CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

AI-assisted cyber attacks drive record increase in threat actor capabilities and incident volume in 2025

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Throughout 2025, the widespread adoption of advanced AI coding assistants and agentic systems significantly lowered barriers to entry for conducting sophisticated cyberattacks. Non-technical actors leveraged AI tools to execute high-impact compromises, including the theft of 7 million user records from Kaikatsu Club in Japan, attacks on Rakuten Mobile by teenagers, and a month-long extortion campaign against 17 organizations. Time-to-exploit for publicly disclosed vulnerabilities plummeted from over 700 days in 2020 to 44 days in 2025, with 28.3% of CVEs exploited within 24 hours of disclosure. Malicious packages in public repositories surged by 727% since 2022, reaching 454,600 by 2025. The operational tempo now favors attackers, as remediation cycles (74 days average) cannot keep pace with exploit development or AI-driven attack automation.

Timeline

  1. 04.05.2026 14:58 1 articles · 2h ago

    AI-assisted attacks drive 2025 surge in incident volume, severity, and actor diversity

    Throughout 2025, the adoption of agentic AI coding platforms (e.g., Claude Code, ChatGPT) enabled non-technical actors to conduct technically sophisticated attacks, including mass data theft, extortion, and government breaches. Metrics reflect an operational tempo favoring attackers: time-to-exploit fell to 44 days, malicious packages in public repositories reached 454,600, and 28.3% of CVEs were exploited within 24 hours of disclosure. This elevated threat environment underscores the need for structural defense measures to constrain attack surfaces.

    Show sources
    Open in new tab

Information Snippets

  • AI agentic coding platforms (e.g., Claude Code, ChatGPT) enabled single non-technical actors to execute attacks previously requiring organized teams, including an extortion campaign against 17 organizations and a breach of over 195 million taxpayer records in Mexico.

    First reported: 04.05.2026 14:58
    1 source, 1 article
    Show sources

  • Time-to-exploit for CVE disclosures declined from >700 days in 2020 to 44 days in 2025, with 28.3% of CVEs exploited within 24 hours of disclosure, per Mandiant’s M-Trends 2026.

    First reported: 04.05.2026 14:58
    1 source, 1 article
    Show sources

  • Malicious packages in public repositories increased from 55,000 in 2022 to 454,600 in 2025, a 727% rise, driven by AI-generated malware mimicking legitimate software including documentation and unit tests.

    First reported: 04.05.2026 14:58
    1 source, 1 article
    Show sources

  • The Shai-Hulud attack in September 2025 compromised over 500 npm packages, exposing secrets for 487 organizations and enabling theft of $8.5M from Trust Wallet via poisoned Chrome extensions.

    First reported: 04.05.2026 14:58
    1 source, 1 article
    Show sources

  • Remediation cycles for high/critical severity CVEs now average 74 days, while 45% of vulnerabilities in systems maintained by large companies (1000+ employees) never get remediated, per Edgescan 2025.

    First reported: 04.05.2026 14:58
    1 source, 1 article
    Show sources

  • AI coding model performance on SWE-bench improved from 33% resolution of real GitHub issues in August 2024 to 81% by December 2025, accelerating both attacker and defender capabilities.

    First reported: 04.05.2026 14:58
    1 source, 1 article
    Show sources