2026-07-14 · view entry permalink →
Check Point Annual AI Security Report 2026 — AI shifts from attack accelerant to autonomous operator, with the agent's trusted config store as the new persistence surface
Check Point Research's Annual AI Security Report 2026 frames the year's shift as "AI has crossed from assistant to operator": where AI once helped attackers prepare, CPR now observes it doing the hands-on work inside live intrusions, spanning a China-nexus espionage campaign and a criminal breach of multiple Mexican government agencies, and spreading from nation-states to ordinary cybercriminals (Check Point Research, 2026-07-14). Two developments matter most to a defender rather than to a headline. First, AI now builds deployment-ready tooling whose AI provenance is invisible in the finished artifact — CPR cites one developer producing VoidLink, an 88,000-line command-and-control framework, in under a week using an AI environment, illustrating how the tooling-development timeline collapses even for non-experts. Second, and more durable, attackers are moving from transient prompt-injection strings to abusing the agentic architecture itself: CPR reports that the reliable bypass is now "a planted configuration file an agent loads and trusts across sessions," a persistence class that survives context resets and re-authentication in a way one-shot prompt injection does not.
CPR also reports a maturing criminal AI-tooling market — phishing-as-a-service kits shipping with a jailbroken language model built in, and conversational AI voice-agent services running vishing and one-time-passcode theft at scale — alongside a rise in indirect prompt injection (CPR's telemetry shows detections of longer malicious payloads climbing sharply between March and May 2026) and persistent enterprise data leakage through unsanctioned GenAI use. Most actors, CPR notes, favour jailbroken mainstream commercial models over self-hosted ones.
AI has crossed from assistant to operator.
the durable bypass is now a planted configuration file an agent loads and trusts across sessions.