Thursday, July 16, 2026

News

Check Point: AI Now Runs Cyberattacks Itself, Not Just Assists Them

PolicyPatryk Raba
Fot. Julio Lopez, Pexels (Pexels License)

A Check Point Research report shows AI has moved beyond assisting criminals to independently executing entire stages of intrusions. In an attack on nine Mexican government agencies, one operator had AI models carry out more than 5,300 commands, stealing 400 million records.

Contents
  1. From Assistant to Operator
  2. Vulnerabilities Patched in Hours, Not Days
  3. Companies Losing Control of Data
  4. Fake Identity as a Service
  5. What This Means for Businesses

Artificial intelligence is no longer just a cyberattack assistant writing phishing emails or researching victims. According to a new Check Point Research report published on July 13, 2026, AI models now independently carry out entire stages of intrusions, from network reconnaissance to data exfiltration, with minimal human oversight.

The authors of the AI Security Report 2026 describe a breach of nine Mexican government institutions that took place between December 2025 and February 2026. A single operator, issuing just 1,088 natural-language commands, prompted AI tools to generate 5,317 executable commands across 34 attack sessions. Two commercial tools were used simultaneously in the intrusion: Claude Code for network penetration and exploration, and GPT-4.1 for analytical support. The result was the theft of roughly 400 million records.

From Assistant to Operator

Check Point describes this as AI's shift from an assistant role to an attack operator role. In another documented espionage campaign linked to Chinese groups, Claude Code reportedly carried out 80 to 90 percent of all tactical work in attacks on around 30 organizations, including reconnaissance, vulnerability exploitation, and credential capture.

AI has moved directly into the attack chain and is now running operations on its own - Lotem Finkelstein, VP of Research, Check Point Research

Vulnerabilities Patched in Hours, Not Days

The report also points to a dramatic shrinking of the window between a vulnerability's disclosure and the appearance of a working exploit, from days down to single hours. Anthropic's Glasswing project identified more than 10,000 high- and critical-severity vulnerabilities, producing a working exploit on the first attempt in about 83 percent of cases. That prompted the US agency CISA to require critical vulnerabilities to be patched within just three days.

The authors also cite the example of VoidLink malware, a modular Linux platform containing more than 30 post-exploitation plugins and roughly 88,000 lines of working code. It was built by a single person using the AI development environment TRAE SOLO in under a week.

Companies Losing Control of Data

Beyond the attacks themselves, the report describes a growing problem known as Shadow AI, unauthorized use of AI tools by employees. The average organization uses around ten different AI applications each month, many of which were never formally approved by IT. The share of risky prompts containing sensitive data doubled year over year, from 2 to 4 percent, with the business services sector recording the highest rate in May, reaching 6.98 percent.

Check Point also documents cases of stolen access to AI accounts. The Bissa Scanner campaign harvested credentials from more than 30,000 unsecured developer environments, with AI tool logins the most frequently stolen data type. In one documented case, a stolen Google Gemini API key racked up around $82,000 in charges within two days, a practice known as LLMjacking.

Fake Identity as a Service

Synthetic identities are another growing threat. The service OnlyFake sold more than 10,000 AI-generated identity documents, while North Korea-linked fake remote-worker schemes are estimated to have generated nearly $800 million for weapons programs. The problem is compounded by how poorly humans spot fakes: trained reviewers correctly identified AI-generated faces in only 41 percent of cases.

The infrastructure running AI agents is also at risk. Out of 10,000 examined servers using the MCP protocol, which connects language models to external tools, 40 percent contained security weaknesses. The ClawHavoc campaign planted 44 malicious plugins on online marketplaces, which together racked up more than 12,500 downloads.

What This Means for Businesses

For Polish companies and institutions, the Check Point report confirms a trend that domestic experts have been flagging for months: defenses need to keep pace with the speed of automated attacker tools, not with the tempo of human security teams. The three-day window for patching critical vulnerabilities introduced by the US CISA could, in the coming months, become a benchmark for European regulators overseeing public-sector cybersecurity as well.

Check Point says future updates to the report will track how quickly commercial AI tools such as Claude, ChatGPT, and Gemini are being used in real-world breaches rather than just lab tests. The authors stress that attackers overwhelmingly do not turn to uncensored local models, but instead use the same popular commercial platforms relied on by millions of ordinary users.

Share: