AI pushes global attacks to record levels

Organisations experienced an average of 1 968 cyber attacks per week in 2025, representing a 70% increase since 2023, as attackers increasingly leverage automation and AI to move faster, scale more easily, and operate across multiple attack surfaces simultaneously.

This is among the findings from a new Check Point Software Technologies Cyber Security Report 2026, the company’s 14th annual analysis of global cyber attack trends.

The report reveals that AI is driving one of the fastest security shifts the industry has experienced, forcing organisations to reassess long-standing assumptions about how attacks originate, spread, and are stopped.

Capabilities once limited to highly resourced threat actors are now widely accessible, enabling more personalised, coordinated, and scalable attacks against organisations of all sizes.

“AI is changing the mechanics of cyber attacks, not just their volume,” says Lotem Finkelstein, vice-president of research at Check Point Software. “We are seeing attackers move from purely manual operations to increasingly higher levels of automation, with early signs of autonomous techniques emerging. Defending against this shift requires revalidating security foundations for the AI era and stopping threats before they can propagate.”

The report highlights a clear shift toward integrated, multi-channel attack campaigns that combine human deception with machine-speed automation:

AI-Driven Attacks Become More Autonomous : AI is increasingly embedded across attack workflows, accelerating reconnaissance, social engineering, and operational decision-making. During a three-month period, 89% of organisations encountered risky AI prompts, with approximately one in every 41 prompts classified as high risk, exposing new risks as AI becomes embedded in everyday business workflows.

: AI is increasingly embedded across attack workflows, accelerating reconnaissance, social engineering, and operational decision-making. During a three-month period, 89% of organisations encountered risky AI prompts, with approximately one in every 41 prompts classified as high risk, exposing new risks as AI becomes embedded in everyday business workflows. Ransomware Operations Continue to Fragment and Scale : The ransomware ecosystem has decentralised into smaller, specialized groups, contributing to a53 % year-over-year increase in extorted victims and a 50% rise in new ransomware-as-a-service groups. AI is now being used to accelerate targeting, negotiation, and operational efficiency.

: The ransomware ecosystem has decentralised into smaller, specialized groups, contributing to a53 % year-over-year increase in extorted victims and a 50% rise in new ransomware-as-a-service groups. AI is now being used to accelerate targeting, negotiation, and operational efficiency. Social Engineering Expands Beyond Email : Attackers are increasingly coordinating campaigns across email, web, phone, and collaboration platforms. ClickFix techniques surged by 500%, using fraudulent technical prompts to manipulate users, while phone-based impersonation evolved into more structured enterprise intrusion attempts. As AI becomes embedded in browsers, SaaS platforms, and collaboration tools, the digital workspace is emerging as a critical trust layer for attackers to exploit.

: Attackers are increasingly coordinating campaigns across email, web, phone, and collaboration platforms. ClickFix techniques surged by 500%, using fraudulent technical prompts to manipulate users, while phone-based impersonation evolved into more structured enterprise intrusion attempts. As AI becomes embedded in browsers, SaaS platforms, and collaboration tools, the digital workspace is emerging as a critical trust layer for attackers to exploit. Edge and Infrastructure Weaknesses Increase Exposure : Unmonitored edge devices, VPN appliances, and IoT systems are increasingly used as operational relay points to blend into legitimate network traffic.

: Unmonitored edge devices, VPN appliances, and IoT systems are increasingly used as operational relay points to blend into legitimate network traffic. New Risks Emerge in AI Infrastructure: An analysis conducted by Lakera, a Check Point company, identified security weaknesses in 40% of 10,000 Model Context Protocol (MCP) servers reviewed, highlighting growing exposure as AI systems, models, and agents become embedded in enterprise environments.

The Cyber Security Report 2026 shows that defending against AI-driven threats requires rethinking how security is designed and enforced, not simply reacting faster.

Based on the trends observed, Check Point recommends that organisations: