AI-Driven Security Risk: Shadow AI and Offensive Use of CyberStrikeAI
Organizations are facing expanding AI-related attack surface from shadow AI adoption and proliferating machine identities, with unsanctioned AI tools and integrations increasing data access pathways, identity-to-application trust relationships, and third-/fourth-party dependencies. Commentary and executive guidance pieces emphasize that visibility alone is insufficient as AI-driven automation accelerates operational change faster than governance, and that defenders should expect new roles, shared responsibility across teams, and increased reliance on automation to manage AI risk.
Separately, threat intelligence reporting tied to recent intrusions against Fortinet FortiGate devices says attackers have weaponized CyberStrikeAI, a new open-source AI security testing platform that bundles 100+ tools with an AI decision engine to automate intrusion workflows. Team Cymru reported CyberStrikeAI activity from 21 unique IPs (Jan. 20–Feb. 26), including infrastructure linked to communications with breached FortiGate devices, with much of the hosting observed in China, Singapore, and Hong Kong and additional nodes in the U.S., Europe, and Japan; the activity was assessed as associated with Chinese state-sponsored operations, and the developer was linked to other AI-assisted offensive projects (e.g., PrivHunterAI, InfiltrateX).
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
ZDNET summarizes EY guidance on internal AI security threats
ZDNET reported EY's view that the biggest AI-related cyber risks often come from inside organizations through employees and ungoverned AI tools or agents deployed without sufficient controls. The article outlined 12 defensive recommendations, including governance, continuous monitoring, red-teaming, zero-trust, MFA and human oversight for sensitive agent actions, and training against AI-enabled scams.
SC Media highlights shadow AI and machine-identity security risks
SC Media published an analysis warning that rapid enterprise AI adoption was expanding attack surfaces through unsanctioned "shadow AI" use, deep SaaS and cloud integrations, and over-privileged non-human identities. The piece argued that organizations with high shadow AI exposure face more AI-linked incidents, higher breach costs, and longer containment timelines.
Reports say attackers weaponized CyberStrikeAI in FortiGate follow-on attacks
Reporting cited by BleepingComputer and summarized by SC Media said attackers tied to recent AI-assisted compromises of Fortinet FortiGate firewalls had begun weaponizing CyberStrikeAI for follow-on intrusions. The tool was described as combining an AI decision engine, a broad toolset, and automation features that could enable automated cyber intrusions.
Team Cymru links CyberStrikeAI to Chinese state-backed operations
By late February 2026, Team Cymru assessed CyberStrikeAI as associated with Chinese state-sponsored cyber operations. The researchers also noted that the developer known as "Ed1s0nZ" had created other AI-enabled offensive tools and that the platform's infrastructure was concentrated in China, Singapore, and Hong Kong, with additional nodes in the U.S., Europe, and Japan.
CyberStrikeAI activity observed across 21 IPs
Team Cymru observed activity associated with the open-source AI security testing platform CyberStrikeAI from 21 unique IP addresses between 2026-01-20 and 2026-02-26. One of the observed IP addresses communicated with previously breached Fortinet FortiGate devices, linking the tool to follow-on intrusion activity.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
7 references tracked. Mallory keeps watching after this page renders.
Gen AI Stalls, Shadow AI Rises: A CISO Concern
govinfosecurity.com
Open sourceGen AI Stalls, Shadow AI Rises: A CISO Concern
bankinfosecurity.com
Open sourceAI challenges mean it's time to shine for cyber professionals - but they need a helping hand | IT Pro
itpro.com
Open sourceShadow AI: Why your biggest AI threat may come from within | CyberCX
cybercx.co.nz
Open sourceThe biggest AI threats come from within - 12 ways to defend your organization | ZDNET
zdnet.com
Open sourceShadow AI expands attack surfaces beyond visibility | perspective | SC Media
scworld.com
Open sourceNovel CyberStrikeAI tool exploited in attacks | brief | SC Media
scworld.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
AI-Enabled Threats and Security Failures Across Edge Devices, AI Agents, and Infostealer Campaigns
Threat actors are increasingly operationalizing AI and automation to scale attacks and exploit weak controls across both enterprise and consumer environments. An open-source offensive platform dubbed **CyberStrikeAI**—a Go-based “AI-native security testing” framework integrating 100+ tools—was observed in infrastructure used to target **Fortinet FortiGate** edge devices at scale; researchers linked activity to an IP (212.11.64.250) exposing a `CyberStrikeAI` banner and to scanning/communications patterns consistent with mass exploitation. Separately, a newly disclosed and rapidly patched **OpenClaw** vulnerability showed how AI agent tooling can be hijacked: researchers reported that a malicious website could take over a developer’s locally running agent due to inadequate trust-boundary validation, prompting urgent upgrades to **OpenClaw v2026.2.25+**. In parallel, a “vibe-coding” hosted app on the *Lovable* platform leaked data impacting **18,000+ users** after a researcher found **16 flaws (six critical)** tied to mis-implemented backend controls (including missing/incorrect row-level security in *Supabase*), enabling unauthorized access to records and actions like bulk email and account deletion. Criminal monetization also continues to evolve beyond AI-agent risks. **AuraStealer**, a Russian-language infostealer positioned as a successor/competitor after Lumma disruptions, was advertised on multiple underground forums and is supported by a sizable C2 footprint; analysis of 200+ samples identified **48 C2 domains**, with operators abusing low-cost TLDs (e.g., `.shop`, `.cfd`) and using **Cloudflare** as a reverse proxy to mask origin infrastructure. Broader reporting and commentary reinforced that identity and access failures remain a dominant breach driver and that AI adoption is expanding the attack surface via over-privileged agents and “shadow AI,” while ransomware operators increasingly target recovery paths (including backups) and dwell to corrupt restore points. Several items in the set were non-incident thought leadership or workforce content (skills gap, jobs listings, awards, and general AI security tips) and did not add event-specific technical details beyond high-level risk framing.
Mar 21, 2026
CyberStrikeAI Accelerates Automated Attacks on Edge Devices
An AI-orchestrated offensive framework called **CyberStrikeAI** has moved from a public GitHub release to apparent operational use by threat actors, highlighting how artificial intelligence is speeding up established attack techniques rather than replacing them. The framework reportedly combines more than 100 tools for reconnaissance, exploitation, and reporting under an orchestration layer that automates multi-step intrusion chains, and researchers said they observed at least 21 unique IP addresses running related infrastructure in early 2026. One reported incident linked the tool to a successful attack against **Fortinet FortiGate** appliances, reinforcing concerns that internet-facing edge devices such as firewalls and VPN systems remain attractive targets because they are often under-patched and lightly monitored. Broader reporting indicates AI is amplifying multiple attack categories at once, including social engineering, vulnerability exploitation, authentication attacks, and side-channel techniques, while also creating a growing attack surface around AI systems themselves. Security researchers and industry observers warn that AI-enabled phishing, deepfakes, automated vulnerability discovery, prompt injection, data poisoning, jailbreaking, model manipulation, API abuse, and malicious models are making attacks faster and more scalable. The trend underscores the need for organizations to verify exploitability, accelerate remediation of exposed assets, and continuously test defenses as offensive operations become more autonomous.
Jun 8, 2026
AI Security Governance and Emerging AI-Enabled Threats in Enterprise Environments
Security and media reporting highlighted growing enterprise exposure created by **AI agents** and the expanding ecosystem around the *Model Context Protocol (MCP)*. AWS detailed new IAM governance controls for AWS-managed remote MCP servers, introducing standardized context keys `aws:ViaAWSMCPService` and `aws:CalledViaAWSMCP` to differentiate agent-initiated API calls from human activity and enable tighter policy enforcement, with additional network perimeter controls (VPC endpoint support) planned. Separately, AI governance startup **JetStream** announced a $34M seed round to provide visibility and control over AI behavior in production, explicitly targeting MCP server/key sprawl and cost/accountability concerns; multiple commentaries also warned that AI-driven development and “AI ultimatums” can increase **IP theft** and governance risk if organizations lack clear controls and monitoring. Threat-focused coverage underscored that AI is also accelerating offensive capability and complicating defense. CSO Online reported **AI-powered attack kits** moving into open source (including tooling referenced as *CyberStrikeAI*), lowering barriers for cybercrime and enabling faster iteration of malicious tradecraft. In parallel, FBI messaging emphasized that **Salt Typhoon** activity remains ongoing following prior compromises of sensitive US telecom infrastructure, reinforcing the need for stronger government–telecom partnerships and improved readiness against Chinese cyber operations (including the FBI’s *Operation Winter SHIELD* focus on preparedness and faster intel sharing). Additional technical threat-hunting research described operationalizing **Cobalt Strike** C2 feeds via API automation for SIEM/EDR use, noting continued rapid infrastructure rotation and increased association with state-backed espionage and advanced ransomware operations, while a Dark Reading podcast recapped Interpol-supported law-enforcement disruption of an African cybercrime syndicate (hundreds of arrests and multiple malware decryptions).
Mar 21, 2026