AI Attacks Now Land 30 Days Before Security Patches Arrive

TL;DR

• Mandiant’s M-Trends 2026 report found 28.3% of CVEs now get exploited within 24 hours of disclosure — attackers are moving faster than defenders can patch.
• Average time-to-exploit collapsed from 700+ days in 2020 to just 44 days in 2025, while malicious packages in public repositories exploded 725% to 454,600.
• AI coding tools like ChatGPT and Claude Code now enable teenagers and non-experts to breach systems at scale — a 17-year-old exfiltrated 7 million records, teens hit Rakuten Mobile 220,000 times.
• The offensive AI advantage is crushing current patch-management strategies, with organizations taking an average 74 days to fix critical vulnerabilities while attackers strike in 44.

The Patch-and-Pray Era Just Ended

The numbers don’t lie, and they’re brutal. According to analysis published this month, AI-assisted cyberattacks have crossed a threshold that security teams have dreaded for years: exploits now arrive faster than patches can be developed and deployed. Mandiant’s M-Trends 2026 report documents the inflection point with precision — 28.3% of CVEs get weaponized within 24 hours of public disclosure, and the average time-to-exploit has collapsed to 44 days in 2025 from over 700 days in 2020.

That’s not a trend line. That’s a cliff.

The malicious package problem tells the same story from a different angle. In 2022, security researchers tracked roughly 55,000 malicious packages lurking in public repositories. By 2025, that number rocketed to 454,600 — a 725% increase in three years. Malicious packages discovered on public repositories climbed 75% in 2025 alone, while cloud intrusions surged 35% in the same period.

And the attackers? They’re not who you’d expect. A 17-year-old exfiltrated 7 million records. Teenagers used ChatGPT to breach Rakuten Mobile 220,000 times. A single actor wielding Claude Code extorted 17 organizations. The barrier to entry didn’t just lower — it evaporated.

ChatGPT and Claude Code Arm Script Kiddies With Enterprise-Grade Exploits

Here’s what keeps me up at night: the Venn diagram of people willing to attack systems and people technically capable of attacking systems used to barely overlap. That sliver represented the entire threat landscape for decades. But as one security researcher noted in the report, that diagram “is growing every month.”

The frontier AI models — ChatGPT, Claude Code, Gemini — didn’t just make coding easier. They democratized sophisticated attack development. AI-generated phishing campaigns now outperform human red teams entirely, not by a margin but categorically. The models that scored 33% on SWE-bench GitHub issue resolution in August 2024 hit 81% by December 2025. That’s not incremental improvement. That’s a capability phase shift.

Think of it like this: we handed out sniper rifles to everyone who ever felt like throwing a rock. The intent was always there — malice doesn’t require AI. But capability? That was the bottleneck. Not anymore.

The economics have flipped. Attackers can now automate reconnaissance, exploit development, and lateral movement faster than defenders can inventory assets, prioritize vulnerabilities, and deploy patches. Organizations take an average of 74 days to remediate high or critical CVEs. Attackers need 44 days to exploit them. The math doesn’t work.

But it gets worse. The same AI coding assistants that help developers ship features faster also help them ship vulnerabilities faster. Organizations are building software at AI-accelerated speeds without AI-accelerated security review. Every new feature is a new attack surface, and the surface area is expanding exponentially.

Defensive AI Tools Can’t Keep Pace With Offensive Automation

The asymmetry is the story. Offensive AI capabilities — attack automation, exploit generation, vulnerability discovery — are advancing faster than defensive capabilities like threat detection and patch automation. The gap isn’t closing. It’s widening.

Cloud intrusions climbed 35% in 2025 despite massive investment in cloud security tooling. Malicious packages grew 75% despite improved repository scanning. The 28.3% same-day exploitation rate exists in an era where every major vendor has an AI-powered security operations center. Defensive AI isn’t losing because it’s poorly designed. It’s losing because defense is structurally harder than offense.

An attacker needs to find one vulnerability. A defender needs to find all of them. An attacker can probe a system until something breaks. A defender has to secure every endpoint, every API, every dependency, every configuration — perfectly, continuously, forever. AI amplifies both sides, but amplifying an asymmetric game doesn’t balance it. It tilts it further.

And here’s the kicker: the same companies building the frontier models that enable these attacks are also selling defensive AI products. OpenAI, Anthropic, Google — they’re arming both sides of this war. The tension between advancing AI capabilities and security imperatives isn’t abstract anymore. It’s measurable in breach counts.

The current patch-management paradigm assumes defenders get a reasonable window to test, deploy, and verify fixes before exploits appear in the wild. That window has closed. When 28.3% of vulnerabilities get exploited within 24 hours, patch Tuesday is a joke. By the time your change control board approves the deployment, the attackers have already moved.

2025 Marked the Year Cybercrime Went Exponential

This didn’t happen overnight. The data from 2025 shows a marked acceleration in both frontier AI model capability and cybercrime severity — approximately doubled measures of malicious activity across multiple vectors. The 725% growth in malicious packages since 2022 tracks almost perfectly with the release timeline of GPT-4, Claude 3, and Gemini Ultra.

Correlation isn’t causation, except when the causal mechanism is obvious. AI coding assistants make it trivial to generate malicious packages at scale. They help attackers write polymorphic malware that evades signature-based detection. They automate the tedious parts of reconnaissance and exploitation that used to require expertise.

The teenagers who hit Rakuten Mobile 220,000 times didn’t need to understand network protocols or authentication schemes. They needed to ask ChatGPT the right questions. The 17-year-old who exfiltrated 7 million records didn’t spend years learning database architecture. They used an AI assistant to write the SQL injection payload.

This is the new normal. Every month, the models get better at code generation. Every month, the barrier to entry drops. Every month, the Venn diagram grows.

Organizations Must Assume Breach Before Disclosure

So what do you watch? First, the time-to-exploit metric. If it drops below 24 hours as the median — not just the leading edge — the entire concept of coordinated vulnerability disclosure collapses. Vendors can’t patch what attackers are already exploiting at scale before the CVE even publishes.

Second, watch for the first major supply chain attack where the malicious code was entirely AI-generated and the attacker had no traditional programming background. It’s coming. The tooling exists. The incentives exist. It’s just a matter of time before someone with no prior hacking experience uses Claude Code to compromise a widely used open-source library.

Third, monitor whether defensive AI capabilities start closing the gap. Right now, they’re not. If that doesn’t change in the next 12 months, we’re looking at a permanent offensive advantage that fundamentally breaks the economics of cybersecurity. Organizations will spend more on incident response than prevention because prevention will be functionally impossible at the pace exploits are moving.

The patch-and-pray model is dead. Organizations need to assume breach before disclosure, assume exploitation before detection, and assume their attack surface is growing faster than their security team can inventory it. That’s not pessimism. That’s realism in the age of AI-assisted attacks.