AI Takes the Wheel: Attackers Automate Exploitation Workflows
A new report reveals threat actors are increasingly leveraging AI to autonomously execute complex cyberattack stages, significantly lowering the barrier to entry and accelerating the pace of intrusions.

Cybercriminals are rapidly evolving their tactics, with Artificial Intelligence (AI) now playing a central role in automating entire exploitation workflows, according to Check Point's AI Security Report 2026. Researchers have observed intrusions where AI models, stripped of their safety controls, generated thousands of commands across numerous sessions with minimal human oversight. This marks a significant shift from AI as a tool for developing malware to AI as an active participant in executing attacks.
The primary concern highlighted by the report is the rise of attackers who can orchestrate AI across multiple stages of the attack chain without human intervention. This is achieved by compromising capable AI models, whether through abusing commercial services, using stolen credentials, self-hosting open-source models, or purchasing specialized AI tools built for illicit purposes. A key technique involves 'jailbreaking' AI models to bypass their built-in safeguards, often through carefully crafted prompts. More persistent methods involve targeting AI coding agents by embedding malicious instructions in files that are automatically loaded at the start of every session, ensuring the exploit remains active until manually removed.
AI's role in malware development is also expanding, with models used to generate, refine, and debug code. This capability allows less experienced attackers to produce sophisticated tools, a trend observed among both criminal groups and nation-state actors. Furthermore, a growing category of malware now communicates with AI models during execution, enabling real-time adaptation of behavior and command generation. The ability of AI to reason about code is also accelerating vulnerability discovery and exploit development, leading to a shrinking window between public disclosure and the availability of working exploits. This speed necessitates a corresponding acceleration in patch testing and deployment, which is becoming the primary bottleneck for defenders.
As organizations integrate AI into various business functions, from email and document processing to code development and customer interactions, AI systems themselves are becoming a significant attack surface. These systems often have access to sensitive data and the ability to act on behalf of users. Attacks targeting AI can be broadly categorized into AI-specific risks and traditional software vulnerabilities. Language models, for instance, can be susceptible to prompt injection and memory manipulation when untrusted content is interpreted as instructions rather than data. Autonomous AI agents exacerbate these risks by operating with excessive privileges and trusting external inputs with minimal human oversight.
The report also underscores the evolving threat landscape of digital identity. Generative AI is making it easier and cheaper to create convincing fake identities at scale, challenging traditional methods of trust establishment. Synthesized voices, faces, and even government IDs can now be generated with high realism. These generative identity attacks are progressing from pre-recorded content to real-time, interactive, and even autonomous operations. Social engineering, amplified by AI-generated content, has become a dominant vector, expanding beyond email to coordinated multi-channel campaigns across various communication platforms.
Data exposure through enterprise AI use is another critical concern. Between October 2025 and May 2026, a significant percentage of organizations experienced high-risk AI interactions monthly, indicating a global challenge with limited regional variation. Business services, wholesale, and telecommunications sectors recorded the highest rates of risky prompts, reflecting the widespread adoption of AI for tasks involving sensitive data sharing. Europe, despite strong privacy regulations, showed a high rate of risky prompts, suggesting that regulatory measures alone are insufficient to prevent insecure AI usage.
Securing the underlying AI infrastructure is becoming paramount. Companies building AI environments, including LLM deployments and hardware-based systems, face an expanded attack surface across hardware, containers, APIs, and endpoints. The report emphasizes that the most dangerous parts of this attack surface are often those that organizations cannot readily see or manage. The increasing reliance on AI necessitates a fundamental shift in defensive strategies, moving towards governing AI usage, securing AI systems, and defending at machine speed rather than human speed.