News Risk Management16 Jul 2026

AI crosses into live attack chain, runs operations with minimal human interaction, survey finds

| 16 Jul 2026

AI has moved from enabling attackers to operating attacks, running live intrusions with minimal human direction, compressing the time defenders have to respond and opening new attack surfaces across an enterprise, even as companies adopt technology at a pace that outstrips that of governance controls.

Check Point Software Technologies’ Annual AI Security Report 2026 from Check Point Research also found that in the face of this decisive shift, user identity can no longer be trusted as standalone security control.

Voice, face, documents and real-time video can now be convincingly synthesised, with highly trained reviewers only correctly detecting approximately 41% of AI-generated faces, the survey found.

At the same time, high-risk enterprise AI prompts doubled over the year, from roughly one in every 50 interactions to one in every 25. The survey found that the average organisation now runs ten AI applications a month, many without formal approval, while between 87% and 93% experience at least one high-risk AI interaction, monthly.

As a result, most enterprise data exposure comes from ordinary, approved use, not from attacks, as employees share more context than they realise to get a useful answer.

“A year ago, we described AI as a force multiplier for attackers. What we documented this year is more significant: AI has crossed into the live attack chain and is now running operations as a sole operation, that once required a skilled team,” said Check Point Research Vice President Lotem Finkelstein.

“The expertise barrier that separated capable attackers from the rest is disappearing, and defenders can no longer assume a human is setting the pace on the other side.”

Said Mr Finkelstein, “The organisations that stay ahead will be the ones that govern how AI is used, secure the AI systems they now depend on and defend at machine speed rather than human speed.”

Risk mitigation

The report framed a risk mitigation response around three imperatives:

  • Security for AI: Protect the AI systems depended on. AI agents and applications are targets as much as tools.
  • Security by AI: Match the speed of AI-powered attacks. Intrusions now span dozens of targets at once, with AI handling the work between check-ins.
  • Security with AI: Govern how AI is used across the workforce. Much of the exposure the survey noted never came from an attack.

The full report can be accessed here.

| Print

CAPTCHA image
Enter the code shown above in the box below.

Note that your comment may be edited or removed in the future, and that your comment may appear alongside the original article on websites other than this one.

 

Recent Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.


Other News




Follow Asia Insurance Review