Key Takeaways

  • LLMs have been documented generating functional exploit code, phishing campaigns, and malware variants in red team exercises
  • Malicious package volume in public software repositories grew from 55,000 in 2022 to 454,600 in 2025 — correlating with AI coding tool availability
  • Air Street Press State of AI May 2026 confirms frontier AI has "crossed into offensive cyber operations"
  • Three teenagers with no coding background used ChatGPT to attack Rakuten Mobile 220,000 times
  • Defenders are patching at human speed; attackers are exploiting at machine speed — a fundamentally asymmetric race

The Facts

For decades, writing effective malware required deep technical skills: assembly language knowledge, operating system internals expertise, reverse engineering capability, and months of development time. The availability of frontier LLMs has compressed that barrier dramatically. Today, a motivated attacker with no prior coding experience and a clear description of their objective can generate functional attack code in minutes.

The Air Street Press State of AI May 2026 report includes language that the cybersecurity community has been anticipating and dreading simultaneously: "Frontier AI has crossed the Rubicon into offensive cyber operations." The report documents evidence of nation-state and sophisticated criminal actors using AI assistance in attack campaigns, marking the transition from theoretical risk to documented operational reality.

The democratisation is documented at the extreme end of the capability spectrum. In a widely reported incident, three teenagers aged 14, 15, and 16 — none with prior coding experience — used ChatGPT to build attack tooling that was deployed against Rakuten Mobile's systems approximately 220,000 times. The case illustrates both the lowered barrier and the scale at which AI-assisted attacks can operate.

The software supply chain data tells the same story from the defender's perspective. Malicious packages in public repositories grew from 55,000 in 2022 to 454,600 in 2025. The notable acceleration points — 2023 (GPT-4 public release) and 2025 (agentic coding tools mainstream) — correlate precisely with the availability of AI coding tools to low-sophistication actors.

Technical Deep-Dive

LLM-assisted malware development operates across several capability tiers. At the lowest sophistication, attackers use general-purpose chatbots to generate phishing email templates, social engineering scripts, and basic automation code. This tier requires no technical background and produces results that human-written equivalents could match — but at dramatically lower cost and with language quality that defeats simple text-based detection.

At medium sophistication, attackers use coding-focused AI assistants to generate proof-of-concept exploit code from CVE descriptions. Given a vulnerability description and the affected software's API structure, a current frontier model can generate plausible exploit code that requires testing and refinement but provides a substantial head start over manual development.

At the highest documented sophistication, nation-state actors are using AI for systematic vulnerability discovery — as evidenced by Anthropic's Project Glasswing, which demonstrated that AI can find zero-day vulnerabilities (including a 27-year-old OpenBSD bug) that human researchers missed.

The 28.3% of CVEs now exploited within 24 hours of public disclosure (Mandiant M-Trends 2026) reflects this AI-accelerated exploitation pipeline in operation at scale.

The ASEAN Perspective

ASEAN organisations are on the receiving end of this capability shift without the equivalent AI-powered defensive tools. Most enterprise security operations centres in Malaysia, Indonesia, Thailand, and the Philippines rely on signature-based detection, manual incident analysis, and periodic vulnerability scanning — defences built for human-speed attacks.

AI-powered defensive tools — AI-driven EDR, AI-assisted SOC automation, AI-accelerated threat hunting — are commercially available but require security engineering expertise to deploy and tune effectively. The talent constraint means that ASEAN enterprises are exposed to AI-speed attacks while their defences remain largely human-speed.

RECATOOLS Verdict

The LLM-assisted attack reality is not a future concern — it is the current operating environment. The response requires investment in AI-powered defensive tools to match AI-powered offensive capabilities, and realistic acknowledgement that the human-speed patch-and-respond cycle is no longer sufficient as a primary defence.

Sources

  • Air Street Press State of AI May 2026
  • Mandiant M-Trends 2026 Report
  • Sonatype State of the Software Supply Chain 2025

FAQ

Can AI really write malware? Yes — LLMs can generate functional exploit code, phishing templates, and malware variants. The skill barrier for basic attack tooling has been dramatically reduced.

What is the supply chain connection? Malicious packages in public repositories grew from 55,000 in 2022 to 454,600 in 2025, with acceleration correlating precisely with AI coding tool availability.

What happened with the three teenagers and Rakuten? Three teenagers aged 14-16 with no prior coding experience used ChatGPT to build attack tooling that hit Rakuten Mobile systems approximately 220,000 times.

How fast are CVEs being exploited? 28.3% of newly disclosed CVEs are exploited within 24 hours of public disclosure, according to Mandiant M-Trends 2026 — a timeline only achievable with AI assistance.

What defensive AI tools are available? AI-driven EDR (Endpoint Detection and Response), AI-assisted SIEM analysis, AI-powered vulnerability scanning, and AI-augmented threat hunting platforms are commercially available from major security vendors.