Week 8 - Feb 17-23, 2026
Amazon publishes threat intelligence on an AI-augmented campaign that compromised 600+ FortiGate devices across 55 countries. New agent plugins for AWS development tools. Kiro IDE expands to GovCloud.
Highlights
AI-Augmented Attack Compromises 600+ FortiGate Devices
Amazon Threat Intelligence published a detailed report on a Russian-speaking financially motivated threat actor who leveraged commercial GenAI to compromise 600+ FortiGate devices across 55+ countries between January 11 and February 18. No vulnerability exploitation was needed - all attacks succeeded via exposed management ports and weak single-factor credentials. The attacker used GenAI to automate reconnaissance and credential testing at scale.
Agent Plugins for AWS Development Tools
New plugin support across AWS development tools for agent-based workflows. The deploy-on-aws plugin lets AI coding agents generate AWS architecture recommendations, cost estimates, and infrastructure-as-code. Works with Claude Code and Cursor.
Kiro IDE Expands to GovCloud Regions
Kiro IDE is now available in AWS GovCloud regions, expanding secure development tooling for government workloads that require US-only data residency.
Key Takeaway
The FortiGate report is the most important read of the month. A single threat actor used GenAI to automate attacks that previously required manual effort - no zero-days, just exposed management ports and weak passwords. The lesson: MFA and network segmentation are not optional.
Need Custom Security Briefings?
These weekly digests are a starting point. Contact us for tailored threat briefings, security assessments, and architectural guidance for your AWS environment.