Exclusive: Check Point on defending networks against AI-driven threats

The rise of Generative AI has added a new dimension to cybersecurity challenges.

Cybersecurity threats are showing no signs of slowing, according to Check Point Software's October research report. Organisations of all sizes continue to face a growing number of attacks, with certain sectors increasingly targeted. 

Organisations worldwide experienced around 1,938 cyber attacks per week, a five per cent increase compared to October last year.

Avi Rembaum, President, Technical Sales at Check Point Software, who spoke at the company's Engage event in Montreal this month about the future of AI-driven cybersecurity, said the pattern is particularly worrying in education. The sector saw around 4470 attacks each week in October.

"It would be fantastic to think that it wasn't schools or universities or research centres that weren't the primary target of attackers, but if we remember that attackers are malicious, then they don't necessarily share the same kind of values that we do," he said. 

The telecommunications and government sectors lagged behind with an average of 2,583 and 2,550 attacks per week, respectively.

Rembaum said ransomware remains one of the most persistent threats, often linked to organised crime or state actors. Canada, for example, has been affected significantly, illustrating the reach and impact of these attacks. The Canadian Centre for National Security has said the country, along with China, Russia and Iran, "continue to pose the greatest strategic cyber threats to Canada."

Latin America has also seen rising levels of attack activity. "If you look at the parts of the world where the attack traffic changes over time, Latin America, most recently, is part of the world where we've seen some of the highest levels of attack activity," said Rembaum.

AI-powered attack tools can automate tasks that previously required expertise, lowering barriers for cybercriminals.

"There are now tools you can rent and you can just ask it: 'I want to go after this company. What sort of attack methods should I use?' and it'll give you those kinds of lists. Then you can launch a campaign using those tools," said  Rembaum.

AI also introduces risks for organisations developing large language models (LLMs). Sensitive models and the data that train them can be targeted or manipulated, potentially resulting in compromised outputs or stolen intellectual property.

"The model itself might get stolen, or the data that is used in the model might get modified in a way that leads to inaccurate responses," he added. "People might look for ways of cracking someone's agent in order to steal information from the underlying agent in order to steal information from the underlying service."

Check Point's October report stated that one in every 44 generative AI prompts on enterprise networks posed a risk for data leakage. Furthermore, 87 per cent of organisations were regularly impacted by this type of exposure risk.

To address the unique security challenges posed by AI, Check Point acquired Lakera, a firm specialising in protecting large language models and AI applications. The move gives Check Point a full end-to-end AI security stack offering to its customers.

Lakera's technology focuses on the interaction between humans and AI agents, identifying prompts that may be used maliciously. "They develop a unique set of capabilities whereby when human language gets entered into a prompt," said Rembaum. "You have people interacting with agents, or agents interacting with agents, that's one part of the security challenge, but then you also have protections that are needed around data, the protections that are needed around the inference capabilities or the learning engines."

Despite technological advances, human vulnerability remains the key entry point for ransomware and other attacks. Social engineering and phishing campaigns continue to exploit the weakest link in the security chain. 

Rembaum added that while attacks become more complex, there are still weak links that remain less advanced and can cause a breach.

"Embedding a fake website into ad content in a news source - that's something that we first started seeing more than 10 years ago. And yet, the more traditional way of launching an attack continues to be to send someone an email or to launch some other kind of campaign...to get someone to access a site," he said. "From that site, the attacker can install malicious code on either the user's phone or on their laptop, their computer, or their tablet."

The firm's Harmony Email solution integrates with Microsoft 365, Outlook, and Gmail to inspect emails for malicious content and prevent dangerous links from being delivered. Last week, it was recognised in the 2025 Gartner Magic Quadrant. Mobile applications extend these protections to text messages, while embedded network security technologies remove threats from communications and prevent access to harmful sites.

Check Point's services employ a layered defence strategy to block threats before they reach users. "It's the phishing approach that, for the most part, is the means of getting there. It targets the weakest link in the security chain, which has unfortunately always been the human," said Rembaum.