Skip to main content
THREAT INTELLIGENCE

AI Package Threat Patterns

Analysis of 56,210 scans reveals specific malicious patterns in AI agent packages

61% use dangerous execution methods

7,495 packages represent the highest threat volume we're tracking

eval() calls
3,297
exec() usage
2,923
Shell commands
1,274

Malicious Pattern Analysis

Credential Theft

26%

3,219 packages attempt to access credentials

SSH Keys1,234
AWS Credentials987
Browser Data1,141

Code Obfuscation

51%

6,236 packages use code obfuscation

Base64 Encoding2,981
Hex Strings1,876
Minified Payloads547

Data Exfiltration

36%

4,440 packages contain data exfiltration

HTTP Requests2,103
DNS Tunneling987
Webhook Calls539

Dynamic Execution

61%

7,495 packages use dangerous execution methods

eval() calls3,421
exec() usage2,987
Shell commands1,302

AI Attacks

10%

1,212 packages contain AI-specific attacks

Prompt Injections1,987
Jailbreak Attempts892
Tool Abuse665

Rising Threats

27.6%

Overall threat detection rate across all scans

This Week+12.3%
New Patterns47
Zero-Days8

Get Threat Intelligence Updates

Join 2,500+ security teams getting weekly threat intelligence reports

Weekly security intelligence delivered every Tuesday. Unsubscribe anytime.

Share This Intelligence

Key stats to share:

Packages Scanned: 56,210
Threats Found: 15,531
Install Hooks: 7,491
Credential Theft: 3,219

Protect Your AI Agents Now

Don't let malicious packages compromise your AI systems. Start scanning with Sigil's free CLI today.

Start Free Trial →Install CLI

SIGIL by NOMARK

A protective mark for every line of code.