Hackers Are Using Claude to Find Bugs Faster Than You Can Patch Them

In March 2026, an autonomous bot powered by Claude scanned 47,391 GitHub repositories. It didn't just look at them. It compromised several major projects, including Aqua Security's Trivy vulnerability scanner.

Let that sink in for a second. A security tool got hacked by an AI bot.

I've been building and maintaining websites for over six years. I've dealt with plugin conflicts, broken updates, the occasional brute force attack on a client's WordPress login. Standard stuff. But what's happening right now in the security space is something fundamentally different. The tools I use to build software are the same tools being used to break it. And the attackers are moving faster than any of us can keep up.

The Day a Chatbot Hacked 17 Companies

In August 2025, Anthropic (the company behind Claude) published something that made my stomach turn. They'd caught a single hacker using their AI to run what NBC News called an "unprecedented" cybercrime operation.

One person. One AI. Seventeen companies compromised.

Here's what the hacker did with Claude: identified vulnerable companies, wrote custom malware for each target, stole Social Security numbers, bank account details, and defense contractor files. Then the AI analyzed each company's financials to calculate exactly how much ransom they could afford. It even drafted the extortion emails.

Ransom demands ranged from $75,000 to $500,000 per company.

The part that keeps me up at night isn't that it happened. It's how efficient it was. What used to require a team of skilled hackers working for months, one person did with an AI chatbot. The economics of cybercrime just changed completely.

AI Finds Bugs in Hours. You Patch in Weeks.

Here's where the math gets scary.

In 2018, the average time between a vulnerability being disclosed and someone exploiting it was 63 days. That gave you two months to patch. Plenty of time. You could schedule it, test it, roll it out on a Tuesday when nothing important was happening.

In 2026, according to Google's M-Trends report, that number has gone negative. Meaning exploits now exist before the vulnerability is even publicly disclosed. 28.3% of CVEs are exploited within 24 hours of disclosure.

And how long does it take the average organization to patch a critical vulnerability? 74 days, according to Edgescan's 2025 report.

Read those numbers again. Exploited within hours. Patched in two and a half months. That's not a gap. That's a canyon.

Anthropic's own Claude Mythos project found a 27-year-old bug in OpenBSD for under $20,000 in compute costs. It also uncovered a 16-year-old flaw in FFmpeg and a 17-year-old remote code execution vulnerability in FreeBSD. Bugs that thousands of human security researchers had missed for decades, found by an AI in hours.

Fair question: if AI can find decades-old bugs that fast, what chance does your freshly deployed web app have?

Your Dependencies Are the Attack Surface

Here's the thing nobody wants to talk about. Your website isn't really "your" code. It's a tower of dependencies, and each one is a potential entry point.

In September 2025, security researchers discovered Shai-Hulud, the first self-replicating npm malware. It infected over 500 packages with a combined 2.6 billion weekly downloads. Self-replicating. Like a worm, spreading from package to package through the dependency tree.

Then in March 2026, the Axios npm package got compromised. Axios. The HTTP library that basically every JavaScript application uses. 100 million weekly downloads affected. Attackers used stolen npm credentials to publish malicious versions containing a phantom dependency.

And those aren't isolated incidents. Sonatype's research found 454,600+ new malicious packages published in 2025 alone. The cumulative total is now over 1.2 million. Over 99% of all open source malware lives on npm.

There was even a campaign called "IndonesianFoods" that published 100,000 malicious packages, one new package every seven seconds. At that scale, it's not an attack. It's a factory.

If you're running a modern JavaScript project with hundreds of dependencies, every single npm install is a trust decision. And right now, that trust is being exploited at industrial scale.

Even Your AI Coding Tools Can Be Weaponized

Here's where it gets personal for developers like me.

Claude Code, the AI coding tool I use daily, had two critical vulnerabilities discovered in early 2026. CVE-2025-59536 allowed remote code execution through project config files. CVE-2026-21852 enabled API key exfiltration. A malicious repository could execute arbitrary commands the moment a developer ran Claude Code on it.

Think about that. You clone a repo, fire up your AI coding assistant to help you understand the code, and your machine is already compromised.

Trend Micro documented an active campaign in April 2026 specifically targeting developers with "Claude Code lures": fake repositories designed to look like legitimate projects that exploit these tools. And it's not just Claude. VentureBeat reported that Claude Code, GitHub Copilot, and OpenAI's Codex were all successfully exploited through credential theft attacks.

The very tools we use to write code faster are becoming attack vectors. The irony isn't lost on me. I wrote about the security risks of AI-generated code before, but even I didn't expect the attack surface to grow this fast.

What This Actually Costs You

Let's talk money, because that's what makes business owners pay attention.

The global average cost of a data breach in 2026 is $4.44 million. In the US, it's $10.22 million, a record, up 9% from last year.

"But I'm a small business. Nobody's going to target me."

43% of cyberattacks target small businesses. The average cost of a phishing breach for an SMB is $200,000. Recovery alone runs $15,000 to $50,000.

You're not too small to be a target. You're the perfect size. Small enough to have weak security. Big enough to have data worth stealing. And now AI makes it trivially cheap to scan thousands of small business websites for vulnerabilities simultaneously.

That's the real shift. It used to take effort to target a small business. A human hacker had to decide you were worth their time. AI doesn't make that calculation. It just scans everything.

What You Can Actually Do (Without a Security Team)

I'm not going to pretend I have all the answers here. I don't run a security firm. I run a web development agency. But after maintaining dozens of client sites through this mess, here's what I've actually changed in my workflow.

Lock down your dependencies. Use lockfiles (package-lock.json, yarn.lock). Pin your versions. Run npm audit in your CI pipeline, not just when you remember. Review what you're actually installing before you install it.

Enable auto-updates aggressively. I used to be cautious about auto-updates. "What if something breaks?" Well, what if something gets exploited because you waited three weeks to update? The calculus has changed. For WordPress sites, I now auto-update everything and use security plugins that monitor for issues.

Audit your dependencies quarterly. Not just npm audit. Actually look at what you're depending on. How many maintainers does the package have? When was it last updated? Is it a one-person project that could get abandoned or compromised?

Enable 2FA on everything. Your npm account. Your GitHub. Your hosting provider. Your CMS. Everything. The Axios compromise started with stolen npm credentials. 2FA would have stopped it.

Use a WAF. Cloudflare's free tier. It won't stop everything, but it stops the low-hanging fruit that automated scanners are picking up.

Don't trust AI-generated code blindly. This is the hardest one for me because I love using AI to code. But every piece of AI-generated code needs the same review you'd give a junior developer's pull request. Maybe more.

The Arms Race Isn't Slowing Down

Anthropic launched Claude Mythos and Claude Code Security to fight fire with fire. AI tools that hunt vulnerabilities before attackers find them. IBM's X-Force reported a 44% increase in attacks exploiting public-facing applications in 2026.

I don't have a neat conclusion for this one. The tools that help me build websites for clients are the same tools being weaponized against those websites. The same AI that helps me write better code helps attackers find flaws in it faster than I can fix them.

What I do know is that "we'll update it next month" isn't a security strategy anymore. It probably never was, but the margin for error used to be wider. That margin is gone.

If you're a business owner reading this, the question isn't whether AI-powered attacks will affect you. It's whether you'll be ready when they do. And if you're not sure where to start, let's talk. I'd rather help you prevent this stuff than clean it up after.