Skip to main content
THREAT INTELLIGENCE

AI Package Threat Patterns

Analysis of 56,960 scans reveals specific malicious patterns in AI agent packages

61% use dangerous execution methods

7,657 packages represent the highest threat volume we're tracking

eval() calls
3,369
exec() usage
2,986
Shell commands
1,301

Malicious Pattern Analysis

Credential Theft

26%

3,288 packages attempt to access credentials

SSH Keys1,234
AWS Credentials987
Browser Data1,141

Code Obfuscation

51%

6,368 packages use code obfuscation

Base64 Encoding2,981
Hex Strings1,876
Minified Payloads547

Data Exfiltration

36%

4,538 packages contain data exfiltration

HTTP Requests2,103
DNS Tunneling987
Webhook Calls539

Dynamic Execution

61%

7,657 packages use dangerous execution methods

eval() calls3,421
exec() usage2,987
Shell commands1,302

AI Attacks

10%

1,239 packages contain AI-specific attacks

Prompt Injections1,987
Jailbreak Attempts892
Tool Abuse665

Rising Threats

27.7%

Overall threat detection rate across all scans

This Week+12.3%
New Patterns47
Zero-Days8

Get Threat Intelligence Updates

Join 2,500+ security teams getting weekly threat intelligence reports

Weekly security intelligence delivered every Tuesday. Unsubscribe anytime.

Share This Intelligence

Key stats to share:

Packages Scanned: 56,960
Threats Found: 15,756
Install Hooks: 7,635
Credential Theft: 3,288

Protect Your AI Agents Now

Don't let malicious packages compromise your AI systems. Start scanning with Sigil's free CLI today.

Start Free Trial →Install CLI

SIGIL by NOMARK

A protective mark for every line of code.