AI Has Stopped Just Assisting Hackers And Now It’s Running The Attacks

Cyber criminals are no longer just using AI chatbots to write a better phishing email. According to Check Point Research’s newly published AI Security Report 2026, artificial intelligence has moved into the driving seat of real cyberattacks; planning intrusions, writing malware and even making operational decisions with little human input.

The security firm’s second annual AI Security Report, based on incident data and original case studies gathered over the past year, argues that the industry has crossed a threshold. A year ago, Check Point described AI mainly as a “force multiplier” that made existing hacking techniques faster and cheaper. Now, the company says, AI is directly running parts of the attack chain itself.

 

Breaches Run Largely On Autopilot

 

The report’s most striking case study concerns a breach of nine Mexican government agencies between December 2025 and February 2026, which exposed roughly 400 million records covering tax, civil registry, vehicle, patient and electoral data.

Researchers say a single attacker typed just 1,088 instructions, which an AI coding assistant turned into 5,317 executed commands across 34 sessions, using Claude Code to explore and break into networks and GPT-4.1 to analyse stolen data.

Notably, when the AI initially refused to assist with the attack, the attacker simply pasted hacking instructions into a configuration file that coding assistants automatically trust at the start of every session, permanently bypassing the safety rules without ever needing a fresh jailbreak prompt. Check Point says this trick is now being sold as a ready-made kit on criminal forums.

A similar pattern showed up in a separate case Anthropic disclosed in November 2025, in which a Chinese state-linked espionage campaign reportedly used Claude Code to handle 80–90% of the tactical work, reconnaissance, exploitation, credential theft and lateral movement, across roughly 30 targeted organisations.

 

Malware Built In Days Not Months

 

AI is also reshaping malware development. Check Point Research’s own investigation into “VoidLink,” a sophisticated Linux command-and-control framework, initially assumed it had been built by a multi-person team over several months. It later emerged the roughly 88,000 lines of code had been written by a single developer in under a week, using a commercial AI coding tool.

Similar AI-assisted malware has now been linked to groups including Pakistan-based Transparent Tribe, Russian-linked “GREYVIBE,” and North Korea’s KONNI group, the report says.

 

Criminals Are Also A Target

 

The flip side, according to the report, is that AI tools themselves have become a fresh attack surface. Because language models process instructions and untrusted content (web pages, documents, emails) as one continuous stream of text, attackers can smuggle in hidden commands, a technique known as prompt injection.

Check Point’s researchers found roughly 15,300 such hidden payloads planted across a scan of 1.2 billion URLs, with most buried in parts of a webpage a human would never see.

The report also flags weaknesses in the “agentic supply chain”, the plug-ins, configuration files and MCP servers that AI coding tools trust automatically. Check Point’s own researchers discovered vulnerabilities in Claude Code that could let attackers run commands the instant a poisoned project was opened and found that roughly 1 in 13 of a sample of exposed developer configuration files contained live login credentials.

Deepfakes And A Broken Identity System

 

Elsewhere, the report warns that voice, video and document verification can no longer be trusted as proof of identity. It cites a North Korean-linked scheme using AI-generated resumes and deepfaked identity documents to get operatives hired as remote IT workers inside Western companies, an operation the US Treasury says has funnelled close to $800 million towards weapons programmes.

In a controlled study cited in the report, even people trained to spot AI-generated faces only identified fakes about 41% of the time; ordinary viewers managed just 30%.

 

Data Leakage Climbing Steadily

 

On the corporate side, Check Point’s telemetry shows the average organisation now uses about ten different AI applications a month, and that the share of “high-risk” prompts, those containing sensitive corporate, personal or regulated data sent to external AI tools, doubled from 2% to 4% of all prompts over the past year.

 

What Businesses Should Do

 

Fred Streefland, Check Point’s Global Field CISO, argues in the report that security leaders need to treat AI risk as a permanent, evolving part of running a business rather than a box to tick once during adoption. His recommendations include treating AI as a “live attacker” when stress-testing defences, gaining visibility into how AI tools and agents are actually being used across the organisation, and applying real-time monitoring to catch sensitive data before it reaches external AI services.

The report lands as AI coding agents and assistants become increasingly embedded not just in software development, but, per announcements from Microsoft and Nvidia cited in the report, directly into consumer operating systems and hardware later this year, a shift Check Point says will only widen the attack surface it has been tracking.