AI Is Now a Hacker's Best Friend: How Generative AI Is Reshaping Cybercrime

AI Is Now a Hacker’s Best Friend: How Generative AI Is Reshaping Cybercrime

February 22, 2026 | Cybersecurity

In back-to-back warnings this week, two of the world’s largest technology companies have sounded the alarm on the same disturbing trend: artificial intelligence is rapidly transforming cybercrime, enabling even low-skilled attackers to conduct large-scale intrusions that were once the exclusive domain of sophisticated, well-resourced teams.

The Amazon Report: 600 Firewalls in Five Weeks

Amazon’s security arm published a striking report this week detailing how a Russian-speaking threat actor — possibly a single individual or very small group — used multiple commercially available generative AI services to breach more than 600 Fortinet FortiGate firewalls across 55 countries in just five weeks, between January 11 and February 18, 2026.

What makes the campaign especially notable is what it didn’t use: no zero-day vulnerabilities, no novel exploits, no advanced malware. According to CJ Moses, Chief Information Security Officer of Amazon Integrated Security, the attacker succeeded entirely through fundamental security failures — exposed management interfaces, weak passwords, and single-factor authentication.

“No exploitation of FortiGate vulnerabilities was observed,” Moses wrote. “This campaign succeeded by exploiting exposed management ports and weak credentials with single-factor authentication — fundamental security gaps that AI helped an unsophisticated actor exploit at scale.”

The attacker scanned for FortiGate admin panels exposed on common ports, then used brute-force attacks to crack weak or reused passwords. Once inside, they extracted device configuration files containing SSL-VPN credentials, firewall policies, network topology maps, and IPsec VPN settings. This data was fed into an AI-powered reconnaissance system, which then generated structured attack plans — including guidance on achieving Domain Administrator access, lateral movement strategies, and instructions for targeting backup infrastructure.

Independent security researchers analyzing a misconfigured staging server linked to the campaign found that the attacker had built a custom system called ARXON — a framework that fed stolen network data into large language models, including DeepSeek and Claude, to generate step-by-step intrusion playbooks. In some instances, Claude Code was configured to autonomously execute offensive tools — including Impacket scripts, Metasploit modules, and password-cracking utilities — without requiring human approval for each command.

Compromised devices were concentrated across South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia. The campaign appeared financially motivated and opportunistic: when attackers encountered hardened defenses, they simply moved on to softer targets. Amazon assessed the activity as likely pre-ransomware staging, noting that backup servers running Veeam were specifically targeted — a tactic consistent with disabling recovery capabilities before deploying ransomware.

Despite the scale, Amazon’s analysts noted that the attacker’s skill level remained limited. Their own operational notes, inadvertently exposed on a public server, documented repeated failures against properly secured environments. Their advantage was not technical depth — it was AI-amplified speed and volume.

Moses warned that this pattern is likely to intensify: “Organizations should anticipate that AI-augmented threat activity will continue to grow in volume from both skilled and unskilled adversaries. Strong defensive fundamentals remain the most effective countermeasure: patch management for perimeter devices, credential hygiene, network segmentation, and robust detection for post-exploitation indicators.”

The Google Report: Nation-States Are Already There

Amazon’s findings did not emerge in a vacuum. Just days earlier, Google’s Threat Intelligence Group (GTIG) published its own AI Threat Tracker report, documenting how nation-state actors from China, Russia, Iran, and North Korea have been systematically incorporating Google’s Gemini AI into their offensive operations — across nearly every stage of the attack lifecycle.

The breadth of documented abuse is striking. China’s APT31 used Gemini to automate vulnerability analysis, posing as a security researcher to generate attack plans against specific U.S. targets. North Korea’s UNC2970 used it to synthesize open-source intelligence and build profiles of high-value targets in the defense and cybersecurity sectors — the same reconnaissance groundwork used to craft convincing job-recruitment lures in Operation Dream Job. Iran’s APT42 used the model to draft fake personas and augment social engineering campaigns, while another Iranian group researched satellite jamming systems and anti-drone technologies.

Beyond government-sponsored actors, Google also documented financially motivated criminal groups and new malware families built around live AI integration. A framework called HONESTCUE was found querying Gemini’s API during execution, receiving freshly generated C# code to carry out attack functions — a design that avoids embedding malicious code in the payload itself, complicating detection. Underground toolkits like Xanthorox were advertised as purpose-built offensive AI, though investigation revealed they were largely reselling access to jailbroken commercial models, including Gemini.

Google said it has disabled accounts and infrastructure linked to the malicious campaigns and has strengthened Gemini’s safety classifiers in response. But GTIG chief analyst John Hultquist cautioned that the arms race is far from over: “The adversaries’ adoption of agentic AI capability is so significant — it’s the next shoe to drop.”

A Convergence of Warnings

Taken together, the Amazon and Google reports paint a coherent and troubling picture. AI is not merely being used as a convenience tool by attackers — it is being integrated directly into operational workflows, lowering the technical floor for mass intrusions while simultaneously enabling more sophisticated targeting by state-sponsored groups.

For defenders, the implications are clear. The FortiGate campaign was not stopped by AI; it was stopped only where basic security hygiene was already in place. Amazon’s recommendations for FortiGate administrators are blunt: remove management interfaces from internet exposure, enforce multi-factor authentication across all VPN and administrative access, ensure VPN passwords are not reused from Active Directory accounts, and harden backup infrastructure.

More broadly, the reports suggest that organizations relying on reactive, signature-based defenses are increasingly at a disadvantage against AI-accelerated attacks that can adapt, pivot, and scale faster than manual response cycles allow.

The era of AI-assisted cybercrime is not approaching. According to the combined weight of this week’s reports, it has already arrived.

Sources: Amazon Web Services Security Blog; Google Threat Intelligence Group AI Threat Tracker (February 2026); BleepingComputer; The Hacker News; CyberScoop; Cyber and Ramen security blog

AI Is Now a Hacker's Best Friend: How Generative AI Is Reshaping Cybercrime