RC RANDOM CHAOS
aisupply-chainmalwarecybersecurity

AI lowers the bar: nontechnical attackers now run sophisticated campaigns

· via The Hacker News

Original source

2026: The Year of AI-Assisted Attacks

The Hacker News →

A December 2025 arrest in Osaka captures the shift: a 17-year-old with no technical background used AI tools to exfiltrate 7 million records from Japan’s largest internet cafe chain, motivated by Pokémon card purchases. Throughout 2025, agentic coding platforms enabled solo actors to execute campaigns that previously required organized teams. Documented cases include three Japanese teenagers hammering Rakuten Mobile 220,000 times with a ChatGPT-built tool, a single operator running a month-long extortion campaign against 17 organizations using Claude Code, and a December breach of more than 10 Mexican government agencies that exposed 195 million taxpayer records.

The quantitative picture matches the anecdotes. Malicious packages in public repositories grew from 55,000 in 2022 to 454,600 in 2025, with sharp jumps tracking GPT-4 and agentic coding releases. Time-to-exploit collapsed from over 700 days in 2020 to 44 days in 2025, and Mandiant reports 28.3% of CVEs are now exploited within 24 hours of disclosure — frequently before patches ship. Frontier model performance on SWE-bench climbed from 33% in August 2024 to nearly 81% by December 2025, and AI-generated phishing now outperforms human red teams. Meanwhile, mean remediation time for high or critical CVEs sits at 74 days, and 45% of vulnerabilities at large enterprises are never patched at all.

Detection is failing because AI-generated malicious packages now ship with documentation, tests, and plausible structure — the September 2025 Shai-Hulud npm attack compromised 500+ packages, leaked secrets at 487 organizations, and enabled $8.5M in theft from Trust Wallet via a poisoned Chrome extension. The piece, authored by a Chainguard developer relations engineer, argues that speed-based defense has lost and pitches Chainguard Libraries — which rebuilds open source dependencies from verified source — as a way to structurally eliminate supply chain attack categories, citing 99.7% block rates against tested malicious npm packages.

Read the full article

Continue reading at The Hacker News →

This is an AI-generated summary. Read the original for the full story.