Legitimate Tools Hijacked as AI Becomes the New Battleground The most damaging intrusions this week didn't rely on custom malware — they hijacked the legitimate tools and protocols organizations already trust. FortiBleed harvested real credentials from FortiGate firewall configurations worldwide, EvilTokens bypassed multi-factor authentication by abusing Microsoft's own device login flow, and a WhatsApp campaign installed legitimate ManageEngine remote management software to maintain persistent access. Simultaneously, attackers are learning to manipulate the AI systems defenders increasingly depend on. The macOS.Gaslight malware feeds fake error messages to AI analysis tools to blind security analysts, malicious skills on the OpenClaw marketplace trick AI assistants into executing harmful commands, and researchers demonstrated that chatbot reconnaissance can map an organization's defenses through casual conversation. Reset all FortiGate and VPN credentials immediately, scrutinize AI marketplace add-ons before installation, and assume that any legitimate-looking login prompt or remote management tool could be an attacker wearing a trusted disguise.