The Floor Doesn't Exist · Konstantin TkachukSkip to content<br>ContentsAI did not invent any new attacks or any new economic vulnerabilities. It did one thing: it dropped the cost and knowledge requirements for attackers by orders of magnitude, and made the execution possible by anyone with a subscription and malicious intent. Just in 2025, the news covered AI attacks that hit the Mexican government [1], seventeen healthcare and emergency services organizations [2], and eighty-five ransomware victims of one amateur in Algeria [2]. It is also happening in crypto today. And crypto is the only place we will be able to count it.<br>AI evens the playing field<br>Most coverage of AI in security right now picks one of two frames.<br>Utopian - better audits, fewer bugs, safer code.<br>Apocalyptic - autonomous superhackers finding novel zero-days that nobody has ever seen.<br>Both frames miss what is actually happening. Frontier models in 2026 are producing the same kinds of findings as the static analyzers we have had for a decade. They just produce more of them, faster, at a lower marginal human cost. Daniel Stenberg, the curl maintainer who recently put one of the most hyped frontier models on his own codebase, said: &ldquo;the AI tools find the usual and established kind of errors we already know about. It just finds new instances of them&rdquo; [3].<br>The attack catalogue itself is the same one we have been losing money to since 2021 and before mass AI adoption. Oracle manipulation. Governance capture. Flash-loan-driven economic exploitation. Social engineering. Credential harvesting. Classic web vulnerabilities. AI did not add a single line item. What it reduced is the labor needed to operate any of them. An elite Solidity auditor could costs about $25,000 per engineer-week [4]. Call it $500 an hour, per their own procurement benchmarks. The same surface coverage on a frontier model runs about $1.22 per contract on average in API tokens, per Anthropic&rsquo;s own published figures, and the per-exploit token cost is falling roughly 22% every model generation, or about every two months [5]. The skill required to spot a flash-loan governance attack has not gone down. The cost to run one has.<br>AI did not break the floor. The floor was never knowledge. The floor was always a price tag on attacker labor, and now the price is a subscription. AI did not democratize hacking. It just billed it monthly.<br>Random people, real hacks, this year<br>The clearest evidence the floor is now a subscription is in the confirmed cases from the last twelve months. Three of them stand out.<br>The Mexican government, December 2025 to January 2026. A solo operator (no nation-state backing, no custom malware, no observable ties to foreign intelligence per Gambit Security) jailbroke Claude Code into a &ldquo;bug-bounty researcher&rdquo; persona and ran more than 1,000 prompts against it [1], [6]. When Claude refused on safety grounds, ChatGPT was used as a backup. The result: 20 vulnerabilities exploited across the federal tax authority (SAT), the National Electoral Institute, and state governments in Jalisco, Michoacán, and Tamaulipas. 150 gigabytes of data exfiltrated. 195 million taxpayer records. Voter rolls. Government employee credentials. The largest known single-operator data breach in Mexican history was executed with two commercial AI subscriptions and persistence.<br>The &ldquo;vibe hacking&rdquo; case, August 2025. Anthropic&rsquo;s own threat intelligence team disclosed that a single cybercriminal used Claude Code as the operational core of an end-to-end extortion campaign against 17 organizations across healthcare, emergency services, government, and religious institutions [2]. Claude made tactical and strategic decisions. Which credentials to harvest. Which lateral movements to attempt. Which data to exfiltrate. How to phrase the psychologically tailored ransom note. The autonomy ratio is the part most coverage missed. This was not Claude as autocomplete. This was Claude as field operator.<br>The Algerian amateur, in the same Anthropic report [2]. Someone with no track record of writing working malware used Claude to develop, troubleshoot, package, and sell it. The packages sold on dark-web forums for $400 to $1,200. Eighty-five victims in his first month. The Anthropic write-up is explicit: &ldquo;without Claude&rsquo;s assistance, they could not implement or troubleshoot core malware components.&rdquo;<br>None of these three operators are hackers by any traditional definition. None of them invented anything. They all subscribed to Claude. The catalogue stayed the same. The barrier to entry collapsed.<br>Crypto as the perfect case study of AI hacking impact<br>Crypto enters the story now, but not because it is more vulnerable than government data systems or healthcare networks. The Mexican government case is the larger single-operator incident of the year by record count. Crypto matters because it is more measurable.<br>Public ledger. Deterministic execution....