Between January 20 and 26, the Team Cymru researchers observed 21 unique IP addresses running CyberStrikeAI, with servers primarily hosted in China, Singapore, and Hong Kong. This indicates a “sharp increase in operational usage” since the GitHub repository was created in November 2025, Team Cymru’s Thomas noted.
“As adversaries increasingly embrace AI-native orchestration engines, we expect to see a rise in automated, AI-driven targeting of vulnerable edge devices,” including firewalls and VPN appliances, he warned.
In the near future, defenders must prepare for an environment where tools like this, and other “AI-assisted privilege escalation projects,” lower the barrier to entry for complex network exploitation, he cautioned.
