SecurityBrief Canada - Technology news for CISOs & cybersecurity decision-makers
Canada

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Shadowy hacker dark office red warnings world map cyber attacks
#
SaaS
#
Firewalls
#
Data Protection

AI-fuelled cyber attacks surge 70%, Check Point warns

Fri, 30th Jan 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Check Point Software has reported a sharp rise in global cyber attacks and linked the shift to wider use of automation and artificial intelligence by threat actors.

The company's Cyber Security Report 2026 said organisations faced an average of 1,968 cyber attacks per week in 2025. It said the figure represented a 70% increase since 2023. It said attackers used automation and AI more frequently. It said this allowed campaigns to move faster and scale across more attack surfaces.

Check Point said the changes altered common assumptions about how attacks start and spread. It said techniques that once required well-resourced groups now appeared more widely available. It said this had increased the volume of personalised and coordinated activity directed at organisations of different sizes.

"AI is changing the mechanics of cyber attacks, not just their volume," said Lotem Finkelstein, VP of Research, Check Point Software.

"We are seeing attackers move from purely manual operations to increasingly higher levels of automation, with early signs of autonomous techniques emerging. Defending against this shift requires revalidating security foundations for the AI era and stopping threats before they can propagate," said Finkelstein.

AI in workflows

The report pointed to risks from the growing use of AI tools in day-to-day business activity. It said that, over a three-month period, 89% of organisations encountered risky AI prompts. It said around one in every 41 prompts fell into a high-risk category.

Check Point said AI appeared across attack workflows. It said this included reconnaissance, social engineering and decision-making during operations. It framed the trend as part of a move towards more integrated campaigns that combine human deception with automation.

Ransomware shift

The report said ransomware operations continued to fragment into smaller groups. It described a more decentralised ecosystem with specialised players.

Check Point said extorted victims rose 53% year on year. It also said new ransomware-as-a-service groups increased 50%. It said threat actors used AI in targeting and negotiation. It also said AI played a role in operational efficiency.

Beyond email

The report said social engineering campaigns increasingly used multiple channels. It said attackers coordinated activity across email, the web, phone and collaboration platforms.

It highlighted growth in ClickFix techniques. It said this approach surged 500%. It said these techniques used fraudulent technical prompts that aimed to manipulate users. It also said phone-based impersonation evolved into more structured attempts at enterprise intrusion.

Check Point said the digital workspace had become a focal point for attackers. It said this shift tracked with the embedding of AI into browsers, software-as-a-service platforms and collaboration tools.

Edge exposure

The report also pointed to weaknesses in edge and infrastructure environments. It said unmonitored edge devices, VPN appliances and internet of things systems increasingly served as relay points during operations. It said attackers used these systems to blend in with legitimate network traffic.

The report also highlighted risks associated with AI infrastructure. It referenced analysis by Lakera, a Check Point company. It said the assessment found security weaknesses in 40% of 10,000 Model Context Protocol servers reviewed. It said this indicated growing exposure as AI systems and agents become embedded in enterprise environments.

Security priorities

Check Point set out a series of priorities for security leaders. It said organisations should reassess controls across networks, endpoints, cloud and email. It also pointed to secure access service edge as an area for review. It linked these steps to the speed and coordination of AI-driven threats.

It also said organisations should apply governance and visibility to AI usage. It said both sanctioned and unsanctioned use needed attention. It said blocking AI use could increase risk.

Other recommendations included protecting the digital workspace across collaboration tools, browsers, SaaS applications and voice channels. It also said organisations should inventory and secure edge assets such as VPN appliances and IoT systems. It also called for consistent visibility and enforcement across on-premises, cloud and edge environments.

Check Point said it would host a livestream to discuss the report's findings and recommendations.

Related stories
Bitdefender warns OpenClaw AI skills rife with malware
Ottawa funds AI & digital skills push in the North
Siemens unveils virtualised substation protection platform
Guardsquare buys Verimatrix XTD to boost mobile security
Flare sees rapid MSSP uptake of external threat intel

Top stories

Why the all-AI social network looks more fad than legacy
Hexnode embeds upgraded Genie AI to run UEM actions
Safer Internet Day spotlights AI, trust & child safety
Record rise in digital squatting fuels phishing wave
Genetec report finds healthcare ramping up hybrid-cloud and AI security