Check Point Software has released its Cyber Security Report 2026, warning that global cyber attacks have reached record levels as artificial intelligence accelerates the speed, scale and sophistication of the threat landscape.
According to the report, organisations experienced an average of 1,968 cyber attacks per week in 2025, representing a 70 per cent increase since 2023. Check Point said attackers are increasingly combining automation, AI and social engineering to operate simultaneously across multiple attack surfaces, overwhelming traditional, reactive security models.
The report describes AI as driving one of the fastest shifts the cyber security industry has faced, lowering the barrier to entry for advanced attacks and enabling techniques once limited to highly resourced threat actors. As a result, organisations of all sizes are facing more personalised, coordinated and scalable campaigns.
Lotem Finkelstein (pictured), vice president of research at Check Point Software, said AI is fundamentally changing how attacks are executed. He said attackers are moving away from purely manual operations toward high levels of automation, with early signs of autonomous techniques emerging, forcing defenders to rethink long-standing security assumptions.
The report highlights a clear shift toward integrated, multi-channel attack campaigns. AI is now embedded across the attack lifecycle, accelerating reconnaissance, social engineering and operational decision-making. Over a three-month period, 89 per cent of organisations encountered risky AI prompts, with one in every 41 classified as high risk, exposing new attack vectors as AI becomes embedded in everyday business workflows.
Ransomware activity continues to expand, with the ecosystem fragmenting into smaller, specialised groups. Check Point recorded a 53 per cent year-on-year increase in extorted victims and a 50 per cent rise in new ransomware-as-a-service groups, with AI increasingly used to streamline targeting, negotiation and execution.
Social engineering has also evolved beyond email, with coordinated campaigns now spanning web, phone and collaboration platforms. ClickFix techniques increased by 500 per cent, using fake technical prompts to manipulate users, while phone-based impersonation matured into more structured enterprise intrusion attempts. As AI becomes embedded in browsers, SaaS platforms and collaboration tools, the digital workspace is emerging as a key trust layer for attackers to exploit.
The report also points to growing exposure at the edge, with unmonitored VPN appliances, IoT systems and other edge devices increasingly used as relay points to blend malicious activity into legitimate network traffic. New risks are also emerging in AI infrastructure itself. An analysis conducted by Lakera, a Check Point company, found security weaknesses in 40 per cent of 10,000 Model Context Protocol servers reviewed, highlighting risks as AI models and agents are integrated into enterprise environments.
Check Point said defending against AI-driven threats requires a shift in security strategy rather than simply reacting faster. The company recommends that organisations revalidate security foundations for the AI era, enable AI adoption securely through governance and visibility, protect the digital workspace across all collaboration and communication channels, harden edge and infrastructure assets, and adopt a prevention-first approach capable of stopping threats before lateral movement, data loss or extortion occurs.
The report also stresses the importance of unified visibility across hybrid environments, including on-premises, cloud and edge systems, to reduce blind spots, lower operational complexity and strengthen cyber resilience.
To download a copy of the report visit here
