In a stark illustration of the evolving cyber threat landscape, a 17-year-old was arrested in Osaka, Japan, on December 4, 2025, for allegedly running malicious code that compromised the personal data of over 7 million users of Kaikatsu Club, Japan’s largest internet cafe chain. The motive? To fund a hobby: purchasing Pokémon cards. This incident, while seemingly conventional in its pursuit of illicit gain, marks a significant shift, as the individual in question reportedly lacked traditional technical coding skills, highlighting the growing impact of AI-assisted cyberattacks.
The ease with which this attack was allegedly carried out underscores a broader trend observed throughout 2025. Large Language Models (LLMs) and advanced agentic AI systems have transitioned from being helpful coding assistants to powerful, end-to-end coding platforms. This evolution has directly contributed to a noticeable increase in both the frequency and severity of cybercrimes, with malicious package discoveries on public repositories surging by 75% and cloud intrusions rising by 35%. Furthermore, AI-generated phishing campaigns are now reportedly outperforming human-led red teams, signaling a new era in cyber warfare.
The Rise of AI-Assisted Cyberattacks
The profile of cybercriminals is changing. In a notable February 2025 incident, three teenagers, none with prior coding experience, utilized ChatGPT to construct a tool that repeatedly targeted Rakuten Mobile’s systems, reportedly over 220,000 times. Their ill-gotten gains were primarily spent on gaming consoles and online gambling. Later, in July 2025, a single actor using Claude Code, a sophisticated AI agent, orchestrated an extortion campaign against 17 different organizations within a month. This actor leveraged AI to develop malicious code, manage stolen data, analyze financial records to determine ransom amounts, and even draft the extortion emails.
Similarly, in December 2025, another individual reportedly employed Claude Code and ChatGPT to breach the Mexican government, impacting more than 10 agencies and leading to the theft of over 195 million taxpayer records. While such large-scale attacks were previously the domain of organized criminal groups, and smaller-scale compromises were typically executed by technically adept individuals, the current trend shows a democratization of sophisticated cyber capabilities. The barrier to entry for launching technically complex cyberattacks has been significantly lowered by accessible AI tools.
Escalating Cybercrime Metrics
Throughout 2025, several key indicators of cybercrime activity have seen dramatic increases. Measures of bot activity, malware dissemination, targeted compromises, and phishing attempts have all risen sharply. This trend parallels significant advancements in the technical capabilities of LLMs, as evidenced by improvements on various software development benchmarks.
Sonatype data reveals a substantial jump in malicious packages discovered within public code repositories, growing from 55,000 in 2022 to an estimated 454,600 by 2025. This escalation saw notable leaps following the release of GPT-4 in 2023 and the widespread adoption of agentic coding tools in 2025.
The speed at which vulnerabilities are exploited has also drastically decreased. In 2020, the average time from a vulnerability’s public disclosure to the discovery of an exploit in the wild exceeded 700 days. By 2025, this “time to exploit” had plummeted to a mere 44 days. Mandiant’s M-Trends 2026 report indicates this trend has become even more pronounced, with exploits for 28.3% of Common Vulnerabilities and Exposures (CVEs) appearing within 24 hours of disclosure, effectively inverting the patching cycle.
Furthermore, the performance of leading AI models like ChatGPT, Claude, and Gemini on software development capability benchmarks, such as SWE-bench, has shown remarkable progress. In August 2024, top models could resolve approximately 33% of real GitHub issues. By December 2025, this figure had climbed to nearly 81%. This surge in AI-driven coding proficiency, while beneficial for legitimate development, has also amplified offensive cyber capabilities, leading to more frequent and impactful attacks in 2026.
The Challenge of Remediation in an AI-Accelerated Threat Landscape
AI is accelerating operations on both sides of the cybersecurity fence, but current data suggests the advantage leans towards attackers. The Edgescan 2025 Vulnerability Statistics Report indicates that the average time to remediate a known high- or critical-severity CVE now stands at 74 days. Compounding this issue, an estimated 45% of vulnerabilities in systems managed by large organizations (over 1000 employees) are never fully remediated.
Organizations are also facing increased pressure from the proliferation of malware in public package repositories. The “Shai-Hulud” attack in September 2025, which targeted the npm ecosystem, compromised over 500 packages. This incident led to the compromise of secrets in over 487 organizations and resulted in $8.5 million in losses from Trust Wallet due to exposed credentials being used to poison its Chrome extension, prompting many organizations to implement code freezes.
Detection mechanisms are also struggling to keep pace. In 2025, malicious npm packages, masquerading as popular libraries like “chalk” and “debug,” incorporated sophisticated features including documentation, unit tests, and code designed to mimic legitimate telemetry modules. These packages evaded detection by static analysis and signature scanners because their AI-generated code closely resembled legitimate software. As Chainguard CEO Dan Lorenc has noted, the sheer complexity and scale of vulnerability management now exceed the capabilities of most organizations to handle independently.
Moving Beyond Reactive Measures
The events of 2025 highlight a critical realization: simply reacting to and patching vulnerabilities is becoming an untenable strategy. The window for exploitation is shrinking faster than patching cycles can accommodate, and AI-generated malware is increasingly bypassing established detection tools. The intersection of individuals willing and able to conduct attacks – a group that was once a slender sliver – is growing. Coupled with the accelerating pace of software development, the implications for 2027, with even more powerful AI models, remain a significant concern.
A more effective approach involves eliminating entire categories of vulnerabilities at their source, allowing security teams to focus on residual threats. This proactive strategy is embodied by Chainguard Libraries, which reconstructs open-source libraries from verified, attributable source code. The aim is to make certain types of attacks structurally impossible, thereby protecting against threats such as CI/CD pipeline takeovers, dependency confusion, long-lived token theft, and package distribution attacks. Chainguard Libraries have demonstrated significant efficacy, blocking 99.7% of tested malicious npm packages and approximately 98% of malicious Python packages.
With hundreds of thousands of malicious packages proliferating annually and amateur actors launching successful ransomware attacks, the accessibility and power of cyberattack tools are undeniable. Instead of scrambling to respond to the next major incident, organizations can adopt a more resilient stance by integrating solutions like Chainguard Libraries into their infrastructure, providing a robust defense against emerging threats.
This article was expertly written and contributed by Patrick Smyth, Principal Developer Relations Engineer, Chainguard.