In December 2025, a 17-year-old was arrested in Osaka for stealing the personal data of over 7 million users from Japan's largest internet cafe chain. His motivation: he wanted to buy Pokemon cards. His technical background: none. His tool: AI.

That case, reported by The Hacker News in a sweeping analysis of AI-assisted cybercrime, is the new normal. The barrier to entry for sophisticated cyberattacks has collapsed. And the numbers tell a story that should alarm anyone responsible for defending systems.

The Numbers Are Staggering

Mandiant's M-Trends 2026 report, published by Google Cloud's threat intelligence division, delivers the headline statistic: time-to-exploit has effectively gone negative. Exploits are now routinely arriving before patches exist. In 2020, the average time from vulnerability disclosure to exploitation was over 700 days. In 2025, it was 44 days. And according to VulnCheck, 28.3% of CVEs are now exploited within 24 hours of disclosure.

Malicious packages discovered on public code repositories jumped from 55,000 in 2022 to 454,600 in 2025, according to Sonatype. That is not a trend line. That is a cliff. Cloud intrusions increased by 35%. AI-generated phishing now outperforms human red teams entirely.

The Attacker Profile Has Changed

The most unsettling shift is not the volume of attacks. It is who is launching them. In February 2025, three Japanese teenagers (ages 14, 15, and 16) with no coding background used ChatGPT to build a tool that hit Rakuten Mobile's system approximately 220,000 times. They spent their proceeds on gaming consoles and online gambling.

In July 2025, a single actor using Claude Code conducted an extortion campaign targeting 17 organizations over one month, using agentic AI to develop malicious code, organize stolen files, analyze financial records to calibrate ransom demands, and draft extortion emails. One person. Seventeen targets. One month. That used to require an organized crime group.

By December 2025, another individual used Claude Code and ChatGPT together to breach the Mexican government, targeting more than 10 agencies and stealing over 195 million taxpayer records. Single attacker. National-scale damage.

The AI Companies Know

Both OpenAI and Anthropic have acknowledged the problem. Anthropic reported the Claude Code extortion campaign publicly. OpenAI has documented cases of ChatGPT being used for malware development. Both companies have implemented safeguards and usage monitoring. But the fundamental tension remains: the same capabilities that make these models valuable for software development, data analysis, and automation are the ones that make them powerful tools for attackers.

The The Hacker News analysis makes a critical observation: we are no longer seeing AI as a force multiplier for skilled hackers. We are seeing AI as a replacement for skill itself. The attacks being carried out by non-technical teenagers in 2025 would have required organized teams of experienced engineers five years ago.

What Defenders Are Up Against

The math does not work in defenders' favor. When time-to-exploit goes negative, patching is not defense. It is cleanup. When the attacker pool expands from organized crime groups and state actors to include literal children, the volume of attacks will continue to climb. When a single person can replicate the output of a cybercrime syndicate, scale stops being a constraint.

This context makes the White House's reported interest in pre-release AI model vetting look less like regulatory overreach and more like a panicked recognition of what is already happening.