A hacker had zero coding skills. He didn’t know how to compile code. He didn’t even know how to launch an attack. But that didn’t stop him from launching a massive attack against more than 600 corporate firewalls across 55 countries in just 39 days.
Once in the systems he hacked, he downloaded all of the passwords for those companies that he could find.
AWS Discovered The AI Hacker
Amazon’s threat intelligence team reported his AI campaign on February 20th, 2026, and described it as the “clearest example yet of how AI is turning low-skill criminals into highly successful hackers.
The AI Assembly Line Used DeepSeek And Claude
CJ Moses, Amazon’s Chief Information Security Officer, described the attack as an “AI Assembly Line.”
The hacker used at least two different AI Chatbots to help him hack the firewalls. One of the chatbots helped him write the attack scripts and build the custom software to launch the attack. The other chatbot helped him break deeper into a specific network once he was in.
Separate research from the security blog Cyber and Ramen identified the specific AI tools as DeepSeek and Anthropic’s Claude. According to their investigation, DeepSeek generated attack plans from stolen network data, while Claude Code produced vulnerability reports during the break-ins.
How He Pulled Off The AI Hack
It’s scary/surprising how simple the hack was.
First, the hacker would scan the internet for a specific type of firewall, “FortiGate,” where the management portals were exposed online.
Once he found exposed devices, he would use brute force to try common passwords. When he found one that would work, he would download the configuration files. These files are a goldmine. They contain administrator passwords, VPN login credentials, the full layout of a company’s internal network, and details on every firewall rule.
The hacker then used AI to write scripts that automatically sorted, decrypted, and organized the stolen data from hundreds of devices. That’s a process that would normally take a skilled hacker many weeks to complete. But he was able to do it in minutes.
His Sloppy Mistake That Exposed Everything
Being a complete novice, the hacker wasn’t perfect. In fact, he was quite sloppy.
He stored everything, including AI-generated attack plans, stolen credentials, victim configurations, and the source code for all his custom tools, on a publicly accessible server on the internet.
Cyber and Ramen discovered an exposed server hosting 1,400 files across 139 subdirectories. It was in these directories that they could see exactly how he had used Claude Code and Deepseek to carry out the attacks.
Victim Companies All Over The World
The companies targeted by the AI hacker were located worldwide. The regions included Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia. The targeting appeared random.
The companies impacted included an industrial gas company in the Asia-Pacific region, a telecom provider in Turkey, and an Asian media company
This wasn’t his first attempt, though. He apparently tried to do the same thing back in December using Claude Code, but he wasn’t successful.
Hackers are learning how to quickly expose your company using AI.
