Check Point 2026 AI Security Report: LLMs Now Run Live Attacks
Check Point Research's 2026 AI Security Report documents a fundamental shift in the threat landscape: AI has moved from a development accelerator to an active operator within live intrusions, with nation-state and criminal actors alike deploying LLMs to conduct hands-on attack operations. The report highlights the maturation of AI-enabled criminal tooling markets, the rise of indirect prompt injection as an operationally relevant attack vector, and persistent enterprise data leakage through unsanctioned AI application use. Agentic architectures are being specifically exploited through planted configuration files that persist malicious instructions across sessions, representing a durable and largely invisible bypass technique.