Attackers aren't waiting for organizations to figure out AI governance. They're already using it.

AI-driven attacks are no longer theoretical. They are active, scalable, and increasingly within reach of limited-capability threat actors. This post breaks down what that means for your organization and what you can do about it.

How Are Attackers Using AI Today?

In early February 2026, our Cyber Threat Intelligence Unit identified a large-scale intrusion campaign targeting Fortinet FortiGate firewall devices across more than 55 countries. The threat actor was financially motivated and, by conventional measures, limited in capability. But AI supplied what they lacked in skill.

Commercial generative AI tools planned the attack, developed scripts, and automated operational sequences, compressing what would otherwise require significant expertise into a repeatable, scalable process. More than 600 devices were compromised in about five weeks.

No zero-day vulnerabilities were needed. Exposed management interfaces and weak authentication controls sufficed.

You can read the full technical breakdown in our February 25th Threat Advisory.

AI as a Force Multiplier for Threat Actors

This is the threat pattern organizations need to understand: AI does not create new attack techniques so much as it removes barriers to executing existing ones at scale.

The FortiGate campaign is not an isolated case. It reflects a structural shift in how AI-driven attacks are developed and scaled. Gartner identifies agentic AI as its top cybersecurity trend for 2026, noting that employees and developers are rapidly deploying AI agents via no-code and low-code platforms, driving unmanaged AI agent proliferation and creating attack surfaces that offer limited visibility to security teams.

That governance gap runs deeper than perimeter security. Three of Gartner's six top trends, including agentic AI oversight, identity and access management for machine actors, and generative AI awareness, address the same underlying problem: autonomous AI systems operating in enterprise environments without adequate governance.

Why Is the AI Governance Gap a Security Risk?

The connection to FortiGate is direct. Organizations that cannot identify which AI agents operate in their environment cannot govern what they cannot see. Attackers exploit that blind spot.

The FortiGate campaign succeeded not because defenders lacked sophisticated tools, but because foundational controls were absent. Specifically:

• Multi-factor authentication was not enforced

• Management interfaces were exposed to the public internet

• Credential hygiene was weak or inconsistent

AI gave a limited actor the leverage to exploit those gaps broadly and efficiently. For a deeper look at how AI is reshaping the threat landscape, explore our threat hunting and advisory resources.

What Should Security Teams Do Now?

The fundamentals still hold. The most effective controls against AI-augmented threats remain:

• Restricting exposed management interfaces to trusted networks only

• Enforcing MFA across all administrative and VPN access

• Rotating compromised, weak, or reused credentials

• Investing in behavioral monitoring and anomaly detection over IOC-based detection alone
  

What has changed is the urgency. When automation favors the attacker, the window between vulnerability and compromise narrows. Organizations relying on detection after the fact face a growing disadvantage.

NopalCyber's MXDR and SOCaaS services are built around behavioral detection and continuous monitoring to help organizations stay ahead of exactly these threat patterns.

Key Takeaways

• AI is actively lowering the barrier to entry for threat actors, not just advanced ones.

• The FortiGate campaign shows how AI-assisted automation can scale an attack across 55 countries in five weeks without any zero-day exploits.

• Gartner's top 2026 cybersecurity trends point to the same root problem: AI systems operating without adequate governance.

• Foundational controls, MFA, restricted access, and credential hygiene remain the most effective defense.

• Behavioral monitoring is essential; IOC-based detection alone is no longer sufficient.

The Business Risk Is Real

AI cybersecurity threats are not a future concern for the security team. They are a present business risk with direct implications for operations, compliance, and organizational resilience.

The question is not whether AI will be used against your organization, but whether you will be ready when it is.

Contact our team to discuss how NopalCyber can help you assess your exposure and strengthen your defenses.