Check Point Research: AI Crosses from Assistant to Operator in Autonomous Cyber Attacks

Check Point Software Technologies Ltd. (NASDAQ: CHKP), a pioneer and global leader in cyber security solutions, today published its Annual AI Security Report 2026 from Check Point Research, documenting a decisive shift over the past twelve months: artificial intelligence has moved from assisting attackers to operating attacks. Where AI once helped criminals prepare, it now runs live intrusions with minimal human direction, compressing the time defenders have to respond and opening new attack surfaces across the enterprise, as enterprise adoption of AI outpaces AI governance controls.
The report is grounded in real incidents, telemetry, and original case studies from the past year, and sets out what has changed for defenders as AI participates directly at every stage of the attack chain.
Key findings from the Annual AI Security Report 2026:
- AI is now operating attacks, not just enabling them. Researchers documented intrusions in which AI ran exploitation workflows autonomously, generating thousands of executed commands across dozens of sessions with minimal human direction between steps. In one breach of nine Mexican government agencies, a single operator ran two commercial AI tools together, Claude Code to break in and explore networks and GPT-4.1, generating 5,317 AI-executed commands across 34 attack sessions, to analyze stolen data and task follow-on activity, according to industry reports.
- Vulnerability window has collapsed from days to hours. AI can now turn a fresh vulnerability disclosure into a working exploit within hours, prompting government authorities to shorten mandated remediation timelines to as little as 12 hours for the most critical internet-facing systems.
- Detections of long, malicious prompt-injection payloads rose roughly fivefold between March and May 2026. The sharp increase in large malicious payloads is consistent with indirect prompt injection becoming a routine attack path and operational enterprise risk rather than a theoretical one, as AI itself becomes an attack surface.
- Identity can no longer be trusted as standalone security control. Voice, face, documents, and real-time video can now be convincingly synthesized, with highly trained reviewers only correctly detecting approximately 41% of AI-generated faces. This will force organisations to move beyond visual verification towards stronger identity assurance, MFA and out-of-band verification methods.
- High-risk enterprise AI prompts doubled over the year, from roughly one in every 50 interactions to one in every 25. The average organization now runs ten AI applications a month, many without formal approval, while between 87% and 93% experience at least one high-risk AI interaction, monthly.
- Most enterprise data exposure comes from ordinary, approved use, not from attacks, as employees share more context than they realize to get a useful answer.
Lotem Finkelstein, Vice President, Check Point Research, said: “A year ago we described AI as a force multiplier for attackers. What we documented this year is more significant: AI has crossed into the live attack chain and is now running operations as a sole operation, that once required a skilled team. The expertise barrier that separated capable attackers from the rest is disappearing, and defenders can no longer assume a human is setting the pace on the other side. The organizations that stay ahead will be the ones that govern how AI is used, secure the AI systems they now depend on, and defend at machine speed rather than human speed.”
What defenders can do
The report frames the response around three imperatives, mirroring Check Point’s approach to securing the age of AI:
- Security for AI: protect the AI systems you now depend on. AI agents and applications are targets as much as tools. Check Point governs how agents interact with prompts, tools, and data in real time, red teams AI applications before attackers can, and makes the full AI attack surface visible before an outsider maps it first.
- Security by AI: match the speed of AI-powered attacks. Intrusions now span dozens of targets at once, with AI handling the work between check-ins. Check Point ThreatCloud AI runs threat prevention at machine speed across networks, email, endpoints, mobile, and cloud, detecting and blocking without waiting for a human in the loop.
- Security with AI: govern how AI is used across the workforce. Much of the exposure in the report never came from an attack. Check Point Workforce AI Security discovers sanctioned and unsanctioned AI use and applies real-time data loss prevention to generative AI prompts, while Threat Exposure Management closes the external gap where credentials and data are already leaking.



