How AI Enabled a Non‑Expert to Breach 6,700 DJI Vacuums and 600 Firewalls Worldwide

Recently a vacation‑property manager named Samy Azdufal used the AI coding assistant Claude Code to write a program that reverse‑engineered a newly released DJI Romo robot, bypassed its PIN with a 14‑digit code, and gained full remote control of the device.

With the compromised robot he was able to move the vacuum arbitrarily, activate its camera for live video, retrieve the device’s serial number and IP address, view cleaning maps and detailed operation data, and even override the built‑in security PIN.

Azdufal responsibly disclosed the discovered cloud‑permission vulnerability to DJI; the vendor confirmed the issue and began fixing the backend validation, though a full rollout was still pending. DJI later downplayed the impact, claiming that only security researchers could exploit the flaw.

Azdufal also uncovered a second, more severe vulnerability whose details remain undisclosed until DJI releases a patch.

This episode demonstrates that AI tools now lower the technical threshold for vulnerability discovery, allowing ordinary users to achieve exploits that previously required skilled security professionals.

In a parallel development, Amazon’s security team reported that during the Chinese New Year a small, possibly single‑person hacker group leveraged commercial generative‑AI services to scan the public‑facing ports (443, 8443, 10443, 4443) of Fortinet FortiGate firewalls worldwide. The AI automatically generated scanning scripts, identified exposed devices in 55 countries, and created dynamic password dictionaries tailored to each target’s language and system characteristics.

Using AI‑enhanced brute‑force techniques, the attacker cracked weak or default passwords, bypassed single‑factor authentication, and harvested SSL‑VPN credentials, management accounts, network topology, and firewall policies from exported configuration files. The AI then plotted internal penetration routes and auto‑generated lightweight lateral‑movement scripts, enabling a complete end‑to‑end breach without deep manual expertise.

The campaign compromised over 600 firewalls, a scale that would normally require a large, well‑funded team working for weeks; the AI‑driven workflow compressed the entire operation into minutes, effectively turning the attack into an “AI‑powered cyber‑crime production line.”

According to Amazon security lead CJ Moses, the incident highlights five profound impacts of AI on cybersecurity: (1) exponential increase in attack efficiency, (2) flattening of the attack skill barrier, (3) fuzzier attack signatures that evade traditional rule‑based defenses, (4) AI becoming a core battlefield for both attackers and defenders, and (5) heightened demands on security governance, compliance, and cross‑organization collaboration.

Defenders are urged to remediate basic security gaps—close unnecessary public ports, enforce strong, unique passwords, mandate multi‑factor authentication, keep firmware and apps up‑to‑date, and continuously monitor for anomalous logins. Deploying AI‑enhanced Security Operations Centers (SOC) that can automatically analyse massive logs, detect AI‑generated attack patterns, and respond in real time is becoming essential.

Finally, protecting the AI models themselves from prompt‑injection and data‑leak attacks is now a critical front, as AI both empowers attackers and must be hardened to prevent it from becoming a new attack vector.