AI drives 70% surge in weekly cyber attacks in 2025

Check Point Software has released its Cyber Security Report 2026, which says organisations faced an average of 1,968 cyber attacks per week in 2025 and links the rise to greater use of automation and artificial intelligence by attackers.

The company said the weekly figure marks a 70% increase since 2023. It said attackers now run campaigns across multiple attack surfaces at the same time. It also said AI tools now sit inside more steps of the attack process.

Check Point said the shift has changed assumptions about where attacks start and how they spread. It said techniques that once required well-resourced groups now appear in a wider range of operations.

"AI is changing the mechanics of cyber attacks, not just their volume," said Lotem Finkelstein, VP of Research, Check Point Software.

"We are seeing attackers move from purely manual operations to increasingly higher levels of automation, with early signs of autonomous techniques emerging. Defending against this shift requires revalidating security foundations for the AI era and stopping threats before they can propagate," said Finkelstein.

AI in workflows

The report points to AI use across reconnaissance, social engineering and operational decision-making. Check Point said this trend has created new risks as employees use AI tools more frequently in routine work.

In one three-month period examined for the report, Check Point said 89% of organisations encountered risky AI prompts. It said around one in every 41 prompts qualified as high risk.

The findings add to concerns among security teams about how staff interact with generative AI tools. Many companies now run programmes that focus on AI governance, monitoring and data controls. The report frames prompt-related activity as another area where organisations need visibility.

Ransomware shift

Check Point said ransomware groups have become more fragmented. It described a decentralised ecosystem of smaller, specialised groups. It said this structure has still driven growth in victim numbers and in the number of new groups offering ransomware-as-a-service models.

The report cites a 53% year-over-year increase in extorted victims. It also cites a 50% rise in new ransomware-as-a-service groups. Check Point said AI now plays a role in targeting, negotiation and operational efficiency.

The company's analysis echoes a broader industry trend in which ransomware operations split into affiliates, access brokers and specialist service providers. This approach can increase the number of potential entry points for defenders to watch. It also increases the volume of activity for incident responders.

Beyond email

The report also focuses on social engineering campaigns that run across several channels. Check Point said attackers increasingly coordinate activity across email, web, phone and collaboration platforms.

It highlighted a rise in ClickFix techniques. It said these methods surged by 500%. Check Point described the approach as the use of fraudulent technical prompts that manipulate users.

The report also describes changes in phone-based impersonation. It said those techniques have evolved into more structured enterprise intrusion attempts. Check Point said the "digital workspace" now represents a key trust layer for attackers as AI features appear inside browsers, SaaS platforms and collaboration tools.

Edge exposure

Check Point said organisations face increasing exposure from edge and infrastructure weaknesses. It highlighted unmonitored edge devices, VPN appliances and IoT systems. It said attackers use such assets as relay points that blend into legitimate network traffic.

Security teams often struggle to keep a complete inventory of internet-facing devices and firmware versions across a hybrid estate. The report positions this area as a persistent operational risk, particularly for organisations that rely on remote access and distributed networks.

AI infrastructure

The report also includes findings on weaknesses in AI infrastructure. It cites analysis by Lakera, which Check Point describes as a Check Point company.

Check Point said the analysis found security weaknesses in 40% of 10,000 Model Context Protocol servers reviewed. It said the figure highlights growing exposure as AI systems, models and agents become embedded in enterprise environments.

The report positions this as a parallel risk to end-user prompt activity. It suggests AI deployments increase the range of systems that security teams need to monitor. It also increases the number of interfaces that attackers may probe.

Security approach

Alongside the findings, Check Point set out recommendations for security leaders. It said organisations should reassess controls across networks, endpoints, cloud, email and SASE. It also said companies should improve governance and visibility around sanctioned and unsanctioned AI usage.

The report also calls for stronger protection of the digital workspace. It cites the spread of social engineering across browsers, collaboration tools, SaaS applications and voice channels. It also points to the need to harden edge and infrastructure assets and to unify visibility across on-premises, cloud and edge environments.

"We are seeing attackers move from purely manual operations to increasingly higher levels of automation, with early signs of autonomous techniques emerging," said Finkelstein.