AI Models Automate Attacks Against FortiGate Devices

In early February 2026, security researchers reported hackers using commercial AI models DeepSeek and Anthropic's Claude to automate attacks exploiting FortiGate firewall misconfigurations. A misconfigured SimpleHTTP server on 212.11.64.250:9999 exposed more than 1,400 files and 139 subdirectories, including stolen FortiGate configurations, Active Directory maps and credential dumps. The campaign enables high-volume intrusions and credential-based lateral movement across affected networks.