Check Point Report Highlights Criticality of Cybersecurity as Cyber Attacks Increase Drastically in 2025
Rise of AI Dramatically Increasing the Scale and Sophistication of Cyber Threats

Artificial intelligence (AI) is no longer just a defensive tool in cybersecurity. It has also become a force multiplier for attackers, dramatically increasing both the scale and complexity of cyber threats faced by organisations worldwide. This reality is laid bare in Check Point Software’s Cyber Security Report 2026, which shows that organisations in 2025 were subjected to an average of 1,968 cyber attacks per week—a staggering 70% increase compared to 2023.
According to the report, this surge is closely tied to the growing use of automation and AI by threat actors. Attackers are no longer constrained to single vectors or linear campaigns. Instead, they now orchestrate coordinated attacks across multiple surfaces simultaneously, with AI embedded into several stages of the attack chain. As a result, techniques that once required well-funded and highly skilled groups are now appearing across a much broader spectrum of cybercriminal operations.
“AI is changing the mechanics of cyber attacks, not just their volume,” said Lotem Finkelstein, Vice President of Research at Check Point Software. He noted that attackers are steadily moving away from purely manual methods toward higher levels of automation, with early signs of autonomous attack techniques already emerging. This shift, he warned, forces defenders to rethink long-held assumptions about how attacks originate and spread.
AI Inside Everyday Workflows and Cyber Attacks
One of the more troubling findings in the report concerns how AI is being used within organisations themselves. As employees increasingly rely on generative AI tools in daily work, new risks are being introduced—often unintentionally. Check Point found that, within a three-month period, 89% of organisations encountered risky AI prompts, with roughly one in every 41 prompts classified as high risk.
These figures underline growing concerns among security teams about employee interaction with AI systems. While many organisations have begun rolling out AI governance and monitoring programmes, the report frames prompt-related activity as a new and largely under-monitored attack surface that demands far greater visibility.
Ransomware Evolves, Not Disappears
The report also highlights a significant shift in the ransomware ecosystem. Rather than consolidating, ransomware groups have become more fragmented, forming decentralised networks of smaller, specialised actors. Despite this fragmentation—or perhaps because of it—ransomware activity continues to grow. Check Point recorded a 53% year-on-year increase in extorted victims and a 50% rise in new ransomware-as-a-service groups.
AI now plays a role in multiple aspects of these operations, from targeting and negotiation to overall efficiency. This mirrors a broader industry trend in which ransomware operations are split among affiliates, access brokers, and specialist service providers. While this creates more potential points of detection, it also significantly increases the volume and complexity of activity that defenders must manage.
Beyond Email: The Expanding Social Engineering Threat
Social engineering, long associated with phishing emails, has expanded well beyond a single channel. The report notes that attackers are increasingly coordinating campaigns across email, web platforms, phone calls, and collaboration tools. One notable example is the rapid rise of ClickFix techniques, which surged by 500%. These attacks rely on fraudulent technical prompts designed to manipulate users into taking harmful actions.
Phone-based impersonation has also evolved, becoming more structured and closely aligned with broader enterprise intrusion attempts. As AI features become embedded in browsers, SaaS platforms, and collaboration tools, the so-called “digital workspace” has emerged as a critical trust layer—and a prime target for attackers.
Edge, Infrastructure, and AI Systems Under Strain
Beyond users and workflows, organisations are also grappling with growing exposure at the network edge. Unmonitored edge devices, VPN appliances, and IoT systems are increasingly exploited as relay points that blend into legitimate traffic. Maintaining a complete and accurate inventory of internet-facing assets remains a persistent challenge, particularly in hybrid and distributed environments common across Asia.
The report further points to weaknesses in AI infrastructure itself. Analysis cited by Check Point found security issues in 40% of 10,000 Model Context Protocol servers reviewed. As AI models, agents, and supporting systems become embedded in enterprise environments, they introduce parallel risks to those posed by end-user AI usage—expanding both the attack surface and the number of interfaces that defenders must secure.
What Organisations Must Do Next
Taken together, the findings paint a clear picture: AI has reshaped the cyber threat landscape, and traditional defensive assumptions no longer hold. To respond, organisations must reassess security controls across networks, endpoints, cloud environments, email, and SASE architectures. Just as importantly, they need stronger governance and visibility over both sanctioned and unsanctioned AI use within the enterprise.
Protecting the digital workspace is now critical, as social engineering spreads across browsers, collaboration tools, SaaS applications, and voice channels. At the same time, edge and infrastructure assets must be hardened, and visibility unified across on-premises, cloud, and edge environments.
As Finkelstein cautioned, the rise of automation and early autonomous techniques means defenders must stop threats before they can propagate. In the AI era, cybersecurity is no longer just about reacting faster—it is about rebuilding security foundations to match the speed, scale, and sophistication of AI-driven attacks.



