Check Point: Hackers are already in. Act accordingly
Tue, 14th Jul 2026 (Today)
The near future is likely to be a tumultuous time in cybersecurity.
That's the anticipation of Check Point's GM of Exposure Management Yochai Corem, who said countless organisations are probably already hacked, but have yet to learn the bad news. And just how have the bad guys got in, undetected? By using readily available and indefatigable agentic AI tools to such an extent that they are now in a position of cherry-picking their victims.
"In the next 12 to 24 months we're going to see many more attacks, because hackers can exploit problems much faster. They set up [hacking] agents and make them run around the cloud, and then intervene as the human agent when they know they're going to get paid."
Corem said most compromises are a process that doesn't start and finish on the same day, or even on any set timeline. Just like the rest of us in corporate offices, hackers have deadlines, workloads, competing priorities, and now, a smorgasbord of prospective targets from which to choose.
"Some attacks take months, and right now we may now be in a window, where the hackers are under the radar," said Corem. "They're already in, and in the first stages of exploitation. Now they are waiting for the right time, when the victim has no choice but to pay because they cannot clean or push them out."
Among the traditional protections available to victims of, for example ransomware, was the ability to simply roll back to a restore point that preceded the hack. That simply doesnt work if the backup from months ago includes the as-yet unexecuted malware.
"It's easy now for the hackers. They are able to exploit thousands of organisations before they even know they're targeted," Corem continued.
As in your office, so too in the hacker's. An administrative task awaits, as a long list of prospects is analysed and prioritised for action and monetisation. "They need to filter through these targets and decide which one they want to actually [hit]," he confirmed.
The darker side of AI
There's a lot that's changed in cybersecurity with the advent of AI tools. The same democratisation of a remarkable leap in technology that has normal people looking to eliminate busy-work and admin from their lives, has empowered and supercharged black hat hackers. Well-served by the dark web, which is, as Corem pointed out, nothing more or less than a marketplace for illicit goods and services, hackers today don't need advanced skills, hooded shirts, or Matrix-style digits cascading down their walls. Instead, they need flexible morals, questionable ethics and perhaps a crypto wallet.
Powered by AI, the pace with which vulnerabilities are identified and then exploited has dropped from weeks or days, to hours or minutes. Security has always been an arms race, but attackers enjoy structural advantages which puts them ahead, Corem explained. "Currently we are on the edge of the hackers being able to win because AI improved the ability to [hack]. Hackers do not have the complexity of regulation, of internal politics, of budget constraints, so they run much faster."
Bureaucracy, in other words, inevitably and unavoidably stands in the way of defence.
In its just released AI Security Report 2026, Check Point noted that agentic AI is autonomously running exploitation workflows and generating thousands of executed commands with minimal human intervention.
It noted a 'collapse' in vulnerability windows from days to hours, and recorded a five-fold increase in detections of long, malicious 'prompt-injection' payloads between March and May 2026 (in other words, AI itself is now an attack surface; this couples with an observation that high-risk enterprise AI prompts have doubled over the year, from roughly one in every 50 interactions to one in every 25.)
Shadow IT by way of AI LLMs remains a problem, as Check Point noted the average organization running ten AI applications, many without formal approval.
Enhanced, proactive defence
With the threat landscape changed by AI, the defence landscape is playing catch up. Again, the real issue isn't necessarily the availability of tooling and technology, or even human capability. After all, if AI tools are readily available to hackers, they're just as readily available to defenders, and indeed the likes of Check Point and its peers are rapidly integrating AI into their systems (Check Point's strategy is to 'secure AI wherever it's used').
Corem said even infosec organisations feel the pressure: "When we planned the 2026 budget in Check Point AI was not the issue. A few months later [it very much is]. That's the challenge, companies couldn't anticipate this."
Check Point, he said, has adapted by reassigning priorities on the head of a pin. It's something he believes every organisation may have to accept as necessary, though conceding, "That's not easy to implement."
Corem also believes there is a current but narrowing window of opportunity which may alleviate the pain he foresees in the coming months. Before AI, undetected lingering advantaged hackers, who would use the time to reconnoiter targets and structure extractive activities. Today, Corem said this linger time represents a chance for defenders to detect and remediate before unpleasant consequences arrive.
He also said a structural change is necessary in terms of how cybersecurity is perceived and handled, with a focus on eliminating any friction between the detection and remediation process."Until now, most [teams] that find the problems are not the ones to solve the problems; we have to change how this operating system works, and if they can automate it, then that's even better."
Finally, Corem said cybersecurity is now an executive priority. "A CEO I spoke with recently told me he used to speak with the CISO once a month. Now they speak twice a day. That's reflective of the priority of security changing, and the necessity for closeness between different teams in order to manage your future."