AI Has Crossed From Assistant to Operator, Rewriting the Rules of Autonomous AI Cyber Attack and Defense: Check Point
Check Point
Software Technologies Ltd., a pioneer and global leader in cyber
security solutions, today published its Annual AI Security Report 2026 from
Check Point Research, documenting a decisive shift over the past twelve months:
artificial intelligence has moved from assisting attackers to operating
attacks. Where AI once helped criminals prepare, it now runs live intrusions
with minimal human direction, compressing the time defenders have to respond
and opening new attack surfaces across the enterprise, as enterprise adoption
of AI outpaces AI governance controls.
The report is grounded in real
incidents, telemetry, and original case studies from the past year, and sets
out what has changed for defenders as AI participates directly at every stage
of the attack chain.
Key findings from the Annual
AI Security Report 2026:
• AI is now operating attacks,
not just enabling them. Researchers documented
intrusions in which AI ran exploitation workflows autonomously, generating
thousands of executed commands across dozens of sessions with minimal human
direction between steps. In one breach of nine Mexican government agencies, a single operator ran two commercial AI
tools together, Claude Code to break in and explore networks and
GPT-4.1, generating 5,317 AI-executed commands across 34 attack sessions to
analyze stolen data and task follow-on activity, according to industry
reports.
• Vulnerability window has
collapsed from days to hours. AI can now turn a fresh
vulnerability disclosure into a working exploit within hours, prompting
government authorities to shorten mandated remediation timelines to as little
as 12 hours for the most critical internet-facing systems.
• Detections of long, malicious
prompt-injection payloads rose roughly fivefold between March and May
2026. The sharp increase in large malicious payloads is consistent with
indirect prompt injection becoming a routine attack path and operational
enterprise risk rather than a theoretical one, as AI itself becomes an attack
surface.
• Identity can no longer be
trusted as a standalone security control. Voice, face,
documents, and real-time video can now be convincingly synthesized, with highly
trained reviewers only correctly detecting approximately 41% of AI-generated
faces. This will force organisations to move beyond visual verification towards
stronger identity assurance, MFA and out-of-band verification
methods.
• High-risk enterprise AI
prompts doubled over the year, from roughly one in every 50
interactions to one in every 25. The average organization now runs ten AI
applications a month, many without formal approval, while between 87% and 93%
experience at least one high-risk AI interaction, monthly.
• Most enterprise data exposure
comes from ordinary, approved use, not from
attacks, as employees share more context than they realize to get a useful
answer.
Lotem Finkelstein, Vice
President, Check Point Research, said: “A
year ago, we described AI as a force multiplier for attackers. What we
documented this year is more significant: AI has crossed into the live attack
chain and is now running operations as a sole operation, that once required a
skilled team. The expertise barrier that separated capable attackers from the
rest is disappearing, and defenders can no longer assume a human is setting the
pace on the other side. The organizations that stay ahead will be the ones that
govern how AI is used, secure the AI systems they now depend on, and defend at
machine speed rather than human speed.”
What defenders can do:
The report frames the response
around three imperatives, mirroring Check Point’s approach to securing the age
of AI:
• Security for AI: protect the
AI systems you now depend on. AI agents and applications are
targets as much as tools. Check Point governs how agents interact with prompts,
tools, and data in real time, red teams AI applications before attackers can,
and makes the full AI attack surface visible before an outsider maps it first.
• Security by AI: match the
speed of AI-powered attacks. Intrusions now span dozens of
targets at once, with AI handling the work between check-ins. Check Point
ThreatCloud AI runs threat prevention at machine speed across networks, email, endpoints,
mobile, and cloud, detecting and blocking without waiting for a human in the
loop.
• Security with AI: govern how
AI is used across the workforce. Much of the
exposure in the report never came from an attack. Check Point Workforce AI
Security discovers sanctioned and unsanctioned AI use and applies real-time
data loss prevention to generative AI prompts, while Threat Exposure Management
closes the external gap where credentials and data are already leaking.

























Leave A Comment