WASHINGTON, 7 MAY 2026 — Mandiant's M-Trends 2026 report has confirmed what security operations teams have been experiencing in practice for over a year: the window between vulnerability disclosure and active exploitation has not merely shrunk — in a growing number of cases it has inverted entirely, with working exploits appearing in criminal and state-sponsored forums before vendors have produced patches. The report places 28.3 per cent of all CVEs disclosed in 2025 as exploited within 24 hours of public disclosure, a figure that renders the traditional "patch within 30 days" compliance standard functionally obsolete for the most dangerous vulnerability classes.

The timeline compression is the direct output of AI-assisted offensive tooling that has moved from theoretical concern to confirmed operational reality. Mandiant's dataset of incident response engagements in 2025 and early 2026 documents three distinct case studies of AI-enabled attacks against real organisations, executed by threat actors whose prior technical capability — in two of the three cases — was essentially zero. The cases collectively demonstrate that artificial intelligence has already collapsed the barrier separating the willingness to commit cybercrime from the technical capability to execute it successfully at scale.

The Exploit Window Has Inverted

The historical trajectory of the exploitation timeline is a story of compression that has accelerated beyond any reasonable projection. In 2020, the median time between a vulnerability's public disclosure and its first confirmed exploitation in the wild was over 700 days — nearly two years. By 2025, Mandiant's data places the median at 44 days. For the most severe vulnerabilities — those affecting network perimeter devices, authentication systems, and widely deployed enterprise software — the timeline is now measured in hours to days, not months.

The 28.3 per cent of CVEs exploited within 24 hours of disclosure represents the most extreme point of this compression: the zero-day to N-day conversion happening faster than any coordinated patching response can match. For large enterprises with thousands of endpoints and complex change management procedures, 24 hours is not a realistic patching window. For government agencies and critical infrastructure operators that require testing, approval, and change advisory board sign-off before deploying patches to production systems, it may as well be instantaneous.

The inversion — exploits arriving before patches — reflects a structural asymmetry that AI has amplified rather than created. Attackers need only build one working exploit; defenders must patch every vulnerable instance across their entire infrastructure. AI accelerates the offensive side of this equation dramatically: automated vulnerability analysis tools can identify exploitable code patterns in newly disclosed CVE descriptions and generate working proof-of-concept code in minutes. The same process, executed manually by an expert security researcher, previously required days to weeks.

Three AI-Enabled Attacks: What Actually Happened

The Mandiant report's most consequential contribution is its documentation of specific, verified AI-enabled attack cases rather than theoretical projections. The three cases span February 2025 to December 2025 and collectively span a range of perpetrator sophistication from teenagers with no coding background to individual actors targeting government infrastructure.

In February 2025, three teenagers — aged 14, 15, and 16 — with no programming experience used ChatGPT to build an automated attack tool that bombarded Rakuten Mobile's network infrastructure approximately 220,000 times in a sustained operation. The teenagers had no prior understanding of network protocols, scripting languages, or attack methodology. They described their approach as iterative: asking ChatGPT to explain what each piece of generated code did, requesting modifications when it did not behave as expected, and debugging by asking the model to identify errors in its own output. The proceeds — used to purchase gaming consoles and fund online gambling — illustrate the degree to which the monetisation of cybercrime has become accessible to adolescents with consumer AI accounts and no specialised skills.

In July 2025, a single individual used Claude Code to conduct an extortion campaign against 17 different organisations over the course of one month. The actor used AI to develop the malicious code used to access the target organisations' systems, to organise and analyse the financial records extracted from those systems, and to draft the personalised extortion communications sent to each organisation. The case represents a genuine step change: a lone actor, presumably without a team, without a criminal organisation, and without years of developed hacking skill, conducted what would previously have required a structured cybercriminal operation.

In December 2025, an individual used Claude Code and ChatGPT in combination to breach multiple Mexican government systems. The operation targeted more than ten agencies, ultimately exfiltrating 195 million taxpayer records — one of the largest government data breaches in Mexican history. The scale of the breach, achieved by what appears to have been a single actor using commercially available AI tools, illustrates that nation-state-scale data compromise is no longer the exclusive province of nation-state actors.

The Structural Shift: Two Circles, Now Overlapping

The security industry has historically framed the threat landscape in terms of a Venn diagram with two circles: actors willing to commit cybercrime, and actors with sufficient technical capability to execute it successfully. The overlap — those both willing and capable — was historically constrained by the difficulty of acquiring the technical skills required for successful attacks. Developing malware, identifying and exploiting vulnerabilities, establishing persistence, and exfiltrating data without triggering detection each required years of practice and accumulated knowledge.

AI tools have expanded the capability circle dramatically and rapidly. The barrier to developing functional malicious code has fallen from years of learning to hours of iterative prompting. The barrier to identifying vulnerable targets has fallen from expert knowledge of specific software architectures to describing the type of target to a model and asking what vulnerabilities typically affect it. The barrier to drafting convincing social engineering communications has been essentially eliminated — the same tools that make professional writing easier for legitimate users make phishing and extortion communications equally accessible.

The AI malware generation problem has a specific technical dimension that makes it particularly difficult to address through conventional defensive measures. Signature-based detection — the foundational technique of most endpoint security products — works by matching known malicious code patterns against a database of identified threats. AI-generated malware does not match the signatures of known malware because it is not derived from known malware; each instance is freshly generated with different code structure, variable names, and obfuscation techniques. Security products designed to detect human-authored malware through signature matching face a structurally different challenge against AI-generated variants.

2026 Incidents Through the AI Lens

The Mandiant data provides the framework for re-reading several high-profile 2026 incidents with more analytical precision. CVE-2026-0300, the Palo Alto PAN-OS zero-day disclosed earlier this week, was exploited within weeks of its first observed exploitation attempts — a timeline that is consistent with AI-assisted vulnerability analysis compressing the period between initial discovery and weaponised exploit. The ShinyHunters breach of Instructure Canvas, which the group claims affected 275 million people, involved automated processing of stolen data at a scale that manual sorting would render implausible; AI-assisted data organisation and analysis tools almost certainly played a role.

MuddyWater's use of off-the-shelf AI tools in its Microsoft Teams campaign — described explicitly as a cost-reduction and attribution-complication strategy by Check Point Research — demonstrates the state-actor adoption of commercially available AI for offensive purposes. The group did not need to develop novel AI capability; it used the same tools available to any enterprise customer and applied them to develop and maintain its operational toolkit at lower cost and faster iteration pace than internal development would allow.

Singapore and ASEAN: The Compressed Response Reality

Singapore's security operations teams at DBS, GovTech, and the major multinational headquarters operating from the city-state face the same compressed exploitation timelines as their counterparts globally, with some additional constraints. Singapore's regulatory environment — the MAS Technology Risk Management Guidelines and the Cybersecurity Act administered by CSA — imposes patching obligations that were designed for the 2020-era exploit timeline, not the 2026 inversion. The obligation to patch critical vulnerabilities within defined windows is sound policy; the windows themselves may need revisiting in light of the Mandiant data.

For ASEAN nations with smaller cybersecurity workforces and less mature security operations infrastructure — Indonesia, Vietnam, Cambodia — the AI-enabled attack landscape creates an asymmetric risk. The attacks are now easier to execute; the defences require skilled people to implement and operate. The gap between attack accessibility and defence capability is widening in markets where cybersecurity talent is scarce and security budgets are constrained.

The Chainguard approach described in the Mandiant report — rebuilding open-source software libraries from verified source code to eliminate entire vulnerability categories rather than patching individual CVEs — represents the most structurally sound response to the inverted exploit window. If the vulnerability category does not exist in your software supply chain, the 28.3 per cent of CVEs exploited within 24 hours of disclosure cannot affect your systems regardless of your patching timeline. Singapore's technology companies and government agencies that have the engineering maturity to pursue supply chain hardening at the Chainguard level should treat it as a priority investment, not a future aspiration. For those conducting security assessments, the [RECATOOLS Password Generator](/tools/password-generator) and [Hash Generator](/tools/hash-generator) remain essential tools for baseline credential hygiene in any hardening programme.

Sources

  • The Hacker News — 2026: Year of AI-Assisted Attacks (May 2026)
  • Mandiant M-Trends 2026 Report — Google Cloud Security
  • Check Point Research — AI in Offensive Cybersecurity Operations, 2026
  • CSA Singapore — Singapore Cyber Landscape 2025
  • MAS Technology Risk Management Guidelines, 2021
  • Chainguard — Software Supply Chain Hardening White Paper, 2026