AI-driven threats push global cyber attacks to record levels, Check Point’s 2026 security report

Organisations face nearly 2,000 cyber attacks per week as attackers combine automation, AI, and social engineering across multiple channels.

Check Point Software Technologies Ltd., a pioneer and global leader in cyber security solutions, has released its Cyber Security Report 2026. It is the company’s 14th annual analysis of global cyber attack trends.

RELATED: Global cyberattacks surge to driven by ransomware and GenAI risks

The report reveals that organisations experienced an average of 1,968 cyber attacks per week in 2025. This represents a 70% increase since 2023.  Attackers increasingly leverage automation and AI to move faster, scale more easily, and operate across multiple attack surfaces simultaneously.

AI is driving one of the fastest security shifts the industry has experienced. It is forcing organisations to reassess long-standing assumptions about how attacks originate, spread, and are stopped. Capabilities once limited to highly resourced threat actors are now widely accessible. All of these enabling more personalised, coordinated, and scalable attacks against organisations of all sizes.

“AI is changing the mechanics of cyber attacks, not just their volume,” said Lotem Finkelstein, VP of Research at Check Point Software.

“We are seeing attackers move from purely manual operations to increasingly higher levels of automation, with early signs of autonomous techniques emerging. Defending against this shift requires revalidating security foundations for the AI era and stopping threats before they can propagate.”

ADVERTISEMENT

Key Findings from the Cyber Security Report 2026

The report highlights a clear shift toward integrated, multi-channel attack campaigns that combine human deception with machine-speed automation:

• AI-Driven Attacks Become More Autonomous: AI is increasingly embedded across attack workflows, accelerating reconnaissance, social engineering, and operational decision-making. During a three-month period, 89% of organisations encountered risky AI prompts. Approximately one in every 41 prompts was classified as high risk, exposing new risks as AI becomes embedded in everyday business workflows.

• Ransomware Operations Continue to Fragment and Scale: The ransomware ecosystem has decentralised into smaller, specialized groups. It is now contributing to a 53 % year-over-year increase in extorted victims and a 50% rise in new ransomware-as-a-service groups. AI is now being used to accelerate targeting, negotiation, and operational efficiency.

• Social Engineering Expands Beyond Email: Attackers are increasingly coordinating campaigns across email, web, phone, and collaboration platforms. ClickFix techniques surged by 500%, using fraudulent technical prompts to manipulate users. Phone-based impersonation evolved into more structured enterprise intrusion attempts. As AI becomes embedded in browsers, SaaS platforms, and collaboration tools, the digital workspace is emerging as a critical trust layer for attackers to exploit.

• Edge and Infrastructure Weaknesses Increase Exposure: Unmonitored edge devices, VPN appliances, and IoT systems are increasingly used as operational relay points to blend into legitimate network traffic.

• New Risks Emerge in AI Infrastructure: An analysis conducted by Lakera, a Check Point company, identified security weaknesses in 40% of 10,000 Model Context Protocol (MCP) servers reviewed. This highlights growing exposure as AI systems, models, and agents become embedded in enterprise environments.

Recommendations for Security Leaders

The Cyber Security Report 2026 shows that defending against AI-driven threats requires rethinking how security is designed and enforced. And not simply reacting faster. Based on the trends observed, Check Point makes these recommendations.

• Revalidate Security Foundations for the AI Era: AI-driven attacks exploit speed, automation, and trust across environments not built for machine-paced threats. Organizations should reassess controls across networks, endpoints, cloud, email, and SASE to stop autonomous, coordinated attacks early.

• Enable AI Adoption Securely: As AI becomes embedded in daily workflows, blocking its use can increase risk. Security teams should apply governance and visibility to sanctioned and unsanctioned AI usage to reduce exposure from high-risk prompts, data leakage, and misuse.

• Protect the Digital Workspace: Social engineering now spans email, browsers, collaboration tools, SaaS applications, and voice channels. Security strategies must protect the workspace where human trust and AI-driven automation intersect.

• Harden Edge and Infrastructure: Unmonitored edge devices, VPN appliances, and IoT systems are increasingly exploited as stealthy entry points. Actively inventorying and securing these assets helps reduce hidden exposure and attacker persistence.

• Adopt a Prevention-First Approach: With attacks operating at machine speed, prevention-led security is essential to stop threats before lateral movement; data loss, or extortion can occur.

• Unify Visibility Across Hybrid Environments: Consistent visibility and enforcement across on-premises, cloud, and edge environments reduce blind spots, lower complexity, and strengthen resilience.

Availability

The full Cyber Security Report 2026 is available for download here.