An open-source AI-powered offensive security platform, built by a developer with documented ties to China's Ministry of State Security, has been linked to a live campaign that compromised over 600 FortiGate devices across 55 countries in five weeks. Three separate investigations -- by Amazon Threat Intelligence, Team Cymru, and independent researcher blog Cyber and Ramen -- have collectively exposed how CyberStrikeAI and custom attacker-built tooling enabled a single, low-skilled operator to breach enterprise network infrastructure at industrial scale. This article synthesizes findings from all three sources with precise attribution. Where a claim originates from a specific report, it is identified as such. Three investigations, one campaign ​ Understanding this story requires separating three independent but overlapping reports. Each investigated different aspects of the same campaign, and conflating their findings distorts what each actually found. Amazon Threat Intelligence (February 20, 2026) published "AI-augmented threat actor accesses FortiGate devices at scale," authored by CJ Moses, CISO of Amazon Integrated Security. Amazon documented a campaign from January 11 to February 18, 2026, in which a Russian-speaking, financially motivated actor with "low-to-medium baseline technical capability, significantly augmented by AI" compromised over 600 FortiGate devices across more than 55 countries . Amazon identified two IOC IPs: 212.11.64[.]250 and 185.196.11[.]225. Amazon's report does not name CyberStrikeAI, ARXON, CHECKER2, HexStrike AI, Claude, or DeepSeek. It refers only to "multiple commercial generative AI services" and "at least two distinct commercial LLM providers." Team Cymru (~March 2, 2026) , authored by Will Thomas, describes how Amazon shared the IP 212.11.64[.]250. Team Cymru's Scout platform detected a "CyberStrikeAI" banner running on port 8080 of that server. NetFlow analysis confirmed communications between this IP and FortiGate targets Amazon had identified. Team Cymru then tracked 21 unique IP addresses running CyberStrikeAI between January 20 and February 26, 2026, primarily hosted in China, Singapore, and Hong Kong. Team Cymru also linked the developer Ed1s0nZ to Knownsec 404 and CNNVD. Team Cymru's report does not mention ARXON, CHECKER2, or HexStrike AI. Cyber and Ramen (cyberandramen.net, February 21, 2026) is the source for the most granular technical details about the campaign operator's infrastructure. This independent researcher blog documented ARXON, CHECKER2, and HexStrike AI on the exposed server. It identified Claude and DeepSeek by name as the LLM providers used. It reported "over 1,400 files across 139 subdirectories" of operational artifacts. And it described CHECKER2 logs showing 2,500+ FortiGate appliances queued for scanning across 100+ countries -- these were targets queued for automated access attempts, not confirmed compromises. Every claim in this article is attributed to its actual source. What CyberStrikeAI actually is ​ CyberStrikeAI is an open-source offensive security platform hosted on GitHub under the developer handle Ed1s0nZ. Its README describes it as "an AI-native security testing platform built in Go" that integrates "100+ security tools, an intelligent orchestration engine, role-based testing with predefined security roles, a skills system with specialized testing skills, and comprehensive lifecycle management capabilities." The platform is written primarily in Go (59.7%) with a JavaScript/CSS/HTML frontend (28.1%, 8.6%, 3.4%), plus shell scripts. The architecture follows a clean separation: cmd/ contains server and MCP stdio entrypoints, internal/ houses the agent core, MCP implementation, handlers, and security executor, web/ serves the single-page application dashboard, and tools/ contains YAML-based tool recipes that can be hot-reloaded at runtime without restarting the platform. AI model support ​ The AI decision engine accepts any OpenAI-compatible API endpoint . The default configuration ships with DeepSeek ( deepseek-chat at https://api.deepseek.com/v1 ), configured via config.yaml with api_key , base_url , and model fields. The Quick Start guide uses GPT-4o as its example. Claude ( claude-3-opus ) appears in config comments as a supported model. This model-agnostic design means operators can swap between AI providers depending on the task. MCP integration ​ The MCP (Model Context Protocol) integration is where CyberStrikeAI becomes dangerous at scale. MCP, introduced by Anthropic in November 2024, functions as a standardized interface between AI models and external tools. CyberStrikeAI implements it natively across three transport modes: HTTP (request/response for the web UI), stdio (process-based, enabling integration with Cursor and CLI environments), and SSE (Server-Sent Events for streaming output). The platform also supports external MCP federation -- operators can register third-party MCP servers from the dashboard and toggle them per e...