The cybersecurity landscape is undergoing a significant shift as artificial intelligence continues to reshape how cyber attacks are executed, with 2026 reflecting a sharp rise in AI assisted threats across multiple sectors. A notable case from December 2025 highlighted this change when a 17 year old in Osaka accessed and extracted personal data of more than 7 million users from Kaikatsu Club, one of Japan’s largest internet cafe chains. The incident stood out not only because of the scale of the breach but also because the individual reportedly lacked advanced technical expertise and was motivated by a simple objective of purchasing Pokémon cards. This case illustrates how the availability of AI driven tools has reduced the technical barrier traditionally associated with complex cyber operations.
Throughout 2025, advancements in large language models and agent based systems transformed them from basic coding assistants into highly capable development tools capable of generating complete code workflows. This shift has been accompanied by measurable increases in cybercrime activity. Reports indicate that malicious packages discovered in public repositories rose by 75 percent, while cloud intrusion incidents increased by 35 percent during the same period. AI generated phishing campaigns also began outperforming traditional human led red team simulations in terms of effectiveness. These developments are not only increasing the frequency of attacks but also changing the profile of threat actors, with individuals lacking formal programming backgrounds now capable of executing sophisticated campaigns that previously required organized groups or highly skilled professionals.
Several incidents during 2025 illustrate this evolving trend. In February, three teenagers with no coding experience used AI tools to build a system that sent approximately 220000 requests to Rakuten Mobile, generating proceeds later used for personal purchases such as gaming consoles and online gambling. In July, a single actor leveraged an advanced agent based platform to conduct an extortion campaign targeting 17 organizations within a month, using AI to develop malware, analyze stolen financial data, and generate extortion communications. Another incident in December involved a breach of more than 10 government agencies in Mexico, where over 195 million taxpayer records were compromised using AI assisted techniques. These examples demonstrate how AI has enabled individuals to execute operations at a scale and complexity that previously required coordinated teams.
The acceleration of attack timelines has also become a defining characteristic of the current threat environment. The time required for attackers to exploit newly disclosed vulnerabilities has dropped significantly, decreasing from more than 700 days in 2020 to approximately 44 days in 2025. Research further indicates that a significant percentage of vulnerabilities are now exploited within 24 hours of disclosure, sometimes even before patches are made available. At the same time, organizations continue to face challenges in remediation, with average patching timelines extending to more than two months for high severity vulnerabilities and a substantial portion of identified issues remaining unaddressed. The rapid increase in malicious packages within open source ecosystems has further complicated security efforts, as attackers use AI generated code to create software that closely resembles legitimate libraries, making detection more difficult for traditional security tools.
The broader impact of these developments is evident in the increasing scale of cyber threats, including the rise in phishing campaigns, malware distribution, and supply chain attacks. Large scale incidents such as the compromise of hundreds of npm packages and exposure of sensitive credentials have demonstrated how attackers are exploiting software development pipelines to gain access to critical systems. Security experts note that traditional approaches focused solely on patching vulnerabilities may no longer be sufficient in an environment where attack capabilities are advancing rapidly. New strategies are emerging that aim to reduce entire categories of risk by ensuring that software components are built from verified sources and protected against manipulation. As AI continues to influence both attackers and defenders, the cybersecurity ecosystem is adapting to a reality where speed, scale, and accessibility of attack tools are reshaping how threats are identified and managed across digital environments.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
