AI-driven cyber attacks surge in Check Point 2026 report

Check Point Software has published its 2026 Cyber Security Report, reporting record levels of cyber attacks in 2025 and describing a shift towards campaigns that blend automation, AI and social engineering across multiple channels.

The company said organisations worldwide experienced an average of 1,968 cyber attacks per week in 2025. That represented a 70% increase since 2023, according to the report. Check Point said attackers now use automation and AI more widely. It said this trend increased the speed and scale of activity and widened the number of attack surfaces used in a single campaign.

Check Point said Singapore remained a key target. It reported an average of 2,272 weekly cyber attacks against organisations in Singapore during 2025. That figure was 17% higher than the 2024 level cited in the report.

Sector data in the report pointed to consumer goods and services as the most targeted category in Singapore. Check Point said this sector averaged 3,353 attacks per week. Financial services followed with 1,632 attacks per week, with business services at 1,588 per week.

AI shift

Check Point said AI changed attack methods as well as attack volumes. It said AI tools lowered barriers for threat actors and broadened access to techniques that had previously been associated with well-resourced groups. The report described more personalised attacks and more coordinated operations across different communication channels.

"AI is changing the mechanics of cyber attacks, not just their volume," said Lotem Finkelstein, VP of Research, Check Point Software. "We are seeing attackers move from purely manual operations to increasingly higher levels of automation, with early signs of autonomous techniques emerging. Defending against this shift requires revalidating security foundations for the AI era and stopping threats before they can propagate."

The report described a move towards integrated campaigns that combine human deception and machine-driven automation. It said these operations increasingly span email, web activity, phone calls and collaboration platforms.

Risky prompts

Among the findings, Check Point reported what it described as risky AI prompts appearing in everyday business workflows. It said that during a three-month period, 89% of organisations encountered risky AI prompts. It said around one in 41 prompts fell into a high-risk category.

Check Point said this reflected a new risk area as organisations embed AI tools in workflows. The report linked these prompts to potential exposure of sensitive information and misuse scenarios. It also said attackers used AI for reconnaissance and social engineering, and for decision-making during operations.

Ransomware changes

Check Point said the ransomware landscape continued to fragment. It described a more decentralised ecosystem, with smaller groups that specialised in parts of the extortion chain. The report said this shift coincided with a 53% year-on-year increase in extorted victims and a 50% rise in new ransomware-as-a-service groups.

The company said AI played a role in ransomware operations. It linked AI to faster targeting and to changes in negotiation tactics. The report also said attackers used AI to improve operational efficiency.

Social engineering

Check Point said social engineering expanded beyond email. It pointed to the growth of "ClickFix" techniques. The report said this activity surged by 500% and relied on fraudulent technical prompts that manipulated users.

The report also described phone-based impersonation evolving into more structured enterprise intrusion attempts. Check Point said attackers coordinated activity across several channels and platforms. It said the spread of AI into browsers, SaaS platforms and collaboration tools increased the value of the digital workspace as a target.

Infrastructure exposure

Check Point said weaknesses in edge and infrastructure devices increased exposure. The report said attackers used unmonitored edge devices, VPN appliances and IoT systems as relay points. It said this approach allowed malicious activity to blend into legitimate network traffic.

The report also flagged risks in AI infrastructure. Check Point said an analysis conducted by Lakera, a Check Point company, reviewed 10,000 Model Context Protocol servers. It said the analysis identified security weaknesses in 40% of the servers reviewed.

Security actions

Check Point set out recommendations for security leaders. It said organisations should reassess controls across networks, endpoints, cloud and email environments. It also highlighted secure access service edge as an area for review.

The company said organisations should apply governance and visibility to both sanctioned and unsanctioned AI usage. It said blocking AI use could increase risk. It also called for stronger protection for the digital workspace, with controls across collaboration tools, browsers, SaaS applications and voice channels.

Check Point also recommended inventorying and securing edge devices, VPN appliances and IoT systems. It said organisations should unify visibility across on-premises, cloud and edge environments. It positioned prevention-led security as a requirement for dealing with machine-speed attacks.

Check Point said it will host a livestream on the report's findings and recommendations.