[ad_1]
Artificial intelligence (AI) has not only established itself as one of the most disruptive technologies of our time, but also as the driving force reshaping both cybersecurity and cybercrime. This is one of the key findings of the “Security Report 2026”, Check Point Software Technologies’ fourteenth annual analysis of global cyberattack trends .
According to the report, organizations experienced an average of 1,968 cyberattacks per week, representing a 70% increase compared to 2023. The company directly attributes this surge to the growing use of AI by cybercriminals, who leverage it to automate processes, scale campaigns with minimal human intervention, and operate simultaneously across multiple attack surfaces.
Social engineering goes multichannel
This shift has had a particularly visible impact on social engineering, which is no longer limited to email phishing. Instead, it has evolved into a combination of techniques deployed across multiple channels and supported by increasingly sophisticated psychological tactics.
“Throughout 2025, campaigns emerged that combined messages on social media, phone calls, instant messaging platforms, corporate collaboration tools, and legitimate cloud authentication flows,” the report notes.
Greater offensive capabilities and new attack surfaces
AI enables attackers to generate highly convincing voice and video deepfakes, capable of conducting adaptive conversations and collecting one-time passwords (OTP); identify vulnerabilities and optimize their exploitation; adapt tactics in real time; and develop increasingly sophisticated malware. The report also highlights the rise of techniques such as ClickFix, which manipulate users into executing seemingly legitimate actions and increased by 500% in 2025.
At the same time, AI systems themselves have become a new attack surface. The report shows that the adoption of agentic frameworks, MCP servers, and locally deployed models has opened new exposure vectors. In the fourth quarter of 2025, 89% of organizations detected AI prompts considered risky, and one in every 41 was classified as high risk –an increase of 97% compared to the first quarter of the year.
In many cases, the integration of AI into attack workflows has become so widespread that it is increasingly difficult to determine whether an attack was generated or assisted by AI.
Against this backdrop, Check Point emphasizes that organizations must rethink the foundations of cybersecurity. This means moving beyond detection and response-based models and adopting a prevention-first approach capable of anticipating threats that operate –literally– at machine speed.
“Defense in the age of AI cannot rely on reacting faster, but on anticipating threats from the outset. Only then can organizations match the speed and scale of attackers,” said Eusebio Nieva, Technical Director for Spain and Portugal at Check Point Software.
Ransomware reaches unprecedented levels
Ransomware was another major trend highlighted in the report, reaching record levels in 2025. Globally, more than 7,960 organizations had their data published on leak sites operated by double extortion groups, a 53% year-on-year increase.
In the first quarter alone, 2,289 victims were recorded –up 134% compared to the previous year– largely driven by the exploitation of zero-day vulnerabilities. This trend intensified in the fourth quarter, which closed with 2,473 victims, the highest figure ever recorded by Check Point.
The criminal ecosystem also underwent a significant reconfiguration. The disappearance of major Ransomware-as-a-Service (RaaS) operations such as 8Base, Phobos, and RansomHub did not reduce activity but instead redistributed affiliates among new actors. Qilin emerged as the dominant operator, with more than 1,000 published victims and a profit-sharing model (80–85%) that attracted numerous affiliates.
Cyberspace as a key domain in modern conflicts
The report also examines the role of cyberspace in major geopolitical conflicts throughout 2025—including Russia-Ukraine, Iran-Israel, India-Pakistan, and Thailand-Cambodia—and concludes that cyber operations have evolved from isolated actions into an integrated component of military, political, and informational strategies.
Check Point identifies three recurring functions:
- Positioning and preparation, focused on gaining persistent access to critical infrastructure.
- Operational support, where compromised systems enable or synchronize physical actions.
- Narrative shaping, combining data leaks, disinformation campaigns, and information saturation to influence public perception.
Overall, cyber and kinetic operations are increasingly conducted in parallel, reinforcing each other within a hybrid warfare environment where digital superiority is as critical as physical dominance.
2026: denying persistence, not just intrusion
Looking ahead to 2026, Check Point highlights a fundamental shift in defensive priorities. The focus should no longer be solely on preventing initial access, but on denying persistence –ensuring attackers cannot remain inside systems, move laterally, and expand without triggering critical alerts.
The report outlines six key trends shaping the near future of cybersecurity:
- Agentic AI evolving from assistance to operational autonomy.
- Prompt injection and data poisoning becoming the new “zero-day” equivalent.
- Trust emerging as the new security perimeter, amid the rise of deepfakes and conversational fraud.
- Quantum risk accelerating the transition to post-quantum cryptography.
- AI becoming a strategic decision-making engine in both offensive and defensive operations.
- Regulation increasing requirements for resilience, traceability, and reporting.
[ad_2]
Click Here For The Original Source.
