AWS Security Digest·Week 8 of 2026·Feb 17-23, 2026·3 items
600 FortiGate Boxes Compromised, 55 Countries
Amazon publishes the full picture of the AI-augmented FortiGate campaign tracked since Week 5: 600+ devices compromised across 55 countries, with LLM-generated tooling automating reconnaissance through lateral movement. AWS development tools get the agent-plugin treatment. Kiro IDE expands to GovCloud.
Amazon Threat Intelligence published a detailed report on a Russian-speaking financially motivated threat actor who leveraged commercial GenAI to compromise 600+ FortiGate devices across 55+ countries between January 11 and February 18. No vulnerability exploitation was needed - all attacks succeeded via exposed management ports and weak single-factor credentials. The attacker used GenAI to automate reconnaissance and credential testing at scale.
info/Feature Launch/
Agent Plugins for AWS Development Tools
New plugin support across AWS development tools for agent-based workflows. The deploy-on-aws plugin lets AI coding agents generate AWS architecture recommendations, cost estimates, and infrastructure-as-code. Works with Claude Code and Cursor.
Developer Tools
info/Feature Launch/
Kiro IDE Expands to GovCloud Regions
Kiro IDE is now available in AWS GovCloud regions, expanding secure development tooling for government workloads that require US-only data residency.
Kiro IDEGovCloud
Key Takeaway
1 item
$ cat WEEKLY_SUMMARY.md
The FortiGate report is the most important read of the month. A single threat actor used GenAI to automate attacks that previously required manual effort - no zero-days, just exposed management ports and weak passwords. The lesson: MFA and network segmentation are not optional.
These weekly digests are a starting point. Contact us for tailored threat briefings, security assessments, and architectural guidance for your AWS environment.
