Putin warns AI will reshape jobs as cybercriminals weaponize FortiClient and Gogs flaws—what’s next?

On May 28, 2026, Vladimir Putin said AI could replace millions of people at work, framing it as part of a broader labor-market restructuring. The same day, multiple cybersecurity reports highlighted active exploitation of enterprise software weaknesses: attackers are abusing a FortiClient Enterprise Management Server (EMS) authentication-bypass flaw labeled CVE-2026-35616 to deploy an undocumented credential stealer known as EKZ. Separate coverage also disclosed a critical remote-code-execution vulnerability in Gogs, a widely used self-hosted Git service, where Rapid7 rated the issue 9.4 on the CVSS scale and noted it lacks a CVE identifier. Taken together, the cluster points to a dual-track reality: governments are preparing for AI-driven workforce disruption while threat actors are accelerating compromise of the digital infrastructure that underpins modern work. Geopolitically, the Putin labor-market message is not just domestic rhetoric; it signals how Russia may justify industrial and social policy shifts in response to AI adoption, potentially shaping labor regulation, welfare spending, and industrial strategy. Meanwhile, the FortiClient EMS campaign underscores how attackers target “trusted” management layers—an approach that can scale access across managed endpoints and therefore amplify operational leverage for any state-aligned or financially motivated actor. The Gogs RCE flaw matters because source-code and developer tooling are strategic assets; compromising them can translate into supply-chain risk, intellectual property theft, and faster weaponization of vulnerabilities. In this environment, South Korea’s reported AI-linked worker bonuses at Samsung and Hynix illustrate the divergence in narratives: some economies sell AI as a productivity and compensation engine, while others face political pressure to manage displacement and security externalities. Market and economic implications are most visible in cybersecurity and enterprise IT spending, where patching cycles and incident response can raise near-term demand for managed security services, endpoint management hardening, and identity protection. The FortiClient EMS EKZ campaign suggests elevated risk for firms using Fortinet-managed environments, which can pressure Fortinet-related enterprise budgets toward remediation and alternative tooling, even if the underlying vendor is already patching. For developers and software supply chains, a Gogs RCE rated 9.4 can increase the probability of costly downtime, credential resets, and code-integrity reviews, affecting software engineering productivity and potentially insurance claims. On the macro side, AI-driven labor restructuring rhetoric can influence expectations around productivity, wage dynamics, and consumer demand, while South Korea’s $42 billion in AI-related bonuses for Samsung and Hynix workers signals a near-term support to household income and discretionary spending. What to watch next is whether exploitation of CVE-2026-35616 expands beyond initial targets and whether indicators of compromise (IOCs) tied to EKZ become widely reported across managed endpoint environments. For Gogs, the key trigger is the publication of a formal CVE and the release of a definitive patch or mitigation guidance, followed by evidence of scanning and attempted exploitation in the wild. Executives should monitor FortiClient EMS deployment telemetry for authentication-bypass attempts, unusual credential access patterns, and lateral movement consistent with credential-stealer behavior. In parallel, policymakers will likely face pressure to reconcile AI adoption with labor-market stability; the next escalation point is whether governments announce concrete retraining, wage insurance, or labor-market adjustment programs in response to AI displacement narratives. Over the next days to weeks, the combined security and labor signals could translate into faster enterprise patching, higher security budgets, and more politically salient debates about AI’s social contract.

Geopolitical Implications

• 01

  Russia’s AI labor narrative may be used to justify domestic restructuring policies and shape international perceptions of AI-driven economic transformation.

• 02

  Targeting trusted endpoint management infrastructure suggests adversaries can scale access rapidly, increasing the strategic value of identity and management-layer security.

• 03

  Compromising self-hosted code platforms like Gogs can translate into broader supply-chain vulnerabilities and cross-sector spillovers.

Key Signals

• —Whether EKZ-related indicators of compromise spread to additional FortiClient EMS deployments and managed endpoint fleets.
• —Publication of a formal CVE and patch guidance for the Gogs RCE, followed by observed scanning/exploitation attempts.
• —Enterprise telemetry showing authentication-bypass attempts, anomalous credential access, and lateral movement patterns.
• —Policy announcements on AI retraining, wage support, or labor-market adjustment in response to displacement narratives.