AI is beginning to carry out live cyberattacks, Check Point warns
AI cyberattacks now include malware development, automated phishing, identity forgery and indirect prompt injection.
AI is moving beyond assisting cybercriminals to carrying out operational tasks during live intrusions, according to Check Point Research’s Annual AI Security Report 2026.
The report argues that AI-enabled cyber operations are entering a new phase in which AI systems can execute parts of an attack rather than simply helping attackers write code, research targets or prepare phishing campaigns. The shift could make cyber operations faster and less dependent on continuous human oversight.
Check Point said it observed AI carrying out hands-on tasks during incidents ranging from China-linked campaigns to a criminal breach affecting several Mexican government agencies. According to the company, these capabilities are spreading beyond state-backed actors to financially motivated cybercriminals.
AI is also being used to create deployment-ready malware and offensive frameworks. One developer reportedly used an AI coding environment to build VoidLink, an 88,000-line command-and-control framework, in less than a week. Check Point noted that AI involvement may be difficult to identify once the finished tool is deployed.
According to the report, attackers increasingly favour commercial AI models over self-hosted alternatives. Rather than relying solely on jailbreak prompts, some are targeting agentic architectures by planting configuration files that AI agents continue to trust across multiple sessions.
The market supporting AI cyberattacks is also becoming more established. Check Point identified phishing-as-a-service products that embed language models with built-in restrictions bypasses, alongside conversational voice-agent services used for vishing and one-time-password theft.
The report warns that synthetic identities are weakening traditional trust signals. Convincing imitations of voices, faces, identity documents, and live video can now be combined across multiple channels, making social engineering operations more coordinated and harder to detect.
AI systems themselves are also emerging as an important attack surface. Models may struggle to distinguish instructions from the content they process, allowing attackers to manipulate AI agents through malicious files, webpages and other external data sources.
Indirect prompt injection is emerging as one of the most important threats to AI systems. Check Point said detections of longer malicious payloads increased roughly fivefold between March and May 2026, reaching close to 1% of observed prompts. Longer payloads are commonly associated with content-based and agentic attack paths.
Enterprise data leakage through generative AI also remains a growing concern. The share of prompts classified as high risk doubled from 2% to 4% over the previous year, while organisations used an average of ten AI applications each month, including tools that had not received official approval.
Exposure varied considerably by sector. Business services recorded the highest rate of high-risk generative AI prompts, at 5.91%, meaning approximately one in every 17 interactions presented a significant risk of exposing sensitive information.
The findings suggest organisations must prepare for threats from two directions: adversaries using AI to automate cyber operations and employees or AI systems exposing sensitive data through insecure adoption.
Why does it matter?
The report suggests AI is reshaping cybersecurity on both sides of the equation. Attackers are increasingly using AI to automate complex tasks, while organisations adopting AI are creating new attack surfaces and data security risks.
As AI systems become more autonomous, cybersecurity strategies will need to extend beyond traditional endpoint and network protection to include AI agents, model security, prompt injection defences, identity verification and governance over how AI is deployed across the enterprise.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
