An Amateur Hacker Used AI to Breach 600 Firewalls Across 55 Countries — The Security Model Is Broken

An AWS threat intelligence report published February 20, 2026 documented an attack that should force every CISO to reconsider their threat model. An individual with no demonstrated prior cybersecurity expertise used commercially available AI tools to compromise over 600 enterprise firewalls across 55 countries. The attacker used DeepSeek for vulnerability research, Claude Code for exploit development, and the ARXON MCP server to automate scanning, exploitation, and lateral movement. The entire campaign ran for less than three weeks.

The Attack Chain Was Embarrassingly Simple

The attacker did not discover zero-day vulnerabilities. They did not write novel exploit code. They used AI to automate what penetration testers have done manually for years: scan for firewalls with default credentials or known unpatched vulnerabilities, generate exploit payloads targeting those specific weaknesses, and move laterally once inside. The ARXON MCP server, an open-source tool designed for security research, provided the orchestration layer that connected AI-generated exploits to automated execution across hundreds of targets simultaneously.

Why 600 Firewalls Were Vulnerable

The uncomfortable truth: every one of the 600 compromised firewalls had either default credentials that were never changed, admin interfaces exposed to the public internet, or known vulnerabilities with available patches that had not been applied. These are not sophisticated attack surfaces. They are the same basic hygiene failures the security industry has warned about since the early 2000s. What changed is that AI compressed the time and skill required to exploit them at scale from months of expert work to days of amateur effort.

The Skill Democratization Problem

This is the attack that security leaders have theorized about but hoped would take longer to materialize. AI has not created new vulnerability classes. It has eliminated the skill barrier that previously limited who could exploit existing ones. A competent penetration tester with five years of experience could have done what this attacker did. But there are perhaps 50,000 people worldwide with that skill set. There are now millions of people with access to the AI tools that replicate it. The denominator of potential attackers just expanded by orders of magnitude.

What DeepSeek and Claude Code Actually Did

DeepSeek provided the vulnerability research layer: the attacker queried it for known vulnerabilities in specific firewall models, firmware versions, and configurations. The model returned detailed technical information including CVE numbers, affected versions, and exploitation approaches. Claude Code provided the development layer: the attacker used it to write and debug exploit scripts targeting the identified vulnerabilities. Neither tool was jailbroken or used in ways their developers explicitly prohibit. The attacker simply asked questions that fell within the tools' normal operating parameters.

The ARXON MCP Server Is the Force Multiplier

The ARXON MCP server is an open-source security research tool that implements the Model Context Protocol for offensive security workflows. It connects AI models to scanning tools, exploit frameworks, and post-exploitation utilities through a standardized interface. For legitimate security researchers, it automates penetration testing workflows. For this attacker, it transformed AI-generated exploits from theoretical code into automated campaigns hitting hundreds of targets. The tool is freely available on GitHub with over 4,000 stars.

What Enterprise Security Teams Should Do Immediately

Three actions. First, audit every internet-facing device for default credentials and unpatched admin interfaces. This is not a new recommendation, but the timeline for exploitation has collapsed from months to hours. Second, implement network segmentation that assumes perimeter devices will be compromised. If a firewall falls, what does the attacker reach? Third, deploy behavioral detection that identifies automated lateral movement patterns. AI-driven attacks generate network traffic patterns that differ from human attackers: faster enumeration, more systematic scanning, and more parallel connections.

What Could Make This Worse

The attacker targeted firewalls because they are the most visible internet-facing devices with the most well-documented vulnerabilities. The same AI-assisted methodology applies to VPN concentrators, email gateways, load balancers, and any network appliance with a management interface. The next iteration of this attack will target the full perimeter simultaneously, not just one device class. And the iteration after that will use AI to customize social engineering at scale, combining technical exploitation with credential theft from targeted phishing.