AI-Powered Hackers Breach 600 Firewalls in Global Cyber Campaign, Amazon Reports
Wednesday, February 25th, 2026 Insurance Industry Risk Management TechnologyA small group of hackers used widely available generative AI tools to breach more than 600 firewalls across 55 countries in just five weeks, according to new security research from Amazon.com Inc..
The report states that the attackers, described as Russian-speaking and financially motivated, leveraged commercial AI services to automate and accelerate intrusion attempts. By exploiting weak passwords and single-factor authentication, they compromised security devices at a scale that would typically require a larger, more skilled operation. Once inside, the hackers attempted to move laterally within networks in activity that appeared consistent with early-stage ransomware preparation.
CJ Moses, who leads security engineering and operations at Amazon, described the activity as an AI-powered production model for cybercrime, enabling less experienced actors to execute attacks at volume. The company did not identify the specific AI tools used or the affected organizations.
Opportunistic Targeting Across Multiple Regions
The breached firewalls were located across South Asia, Latin America, the Caribbean, West Africa, Northern Europe and Southeast Asia. Researchers believe the actors scanned broadly for weak protections rather than targeting specific industries.
When attackers encountered hardened defenses or stronger authentication controls, they moved on. According to the report, once inside networks they struggled to exploit more complex systems beyond automated attack paths. This suggests AI enhanced speed and scale but did not necessarily increase technical sophistication.
The findings follow a 2025 case in which a hacker used tools from Anthropic PBC in a cybercrime scheme affecting at least 17 organizations, marking an early large-scale example of commercial AI being weaponized.
Why This Matters for Insurance Claims Adjusters
For property, cyber, and business interruption adjusters, this report signals several practical concerns:
1. Increased Frequency of Cyber Claims
AI-assisted scanning and credential stuffing could increase the volume of small to mid-sized ransomware and network intrusion claims, particularly among organizations with outdated firewall configurations or single-factor authentication.
2. Aggregation Risk Across Regions
With 600 firewalls breached across 55 countries, the event underscores how a single campaign can create geographically dispersed but technologically linked losses. Carriers and adjusters handling cyber portfolios should monitor for aggregation exposure tied to common firewall vendors or shared security weaknesses.
3. Underwriting and Risk Control Scrutiny
Expect closer scrutiny of MFA enforcement, password policies, and firewall configuration documentation during underwriting and post-loss investigations. Adjusters may see more coverage disputes centered on misrepresentation of cybersecurity controls or failure to maintain minimum security standards.
4. Forensic Complexity and Subrogation
AI-driven attacks may blur attribution lines, complicating recovery efforts. Identifying threat actors, third-party security failures, or vendor liability could become more challenging, affecting subrogation potential.
Amazon warned that AI-augmented threat activity is likely to grow, driven by both skilled and unskilled actors. For claims professionals, the message is clear: automated cyber intrusions are becoming cheaper, faster, and more scalable. That shift could reshape cyber loss frequency patterns in 2026 and beyond.
