How Artificial Intelligence Is Reshaping Modern Cyberattacks

30.06.2026 7 minutes Author: Lady Liberty

Artificial intelligence is helping hackers create exploits, malware, and phishing attacks much faster than ever before. Learn why experts consider 2026 a turning point for cybersecurity and which emerging threats are already becoming a reality.

How Artificial Intelligence Reshaped the Modern Cyberattack Landscape

On December 4, 2025, a 17-year-old teenager was arrested in Osaka under Japan’s Unauthorized Computer Access Law. The young man deployed malicious code to steal the personal data of more than 7 million users of Kaikatsu Club, Japan’s largest internet café chain. When asked about his motive, he admitted that he wanted to buy Pokémon cards.

In one sense, this is a familiar story. Since the 1990s, we have read about computer prodigies like Kevin Mitnick, whose technical skills often outpaced their judgment, drawing them into high-profile cybercrimes in pursuit of status, profit, or excitement. But this case is different in one important way: the teenager in question was not technically skilled.

The Rise of AI-Assisted Cyberattacks

In 2025, LLM-based chatbots and AI coding agents crossed a critical threshold, evolving from useful but error-prone coding assistants into highly capable software developers. Over the course of the year, several indicators of cybercrime frequency and severity nearly doubled. The number of malicious packages discovered in public repositories increased by 75%, cloud intrusions rose by 35%, and AI-generated phishing campaigns began outperforming human red teams. More importantly, the profile of those carrying out these attacks changed dramatically.

In February 2025, three teenagers aged 14, 15, and 16 with no programming experience used ChatGPT to build a tool that attacked the Rakuten Mobile system approximately 220,000 times, using the proceeds to purchase gaming consoles and fund online gambling. In July 2025, a single individual used Claude Code, a more advanced AI coding platform, to conduct a month-long extortion campaign targeting 17 organizations. The attacker relied on AI agents to develop malware, organize stolen files, analyze financial records to tailor ransom demands, and draft extortion emails. In December 2025, another attacker used Claude Code and ChatGPT to compromise Mexican government agencies, targeting more than 10 organizations and stealing over 195 million taxpayer records.

While these types of attacks were technically possible before 2025, we are now seeing individuals launch operations that previously required well-organized cybercriminal groups. At the same time, people with little or no technical background are carrying out attacks that, before the AI era, would have required the expertise of highly skilled hackers or software engineers. In 2025, the barrier to conducting technically sophisticated cyberattacks dropped dramatically.

The Numbers Paint a Clear Picture

Throughout 2025, indicators related to bot activity, malware, targeted compromises, and phishing campaigns increased sharply. At the same time, the technical capabilities of large language models improved dramatically across industry benchmarks.

According to Sonatype, public repositories contained around 55,000 malicious packages in 2022. By 2025, that number had surged to 454,600. The most significant spikes occurred in 2023, following the release of GPT-4, and again in 2025, when AI coding agents became widely adopted.

Another practical indicator of an attacker’s real-world capabilities is time to exploit—the period between the public disclosure of a vulnerability and the appearance of a working exploit. Compared to the pre-AI era, this metric has changed dramatically.

The average time to exploit dropped from more than 700 days in 2020 to just 44 days in 2025. In other words, attackers can now develop exploits for newly disclosed vulnerabilities in less than two months instead of nearly two years. Moreover, the Mandiant M-Trends 2026 report found that the timeline has effectively become negative in some cases: exploits are now regularly appearing before security patches are released, with 28.3% of CVEs being actively exploited within 24 hours of public disclosure.

Throughout 2024, 2025, and early 2026, the performance of leading AI models such as ChatGPT, Claude, and Gemini improved dramatically on benchmarks like SWE-bench, which measures real-world software engineering capabilities. In August 2024, the best-performing models were able to solve 33% of real GitHub issues included in the benchmark. By December 2025, that figure had climbed to nearly 81%.

By the end of 2024, and especially throughout 2025, AI-assisted coding reached a turning point. As these tools became dramatically more capable, they also strengthened offensive cyber capabilities. The cybersecurity landscape of 2026 reflects this shift: attacks are occurring more frequently, causing greater damage, and having a much broader impact.

Defenders Are Struggling to Keep Up

Artificial intelligence is accelerating the work of both defenders and attackers. Unfortunately, the data from 2025 and 2026 suggests that the advantage currently lies with cybercriminals. According to the Edgescan 2025 Vulnerability Statistics Report, the average time required to remediate a high- or critical-severity CVE is now 74 days. Even more concerning, 45% of vulnerabilities affecting systems operated by large organizations with more than 1,000 employees are never patched.

Organizations are also facing growing pressure from the surge in malicious software published in public package repositories. In September 2025, the Shai-Hulud attack targeting the npm ecosystem compromised more than 500 packages. Sensitive data was exposed across more than 487 organizations, while attackers stole $8.5 million from Trust Wallet after using leaked credentials to poison its Chrome extension. Following the attack, many organizations froze software development while investigating potential compromises.

Detection has become increasingly difficult as well. During 2025, malicious npm packages masquerading as popular libraries such as chalk and debug included convincing documentation, unit tests, and code carefully structured to resemble legitimate telemetry modules. Traditional static analysis tools and signature-based scanners failed to detect many of these threats because the AI-generated code looked virtually indistinguishable from legitimate software. As Chainguard CEO Dan Lorenc noted, “The complexity and scale of vulnerability management have outgrown the ability of most organizations to manage them on their own.”

Eliminating Entire Categories of Attacks

The biggest lesson of 2025 is that organizations can no longer rely solely on reacting faster. The window between vulnerability disclosure and exploitation is shrinking more rapidly than security teams can accelerate patching cycles, while AI-generated malware continues to evade detection tools that organizations have relied on for years. At the same time, the overlap between people willing to launch cyberattacks and those technically capable of doing so continues to expand as AI lowers the barrier to entry. Meanwhile, software is being developed faster than ever before. If supply chain attacks can spread this quickly in 2026, the question is what 2027 will look like as AI models become even more capable.

Rather than focusing exclusively on responding faster, many security experts argue that organizations should eliminate entire categories of vulnerabilities whenever possible. This approach aims to remove common attack vectors instead of repeatedly patching the same classes of weaknesses. Solutions such as Chainguard Libraries follow this philosophy by rebuilding open-source libraries from verified and attributable source code, reducing the risk of software supply chain attacks, dependency confusion, compromised CI/CD pipelines, stolen tokens, and malicious package distribution. In testing against 8,783 malicious npm packages, Chainguard Libraries reportedly blocked 99.7% of them. Against approximately 3,000 malicious Python packages, the detection rate reached about 98%.

The numbers speak for themselves: 454,600 malicious packages were identified last year, including 394,877 in a single quarter. An inexperienced attacker in Algeria reportedly developed ransomware that targeted 85 victims during its first month of operation. A 17-year-old teenager stole the personal data of 7 million people simply to buy Pokémon cards. The tools that enable these attacks are becoming cheaper, faster, and more accessible every year. As AI continues to evolve, organizations must shift from reacting to individual incidents toward building security strategies that make entire classes of attacks far more difficult—or impossible—to execute.

Subscribe
Notify of
0 Коментарі
Oldest
Newest Most Voted
Found an error?
If you find an error, take a screenshot and send it to the bot.