OPEN-SOURCE CyberStrikeAI is an AI-native, open-source security testing platform that was reportedly used to drive AI-assisted FortiGate attacks, spanning 55 countries. According to Team Cymru’s analysis, the activity followed an analysis of the IP address 212.11.64[.]250 and involved a suspected Russian-speaking threat actor conducting automated mass scanning of Fortinet FortiGate appliances.
The tool, described in its GitHub repository, is built in Go and integrates more than 100 security tools to enable vulnerability discovery, attack-chain analysis, knowledge retrieval and result visualization, with the Ed1s0nZ alias maintaining the project. Team Cymru observed 21 unique IP addresses running CyberStrikeAI between 20 January and 26 February 2026, with servers primarily in China, Singapore and Hong Kong, and additional servers later detected in the United States, Japan and Switzerland.
Amazon Threat Intelligence previously noted that the attacker systematically targeted FortiGate devices using generative AI services, compromising over 600 appliances in 55 countries. The researcher Will Thomas (aka BushidoToken) said the developer behind CyberStrikeAI has ties to a China-based entity and suggested that there are state-aligned connections through KnownSec 404 and related Chinese security-industry links.