News & Alerts

AI Coding Tools Fuel a New Wave of Low Skill High Impact Cyber Attacks

AI tools like ChatGPT and Claude Code enabled individuals with no coding background to conduct attacks previously requiring skilled engineers, as exploit windows shrank to 44 days and malicious software packages surged to nearly half a million by 2025.

CSBadmin
CSBadmin
2 Min Read

AI Lowers the Barrier to Entry for Cybercrime

In 2025, large language models and agentic coding platforms reached a tipping point, transforming from imperfect coding aids into full fledged development engines. This shift has dramatically lowered the technical skill needed to carry out sophisticated cyberattacks. A 17 year old in Japan with no coding background used AI tools to steal data from 7 million users of the Kaikatsu Club internet cafe chain. Three teenagers aged 14 to 16 used ChatGPT to build a tool that hit Rakuten Mobile 220,000 times. These cases show how AI is enabling individuals without traditional programming expertise to conduct attacks that previously required skilled engineers or organized teams.

Contents
AI Lowers the Barrier to Entry for CybercrimeExploit Speed Reaches Unprecedented LevelsRethinking Defense for the AI Era

Exploit Speed Reaches Unprecedented Levels

Attackers are now weaponizing vulnerabilities faster than ever before. The time to exploit a known vulnerability has collapsed from over 700 days in 2020 to just 44 days in 2025. Mandiant reports that 28.3% of CVEs are now exploited within 24 hours of disclosure, meaning exploits often arrive before patches. Meanwhile, malicious packages in public repositories grew from 55,000 in 2022 to 454,600 by 2025. The Shai-Hulud attack compromised over 500 npm packages, stealing $8.5 million from Trust Wallet. Defenders face an average remediation time of 74 days for critical vulnerabilities, while 45% of flaws in large organizations are never fixed at all.

Rethinking Defense for the AI Era

Traditional detection tools are struggling against AI generated malware that mimics legitimate code with documentation and unit tests. Static analysis and signature scanners frequently miss these threats. Experts argue that organizations can no longer rely on speed alone to outpace attackers. The recommended approach is to eliminate entire categories of vulnerabilities through structural defenses. One example is rebuilding open source libraries from verified source code, which blocked 99.7% of malicious npm packages in tests. As AI capabilities continue to grow, the gap between attacker willingness and technical ability is shrinking rapidly, forcing a fundamental rethink of cybersecurity strategy.

Source: Thehackernews

CSBadmin

The latest in cybersecurity news and updates.

TAGGED:
Share This Article
ByCSBadmin
Follow:
The latest in cybersecurity news and updates.
Previous Article Fake TanStack npm Package Steals Developer Credentials via Postinstall Script
Next Article Hackers Exploit Critical cPanel Flaw to Breach Governments and Hosting Firms

Trending

Related Stories

CSBadmin

New GhostRedirector Threat Cluster Targets IIS Servers for SEO Fraud and Persistent Access

CSBadmin

EtherRAT Campaign Uses SEO Poisoning and GitHub Facades to Target Enterprise Admins

CSBadmin

cPanelSniper Weaponizes cPanel Flaw, 44k Hosts at Risk

CSBadmin

Adobe Issues Emergency Patch for ‘SessionReaper,’ One of the Most Severe Magento Flaws Ever