Fortinet Responds to FortiBleed Campaign

A database of over 86,000 confirmed working credentials was created during the credential-harvesting campaign. The post Fortinet Responds to FortiBleed Campaign appeared first on SecurityWeek .

According to public reporting on the FortiBleed campaign, threat actors harvested and validated a large database of working VPN and administrator credentials from Fortinet FortiGate devices, with confirmed working logins for tens of thousands of internet-facing firewalls across 194 countries.[2][8] This represents a major incident of credential and configuration data leakage, enabling persistent unauthorized access to affected networks.[3][5] From a CyberSE.AI perspective, any AI agents or workflows integrated with Fortinet infrastructure (for example, for automated firewall management, log analysis, or incident response) could be indirectly exposed if compromised VPN or admin accounts are used to pivot into systems that store AI configurations, secrets, or data. Organizations should assess AI-related access paths to Fortinet environments, enforce strong credential hygiene and MFA, and include AI agents in incident response, ensuring their permissions, stored secrets, and logs are reviewed and hardened as part of a broader AI security readiness and governance program.