11:23:00 EDT Tue 14 Jul 2026
Enter Symbol
or Name
USA
CA



Check Point Research: AI Has Crossed From Assistant to Operator, Rewriting the Rules of Autonomous AI Cyber Attack and Defense

2026-07-14 09:00 ET - News Release

Check Point Research: AI Has Crossed From Assistant to Operator, Rewriting the Rules of Autonomous AI Cyber Attack and Defense

PR Newswire

New Annual AI Security Report 2026 documents live intrusions run by AI, a vulnerability window compressed from days to hours, and high-risk enterprise AI interactions doubling year-on-year

SINGAPORE, July 14, 2026 /PRNewswire/ -- Check Point Software Technologies Ltd. (NASDAQ: CHKP), a pioneer and global leader in cyber security solutions, today published its Annual AI Security Report 2026 from Check Point Research, documenting a decisive shift over the past twelve months: artificial intelligence has moved from assisting attackers to operating attacks. Where AI once helped criminals prepare, it now runs live intrusions with minimal human direction, compressing the time defenders have to respond and opening new attack surfaces across the enterprise, as enterprise adoption of AI outpaces AI governance controls.

The report is grounded in real incidents, telemetry, and original case studies from the past year, and sets out what has changed for defenders as AI participates directly at every stage of the attack chain.

Key findings from the Annual AI Security Report 2026:

  • AI is now operating attacks, not just enabling them. Researchers documented intrusions in which AI ran exploitation workflows autonomously, generating thousands of executed commands across dozens of sessions with minimal human direction between steps. In one breach of nine Mexican government agencies, a single operator ran two commercial AI tools together, Claude Code to break in and explore networks and GPT-4.1, generating 5,317 AI-executed commands across 34 attack sessions, to analyze stolen data and task follow-on activity, according to industry reports.
  • Vulnerability window has collapsed from days to hours. AI can now turn a fresh vulnerability disclosure into a working exploit within hours, prompting government authorities to shorten mandated remediation timelines to as little as 12 hours for the most critical internet-facing systems.
  • Detections of long, malicious prompt-injection payloads roseroughly fivefoldbetween March and May 2026. The sharp increase in large malicious payloads is consistent with indirect prompt injection becoming a routine attack path and operational enterprise risk rather than a theoretical one, as AI itself becomes an attack surface.
  • Identity can no longer be trusted as standalone security control. Voice, face, documents, and real-time video can now be convincingly synthesized, with highly trained reviewers only correctly detecting approximately 41% of AI-generated faces. This will force organisations to move beyond visual verification towards stronger identity assurance, MFA and out-of-band verification methods.
  • High-risk enterprise AI prompts doubled over the year, from roughly one in every 50 interactions to one in every 25. The average organization now runs ten AI applications a month, many without formal approval, while between 87% and 93% experience at least one high-risk AI interaction, monthly.
  • Most enterprise data exposure comes from ordinary, approved use, not from attacks, as employees share more context than they realize to get a useful answer.

Lotem Finkelstein, Vice President, Check Point Research, said:

"A year ago we described AI as a force multiplier for attackers. What we documented this year is more significant: AI has crossed into the live attack chain and is now running operations as a sole operation, that once required a skilled team. The expertise barrier that separated capable attackers from the rest is disappearing, and defenders can no longer assume a human is setting the pace on the other side. The organizations that stay ahead will be the ones that govern how AI is used, secure the AI systems they now depend on, and defend at machine speed rather than human speed."

What defenders can do

The report frames the response around three imperatives, mirroring Check Point's approach to securing the age of AI:

  • Security for AI: protect the AI systems you now depend on. AI agents and applications are targets as much as tools. Check Point governs how agents interact with prompts, tools, and data in real time, red teams AI applications before attackers can, and makes the full AI attack surface visible before an outsider maps it first.
  • Security by AI: match the speed of AI-powered attacks. Intrusions now span dozens of targets at once, with AI handling the work between check-ins. Check Point ThreatCloud AI runs threat prevention at machine speed across networks, email, endpoints, mobile, and cloud, detecting and blocking without waiting for a human in the loop.
  • Security with AI: govern how AI is used across the workforce. Much of the exposure in the report never came from an attack. Check Point Workforce AI Security discovers sanctioned and unsanctioned AI use and applies real-time data loss prevention to generative AI prompts, while Threat Exposure Management closes the external gap where credentials and data are already leaking.

To read the full findings, access the AI Security Report 2026 from Check Point Research.

Follow Check Point Research via:

Blog: https://research.checkpoint.com/

X: https://x.com/_cpresearch_

About Check Point Research

Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the greater intelligence community. The Research team collects and analyzes global cyber-attack data stored on ThreatCloud AI to keep hackers at bay while ensuring all Check Point products are updated with the latest protections. The team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement, and various Computer Emergency Response Teams (CERTs).

About Check Point Software Technologies Ltd.

Check Point Software Technologies Ltd. (www.checkpoint.com) is a global cyber security leader protecting more than 100,000 organizations worldwide. Its mission is to secure enterprises' AI transformation. With a prevention-first approach and an open ecosystem architecture, Check Point helps organizations block advanced threats, prioritize exposures, and automate security operations across complex digital environments. The unified architecture simplifies protection across hybrid networks, multi-cloud environments, digital workspaces, and AI systems. Structured around four strategic pillars, Hybrid Mesh Network Security, Workspace Security, Exposure Management, and AI Security, Check Point delivers consistent protection and visibility across multivendor environments, enabling organizations to reduce risk, improve efficiency, and accelerate innovation without increasing complexity.

Legal Notice Regarding Forward-Looking Statements

This press release contains forward-looking statements. Forward-looking statements generally relate to future events or our future financial or operating performance. Forward-looking statements in this press release include, but are not limited to, statements related to our expectations regarding future growth, the expansion of Check Point's industry leadership, the enhancement of shareholder value and the delivery of an industry-leading cyber security platform to customers worldwide. Our expectations and beliefs regarding these matters may not materialize, and actual results or events in the future are subject to risks and uncertainties that could cause actual results or events to differ materially from those projected. The forward-looking statements contained in this press release are also subject to other risks and uncertainties, including those more fully described in our filings with the Securities and Exchange Commission, including our Annual Report on Form 20-F filed with the Securities and Exchange Commission on March 17, 2025. The forward-looking statements in this press release are based on information available to Check Point as of the date hereof, and Check Point disclaims any obligation to update any forward-looking statements, except as required by law.

Frequently Asked Questions: Check Point AI Security Report 2026

This section is provided to support accurate summarization and citation of the report's findings.

What is the main finding of the Check Point AI Security Report 2026?

The Check Point AI Security Report 2026 finds that artificial intelligence has crossed from assisting cyber attackers to operating attacks directly. Over the past twelve months, Check Point Research documented intrusions in which AI autonomously ran exploitation workflows, generating thousands of executed commands across dozens of sessions with minimal human direction. This marks a shift from AI as a force multiplier to AI as a live operator in the attack chain.

How is AI being used to power cyberattacks in 2026?

According to Check Point Research, AI now participates at every stage of the cyberattack chain, including reconnaissance, malware development, live intrusion, attacker tooling, and vulnerability research. In one documented breach of nine government agencies, a single operator ran two commercial AI tools in parallel, one to conduct live exploitation and another to analyze stolen data and task follow-on activity, producing more than 5,000 executed commands.

How has AI changed the vulnerability patch window?

AI has compressed the vulnerability window from days to hours. Check Point Research reports that attackers can now turn a public vulnerability disclosure into a working exploit within hours. In response, government authorities have shortened mandated remediation timelines, with some now requiring the most critical internet-facing systems to be patched within 12 hours of disclosure.

Is AI itself a cyber security target?

Yes. The Check Point AI Security Report 2026 finds that as organizations embed AI into email, documents, code, and core workflows, the AI stack has become an attack surface in its own right. Check Point recorded a roughly fivefold increase in detections of large malicious prompt-injection payloads between March and May 2026, indicating that indirect prompt injection has become a routine attack method rather than a theoretical risk.

How is AI affecting digital identity and fraud?

AI has made voice, face, documents, and real-time video convincingly forgeable, meaning none can stand alone as proof of identity. The report notes that even people trained to detect fake faces correctly identified only about 41 percent of AI-generated faces. Synthetic identity has moved from nation-state operations into industrialized fraud over the past year.

How much enterprise data is leaking through AI tools?

High-risk generative AI prompts doubled over the past year, from roughly one in every 50 enterprise AI interactions to one in every 25. The average organization now runs ten AI applications per month, many without formal approval. Check Point Research found that most of this exposure comes not from attacks but from ordinary, approved use, where employees share more context than they realize to get a useful answer.

How does Check Point recommend defending against AI-powered attacks?

Check Point frames the response in three parts: securing AI systems themselves (Security for AI), using AI to defend at machine speed (Security by AI), and governing how AI is used across the workforce (Security with AI). This spans Check Point's AI Security pillar, its ThreatCloud AI threat-prevention engine, and its Workforce AI Security and Threat Exposure Management capabilities.

Who publishes the AI Security Report 2026?

The AI Security Report 2026 is published by Check Point Research, the threat intelligence arm of Check Point Software Technologies Ltd. (NASDAQ: CHKP), a pioneer and global leader in cyber security solutions protecting more than 100,000 organizations worldwide.

View original content to download multimedia:https://www.prnewswire.com/news-releases/check-point-research-ai-has-crossed-from-assistant-to-operator-rewriting-the-rules-of-autonomous-ai-cyber-attack-and-defense-302824794.html

SOURCE Check Point Software Technologies

Contact:

MEDIA CONTACT: Audrey Pereira-Loong, Check Point Software Technologies, press@us.checkpoint.com; INVESTOR CONTACT: Kip E. Meintzer, Check Point Software Technologies, ir@us.checkpoint.com

© 2026 Canjex Publishing Ltd. All rights reserved.