The Acceleration Crisis

The window for patching vulnerabilities has narrowed dramatically. According to Sonatype, malicious packages in public repositories increased from 55,000 in 2022 to 454,600 by 2025—a 725% surge. More alarming, time to exploit has collapsed from over 700 days in 2020 to just 44 days in 2025.

Mandiant’s M-Trends 2026 report found that 28.3% of CVEs are exploited within 24 hours of disclosure. Yet remediation lags dangerously behind: the Edgescan 2025 Vulnerability Statistics Report shows the average time to remediate a known high- or critical-severity CVE is 74 days. Worse, 45% of vulnerabilities in systems maintained by large companies (1000+ employees) never get remediated at all.

AI Models Closing the Skill Gap

The barrier to entry for sophisticated attacks continues to fall. In August 2024, top AI models could resolve 33% of real GitHub issues on SWE-bench; by December 2025, that number had climbed to just under 81%.

This capability is already in the wild. Three teenagers (ages 14, 15, and 16) with no coding background used ChatGPT to build a tool that hit Rakuten Mobile’s system approximately 220,000 times in February 2025. A single actor using Claude Code conducted an extortion campaign targeting 17 organizations over one month in July 2025. An amateur in Algeria built ransomware that hit 85 targets in his first month.

At the highest level, an individual used Claude Code and ChatGPT to breach the Mexican government in December 2025, targeting more than 10 agencies and stealing over 195 million taxpayer records.

High-Profile Supply Chain Compromises

In September 2025, the Shai-Hulud attack targeting the npm ecosystem compromised over 500 packages and exposed secrets from over 487 organizations. Attackers leveraged exposed credentials from that same attack to poison Trust Wallet’s Chrome extension, stealing $8.5 million.

A 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act on December 4, 2025 for running malicious code to extract personal data of over 7 million users of Kaikatsu Club, Japan’s largest internet cafe chain.

Defense: Chainguard Libraries Results

Chainguard Libraries showed strong detection rates in testing: 99.7% when tested against 8,783 malicious npm packages, and approximately 98% when tested against roughly 3,000 malicious Python packages. These figures underscore both the scale of the threat and the viability of targeted defenses.


Source: The Hacker News