AI Lowers the Barrier to Entry for Cybercrime
In 2025, large language models and agentic coding platforms reached a tipping point, transforming from imperfect coding aids into full fledged development engines. This shift has dramatically lowered the technical skill needed to carry out sophisticated cyberattacks. A 17 year old in Japan with no coding background used AI tools to steal data from 7 million users of the Kaikatsu Club internet cafe chain. Three teenagers aged 14 to 16 used ChatGPT to build a tool that hit Rakuten Mobile 220,000 times. These cases show how AI is enabling individuals without traditional programming expertise to conduct attacks that previously required skilled engineers or organized teams.
Exploit Speed Reaches Unprecedented Levels
Attackers are now weaponizing vulnerabilities faster than ever before. The time to exploit a known vulnerability has collapsed from over 700 days in 2020 to just 44 days in 2025. Mandiant reports that 28.3% of CVEs are now exploited within 24 hours of disclosure, meaning exploits often arrive before patches. Meanwhile, malicious packages in public repositories grew from 55,000 in 2022 to 454,600 by 2025. The Shai-Hulud attack compromised over 500 npm packages, stealing $8.5 million from Trust Wallet. Defenders face an average remediation time of 74 days for critical vulnerabilities, while 45% of flaws in large organizations are never fixed at all.
Rethinking Defense for the AI Era
Traditional detection tools are struggling against AI generated malware that mimics legitimate code with documentation and unit tests. Static analysis and signature scanners frequently miss these threats. Experts argue that organizations can no longer rely on speed alone to outpace attackers. The recommended approach is to eliminate entire categories of vulnerabilities through structural defenses. One example is rebuilding open source libraries from verified source code, which blocked 99.7% of malicious npm packages in tests. As AI capabilities continue to grow, the gap between attacker willingness and technical ability is shrinking rapidly, forcing a fundamental rethink of cybersecurity strategy.
Source: Thehackernews
