote management ports opened during incidents and forgotten
• Legacy configurations - older devices migrated without reviewing access controls
• Shadow IT - branch offices or departments deploying their own network equipment
• Cloud migration gaps - hybrid environments where on-premises firewall management does not get the same scrutiny as cloud security groups

Each of these creates attack surface that opportunistic scanners will find.

Practical Defence Measures

Defending against AI-augmented attacks does not require AI-powered defences. It requires doing the basics properly and consistently. Here is what I would prioritise based on this campaign's methodology.

Lock Down Management Interfaces

This is non-negotiable. Every firewall management interface should be accessible only from trusted networks. If remote management is required, put it behind a VPN or jump host with MFA. Never expose management ports directly to the internet.

Run regular scans of your own external attack surface. Tools like Shodan, Censys, or your own nmap scans can identify exposed management interfaces before attackers do. Make this a monthly process at minimum.

Enforce Strong Authentication

The attacker used brute-force attacks with common passwords. MFA on every administrative interface stops this immediately. If your firewall vendor does not support MFA on the management plane, that is a serious conversation to have with them - or a reason to evaluate alternatives.

Password policies for network devices often lag behind those for user accounts. Apply the same rigour - unique, complex passwords rotated regularly, stored in a privileged access management (PAM) system rather than spreadsheets or shared documents.

Audit Configuration Extraction Risks

One of the most concerning aspects of this campaign was the extraction of SSL-VPN credentials with recoverable passwords from device configurations. Review your firewall configurations for stored credentials and understand how they are protected.

Fortinet has published guidance on credential storage in FortiOS. If your devices store credentials in a recoverable format, consider whether you can migrate to certificate-based authentication or integrate with an external authentication server like RADIUS or LDAP with encrypted credential storage.

Segment and Monitor

Even if an attacker compromises a firewall, proper network segmentation limits what they can reach. The campaign specifically targeted Veeam Backup servers and Active Directory domain controllers after initial access - both high-value targets that should sit in restricted network segments.

Monitor for unusual activity from network devices. Configuration exports, unexpected outbound connections, and changes to routing tables should all trigger alerts. Your SIEM should be ingesting firewall logs and correlating them with threat intelligence feeds.

Lessons From the Veeam Targeting

The campaign's focus on Veeam Backup & Replication servers deserves special attention. Backup infrastructure is increasingly targeted because ransomware operators know that destroying backups dramatically increases the likelihood of payment.

The attacker used custom PowerShell scripts and compiled credential-extraction tools against Veeam servers. This is a pattern we have seen accelerate throughout 2025 and into 2026.

If you run Veeam or any backup solution:

• Isolate backup infrastructure on a dedicated management VLAN with strict access controls
• Use immutable backup targets - object storage with object lock or air-gapped tape
• Patch aggressively - Veeam vulnerabilities are actively exploited and patches should be treated as critical
• Monitor backup job status - unexpected failures or configuration changes could indicate compromise
• Test restores regularly - backups you cannot restore from are not backups

Building an AI-Era Security Posture

The scale of this campaign - 600 devices in five weeks - tells us that manual security processes cannot keep pace with AI-augmented attacks. IT leaders need to think about automation on the defensive side too.

Automated Asset Discovery

You cannot protect what you do not know about. Continuous asset discovery and attack surface monitoring should be running automatically. Commercial tools like Qualys, Tenable, or open-source alternatives like OpenVAS can continuously scan your perimeter.

Configuration Compliance Monitoring

Every firewall should be checked against a defined baseline configuration automatically. Deviations from that baseline - especially new management access rules or changed authentication settings - should generate immediate alerts.

Threat Intelligence Integration

This campaign was identified partly because Amazon found the attacker's infrastructure. Consuming threat intelligence feeds and correlating indicators of compromise (IoCs) against your network telemetry is essential. At minimum, feed published IoCs into your firewall block lists and SIEM correlation rules.

What IT Leaders Should Do This Week

If this campaign has your attention, here are five actions you can take immediately:

1. Audit external exposure - scan your perimeter for any management interfaces on ports 443, 8443, 10443, and 4443
2. Verify MFA everywhere - confirm that every administrative interface requires multi-factor authentication
3. Review firewall credential storage - check whether your devices store credentials in recoverable formats
4. Check backup isolation - ensure backup infrastructure sits on restricted network segments with separate credentials
5. Brief your team - share Amazon's report with your security and infrastructure teams so everyone understands the current threat

None of these are expensive. None require new tooling. They require attention and discipline - which is exactly what separates organisations that get breached from those that do not.

The AI-augmented attacker is here. The good news is that the defences are not mysterious. They are the same fundamentals we have always known matter. The difference now is that the cost of getting them wrong has gone up dramatically.