Check Point Software has released its 2026 Cyber Security Report, highlighting unprecedented levels of cyber attacks in 2025 and noting a significant evolution in tactics that combine automation, artificial intelligence (AI), and social engineering across various platforms. The report indicates that organizations globally faced an average of 1,968 cyber attacks per week in 2025, reflecting a 70% increase since 2023.
Singapore has emerged as a prominent target in this landscape, with an average of 2,272 weekly cyber attacks reported in 2025, a 17% rise from the previous year. The report identifies the consumer goods and services sector as the most affected category in Singapore, averaging 3,353 attacks per week, followed by financial services at 1,632 and business services at 1,588.
Check Point’s findings underscore the transformative influence of AI on cyber attack methodologies and volumes. The integration of AI tools has lowered barriers for threat actors, providing access to tactics previously reserved for well-resourced groups. This shift has not only increased the speed and scale of attacks but has also resulted in more personalized and coordinated operations across multiple communication channels.
“AI is changing the mechanics of cyber attacks, not just their volume,” stated Lotem Finkelstein, VP of Research at Check Point Software. He emphasized the transition from manual operations to a higher degree of automation, with indications that autonomous techniques are emerging. Finkelstein urged organizations to reassess their security frameworks to effectively counter these evolving threats.
The report also noted the emergence of risky AI prompts within everyday business workflows, with 89% of organizations encountering such prompts in a three-month period. Approximately one in 41 of these prompts was categorized as high-risk, suggesting a new vulnerability as businesses increasingly incorporate AI tools into their operations. Check Point connected these prompts to potential exposure of sensitive information and the growing use of AI for reconnaissance and social engineering.
In the realm of ransomware, the landscape continues to diversify. The report describes a shift toward a decentralized ecosystem, characterized by smaller groups specializing in different aspects of the extortion chain. This evolution corresponds with a 53% year-on-year increase in extorted victims and a 50% rise in new ransomware-as-a-service groups. Check Point noted that AI has enhanced targeting speed and altered negotiation tactics among attackers, thereby improving operational efficiency.
Check Point also observed a significant expansion of social engineering tactics beyond email. Notably, techniques dubbed “ClickFix” surged by 500%, employing fraudulent technical prompts to manipulate users. The report detailed the evolution of phone-based impersonation into more structured attempts at enterprise intrusion, with attackers increasingly coordinating activities across various channels. The integration of AI into browsers, SaaS platforms, and collaboration tools has elevated the digital workspace as a prime target for malicious activity.
Moreover, the report identified vulnerabilities within edge and infrastructure devices, as attackers exploited unmonitored edge devices, VPN appliances, and IoT systems as relay points, enabling malicious activities to blend seamlessly with legitimate network traffic. An analysis by Lakera, a subsidiary of Check Point, found security weaknesses in 40% of 10,000 Model Context Protocol servers reviewed, further illustrating the risks associated with AI infrastructure.
In response to these findings, Check Point outlined several recommendations for security leaders, urging organizations to reassess their controls across networks, endpoints, cloud, and email environments. They emphasized the importance of governance and visibility regarding both sanctioned and unsanctioned AI usage, warning that blocking AI use could inadvertently increase risk. Enhanced security measures for the digital workspace, including controls over collaboration tools, browsers, SaaS applications, and voice channels, were also highlighted as critical steps.
To tackle these emerging threats, Check Point advised organizations to inventory and secure their edge devices, VPN appliances, and IoT systems, while striving for unified visibility across on-premises, cloud, and edge environments. The company positioned prevention-led security as essential for addressing the challenges posed by machine-speed attacks. Check Point plans to host a livestream to discuss the report’s findings and recommendations further.
See also
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
AI Poisoning Attacks Surge 40%: Businesses Face Growing Cybersecurity Risks
