For the first time, artificial intelligence tools have automated significant parts of cyber intrusions over the past 12 months, according to a new report.
In its 56-page report released on July 14, Check Point Research said that AI played a role in nearly every stage of a cyber attack process: social engineering, malware development, live intrusion, building attacker tools, and researching vulnerabilities.
The intelligence arm of cybersecurity firm Check Point Software Technologies recorded instances where AI autonomously executed cyberattacks over the last 12 months, including an attack on nine Mexican government agencies.
Separately, AI was used to automate up to 90 per cent of an attack campaign by a Chinese-linked threat group, which targeted 30 organisations globally.
“What has changed is that AI now does in minutes what used to take a skilled attacker hours or days, and at a fraction of the cost and expertise required before,” said Lotem Finkelstein vice president of Check Point Research.
The report is based on threat intelligence gathered from Check Point Software’s global customer base of more than 100,000 organisations, where the company analyses around 200 million cyber attacks blocked each day.
The attack on the nine Mexican government agencies involved a single attacker using AI to break into 400 million records covering tax, civil-registry, vehicle, patient, and electoral data between late December 2025 and mid-February 2026.
The attacker used two AI tools together.
United States AI lab Anthropic’s Claude Code was used to break into computer systems, move through the victims’ networks and generate and execute about three-quarters of the commands used to control compromised computers.
Meanwhile, San Francisco-headquarted Open AI’s GPT-4.1 was then used to analyse the stolen data and identify the next targets and steps in the attack. These insights were then fed back into Claude again.
Claude repeatedly resisted some requests by questioning their legitimacy and asking for proof of authorisation, but the attacker eventually found ways around its safety safeguards.
In this case, AI was able to enable a single operator to process a high volume of data that would normally require a team of analysts.
In another case, Anthropic disclosed in November 2025 that a Chinese-linked cyber espionage group used its Claude Code AI tool to target about 30 organisations across the technology, finance, chemicals and government sectors.
Anthropic said the attackers succeeded in a “small number of cases”, and that AI carried out about 80 to 90 per cent of the operation, in what was the first known case of a cyber espionage campaign largely run by an AI system.
Claude Code was used to scan victims’ networks, identify vulnerabilities, break into systems, steal login credentials, move across compromised networks and analyse stolen data, while human operators mainly set objectives, reviewed the AI’s output and intervened only at key decision points.
The attackers bypassed Claude’s safety guardrails by disguising the operation as legitimate cybersecurity work.
AI-powered cyber attacks have come on the heels of technology advances. Anthropic’s latest Claude Mythos Preview model, for one, was said to be able to autonomously uncover unknown software vulnerabilities and engineer exploits.
In its first month, it autonomously identified more than 10,000 critical vulnerabilities across every major operating system and browser.
“The real bottleneck is now how fast humans can review and deploy fixes,” said Finkelstein.
The report said that generative AI is now common in the workplace, increasing cyber risk.
Between October 2025 and May 2026, organisations used an average of 10 different AI applications each month, while employees increased their use of AI tools by 25 per cent, with the average number of prompts per user rising from 56 to 70 over the period, according to the Check Point report.
The report also found that employees are increasingly sharing sensitive information with external AI tools. The proportion of high-risk prompts – those containing confidential corporate, personal or regulated data – doubled from 2 per cent to 4 per cent over the study period.
In Europe, close to 4 per cent of prompts entered into AI tools between Jan to May 2026 were high-risk, despite the region’s strict data protection rules. The figure stood at 3.76 per cent for Latin America, 3.33 per cent for North America and 2.88 per cent for Asia Pacific.
Finkelstein said that as companies lean on AI for productivity, employees everywhere face a trade-off between providing AI systems with enough context to produce useful responses and protecting confidential company information. He added that regulation alone is not enough to prevent risky AI interactions.
“(This) reinforces the importance of technical controls, user awareness ,and continuous monitoring,” said Finkelstein.
Recommendations to combat cyberattackers include putting safeguards around AI models and agents before deployment, regularly testing them for vulnerabilities such as jailbreaks and prompt injection attacks, and continuously monitoring employees’ use of AI tools to prevent confidential information from being shared externally.
-The Strait Times
In its 56-page report released on July 14, Check Point Research said that AI played a role in nearly every stage of a cyber attack process: social engineering, malware development, live intrusion, building attacker tools, and researching vulnerabilities.
The intelligence arm of cybersecurity firm Check Point Software Technologies recorded instances where AI autonomously executed cyberattacks over the last 12 months, including an attack on nine Mexican government agencies.
Separately, AI was used to automate up to 90 per cent of an attack campaign by a Chinese-linked threat group, which targeted 30 organisations globally.
“What has changed is that AI now does in minutes what used to take a skilled attacker hours or days, and at a fraction of the cost and expertise required before,” said Lotem Finkelstein vice president of Check Point Research.
The report is based on threat intelligence gathered from Check Point Software’s global customer base of more than 100,000 organisations, where the company analyses around 200 million cyber attacks blocked each day.
The attack on the nine Mexican government agencies involved a single attacker using AI to break into 400 million records covering tax, civil-registry, vehicle, patient, and electoral data between late December 2025 and mid-February 2026.
The attacker used two AI tools together.
United States AI lab Anthropic’s Claude Code was used to break into computer systems, move through the victims’ networks and generate and execute about three-quarters of the commands used to control compromised computers.
Meanwhile, San Francisco-headquarted Open AI’s GPT-4.1 was then used to analyse the stolen data and identify the next targets and steps in the attack. These insights were then fed back into Claude again.
Claude repeatedly resisted some requests by questioning their legitimacy and asking for proof of authorisation, but the attacker eventually found ways around its safety safeguards.
In this case, AI was able to enable a single operator to process a high volume of data that would normally require a team of analysts.
In another case, Anthropic disclosed in November 2025 that a Chinese-linked cyber espionage group used its Claude Code AI tool to target about 30 organisations across the technology, finance, chemicals and government sectors.
Anthropic said the attackers succeeded in a “small number of cases”, and that AI carried out about 80 to 90 per cent of the operation, in what was the first known case of a cyber espionage campaign largely run by an AI system.
Claude Code was used to scan victims’ networks, identify vulnerabilities, break into systems, steal login credentials, move across compromised networks and analyse stolen data, while human operators mainly set objectives, reviewed the AI’s output and intervened only at key decision points.
The attackers bypassed Claude’s safety guardrails by disguising the operation as legitimate cybersecurity work.
AI-powered cyber attacks have come on the heels of technology advances. Anthropic’s latest Claude Mythos Preview model, for one, was said to be able to autonomously uncover unknown software vulnerabilities and engineer exploits.
In its first month, it autonomously identified more than 10,000 critical vulnerabilities across every major operating system and browser.
“The real bottleneck is now how fast humans can review and deploy fixes,” said Finkelstein.
The report said that generative AI is now common in the workplace, increasing cyber risk.
Between October 2025 and May 2026, organisations used an average of 10 different AI applications each month, while employees increased their use of AI tools by 25 per cent, with the average number of prompts per user rising from 56 to 70 over the period, according to the Check Point report.
The report also found that employees are increasingly sharing sensitive information with external AI tools. The proportion of high-risk prompts – those containing confidential corporate, personal or regulated data – doubled from 2 per cent to 4 per cent over the study period.
In Europe, close to 4 per cent of prompts entered into AI tools between Jan to May 2026 were high-risk, despite the region’s strict data protection rules. The figure stood at 3.76 per cent for Latin America, 3.33 per cent for North America and 2.88 per cent for Asia Pacific.
Finkelstein said that as companies lean on AI for productivity, employees everywhere face a trade-off between providing AI systems with enough context to produce useful responses and protecting confidential company information. He added that regulation alone is not enough to prevent risky AI interactions.
“(This) reinforces the importance of technical controls, user awareness ,and continuous monitoring,” said Finkelstein.
Recommendations to combat cyberattackers include putting safeguards around AI models and agents before deployment, regularly testing them for vulnerabilities such as jailbreaks and prompt injection attacks, and continuously monitoring employees’ use of AI tools to prevent confidential information from being shared externally.
-The Strait Times
Latest News
Russia readies to reroute exports from Sea of Azov after Ukrainian attacks
Local
14 July 2026
After Hormuz, Iran turns to Red Sea as new pressure point
Local
14 July 2026
Veistroffer thrills Tour de France crowds with breakaway spirit
Local
14 July 2026
Appointments handed over to 228 management assistants
Local
14 July 2026
Mexico files criminal complaints in US over migrant deaths in custody
Local
14 July 2026
Tech companies join Prince William’s fight against wildlife crime
Local
14 July 2026
UK wasted £10bn on PPE left NHS staff poorly protected, Covid inquiry finds
Local
14 July 2026
UK recruiters cut costs as war and AI deter hiring
Local
14 July 2026
Meta used AI to target workers with medical conditions for layoffs, lawsuit claims
Local
14 July 2026
Yemen’s Houthis strike Saudi Arabia’s Abha airport with missiles and drones
Local
14 July 2026