惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Simon Willison's Weblog
Simon Willison's Weblog
Google DeepMind News
Google DeepMind News
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
P
Proofpoint News Feed
Recent Announcements
Recent Announcements
MongoDB | Blog
MongoDB | Blog
U
Unit 42
云风的 BLOG
云风的 BLOG
Recorded Future
Recorded Future
G
Google Developers Blog
I
InfoQ
Blog — PlanetScale
Blog — PlanetScale
A
About on SuperTechFans
Jina AI
Jina AI
量子位
宝玉的分享
宝玉的分享
The Cloudflare Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 聂微东
Last Week in AI
Last Week in AI
WordPress大学
WordPress大学
美团技术团队
The Hacker News
The Hacker News
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Tailwind CSS Blog
博客园 - 司徒正美
博客园 - 叶小钗
Hugging Face - Blog
Hugging Face - Blog
P
Palo Alto Networks Blog
博客园_首页
阮一峰的网络日志
阮一峰的网络日志
博客园 - 【当耐特】
Spread Privacy
Spread Privacy
The GitHub Blog
The GitHub Blog
Y
Y Combinator Blog
Vercel News
Vercel News
Martin Fowler
Martin Fowler
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Forbes - Security
Forbes - Security
Attack and Defense Labs
Attack and Defense Labs
Google DeepMind News
Google DeepMind News
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Microsoft Azure Blog
Microsoft Azure Blog
P
Privacy International News Feed
G
GRAHAM CLULEY
The Last Watchdog
The Last Watchdog
C
Cyber Attacks, Cyber Crime and Cyber Security
AI
AI
V2EX - 技术
V2EX - 技术

Check Point Blog

AI Security Is Never Finished: Building the Continuous Red Teaming Loop  - Check Point Blog AI Security Threats in 2026: Annual Insights from Check Point Research - Check Point Blog AI Agents are Only As Effective as Their Harness - Check Point Blog Email Agent Hijacking: The Hidden Threat That Breaks Post-Delivery Security - Check Point Blog How Check Point Email Security Stopped a Student Job Scam Before It Reached the Inbox - Check Point Blog Redefining the CISO Contract: From Securing the Business to Securely Doing Business - Check Point Blog A New Ransomware Leader Emerges as June 2026 Attack Volumes Climb Worldwide How Unified Policies Close Security Gaps - Check Point Blog Under Pressure: Insights from the 2026 Exposure Gap Report - Check Point Blog When AI Invents the Attack: Browser-Native Ransomware - Check Point Blog Check Point and the AWS European Sovereign Cloud: Securing Europe’s Digital Future - Check Point Blog Shadow AI Is Not a Tool Problem. It's a Timing Problem. - Check Point Blog AI Is Changing Cyber Careers. NICE 2026 Showed What Students Need Next - Check Point Blog 90% of the World's Businesses are SMEs and MSMEs and AI Is Reshaping Both Their Future and Their Risk - Check Point Blog Prevention Before the Inbox: Reading the Microsoft Defender Benchmark Report in Context - Check Point Blog ClickFix: The Attack That Turns Users Into Their Own Attackers - Check Point Blog From Prompt Testing to AI Red Teaming at Enterprise Scale - Check Point Blog AI Has Moved From Assistance to Action. Is Your Security Model Ready? AI Security Governance: How to Secure AI Agents, Copilots, and Autonomous AI in 2026 - Check Point Blog OpenAI Frontier AI Models Powering Check Point's Leading Cyber Security Solutions The Operational Reality of Zero Trust- And How You Can Change It - Check Point Blog Amazon Prime Day 2026: Bargains Begin June 23 — and So Do the Scams - Check Point Blog Securing AI Agent Behavior with Amazon Bedrock AgentCore and CheckPoint AI Security - Check Point Blog What Successful Exposure Management Deployments Had in Common in 2026 - Check Point Blog From Stars to Upvotes: The Fake Reputation Economy Behind a Crypto Clipboard Hijackers - Check Point Blog AI Red Teaming Makes the Unknowns Known - Check Point Blog Check Point and Illumio Expand Partnership to Secure Hybrid Environments - Check Point Blog The NCSC Patch Wave Is Coming. Do You Know Where Your Risk Lives? - Check Point Blog NCSC Warns of AI-Driven Patch Wave: Is Your Attack Surface Ready? Energy, Healthcare, and Finance: Why Midwest Industries Are Facing Surging Cyber Attacks - Check Point Blog Midwest Cyber Attacks Surge in 2026: Energy, Healthcare, and Finance Under Growing Threat Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years. Here's What Cyber Criminals Are Actually Doing - Check Point Blog Travel Phishing Scams Surge 122%: How Cybercriminals Are Targeting Travelers in 2026 The AI Your Security Team Can’t See Is the One You Should Worry About Check Point Engage Public Sector 2026: AI Is the New Battlefield Check Point Joins OpenAI’s Trusted Access for Cyber Program and Daybreak Initiative When Your AI Agent’s Memory Becomes a Security Liability AI Agents Are Becoming Enterprise Workers. Who Secures Them? Global Cyber Attacks Ease in May 2026, But Ransomware Surges 48% As Threats Reorganize Security Advisory – Action Required – Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751) Fraud, Ransomware, and Fake Apps Are Already Targeting FIFA 2026 The Meta AI Account Recovery Incident Wasn’t Just a Chatbot Problem Check Point Lays the Groundwork for the Future of AI Factory Security with NVIDIA - Check Point Blog Check ... The 2026 U.S. Midterms Have a Cyber Problem, But it’s Not at the Ballot Box The Server Seizure That Affects Also Iran’s Cyber Operations The Autonomous Security Platform Built for Attacker Speed Check Point Frontier AI Models Readiness Program – Security Update 2026 Cloud Security Report: Why Traditional Network, Cloud, and Security Architecture Are Lagging Behind t ... AI Attacks Are No Longer Experimental: Key Findings from the March-April 2026 AI Threat Landscape - Check ... Protect GenAI Chatbots with Check Point WAF The Network Security Problem No One Could Solve – Until Now. Hacktivists, Ransomware, and a 124% Surge Across DACH The Case for a Vulnerability Operations Center Before the First Whistle: How Cyber Criminals Are Targeting World Cup 2026 - Check Point Blog World Cup 20 ... When the Ransomware Gang Gets Hacked: What the Gentlemen Leak Reveals About Modern Ransomware Risk - Check ... Cyber Threats Spike in April 2026 as Ransomware Expands and Attack Volumes Climb After Short-Lived Moderation Q1 2026 Ransomware Report: Fewer Groups, Higher Impact - Check Point Blog World Password Day 2026: Why "Strong Passwords" Can’t Save You from AI, Infostealers, and the Telegram Underground - Check Point Blog Resilient by Design: When the Network Itself Becomes the Target AI Threat Readiness: Defending Against Attacks Powered by Frontier AI Models Check Point Cyber Security Now Available Across All Levels of U.S. Government - Check Point Blog Check Poi ... VECT Ransomware: Why Paying Won’t Get Your Files Back Check Point WAF Leads Application Security-Validated by Frost & Sullivan Check Point WAF Leads Application ... From Access Control to Outcome Control: Securing AI Agents with Check Point and Google Cloud Experience AI-Powered Check Point Firewall at Google Cloud Next AI Finds Every Gap: How Many Can Your Network Survive? The Gentlemen RaaS Is Surging in 2026 The Phishing Paradox: The World’s Most Trusted Brands Are Cyber Criminals’ Entry Point of Choice World Quantum Day 2026: The Harvest Has Already Begun, Are You Prepared? Why Manufacturing Cyber Security is Becoming More Complex as Cyber Attacks Accelerate March 2026 Cyber Threat Report: Ransomware & GenAI Risk PS Private Training: Turning Cyber Complexity into Operational Control Tax Season 2026: How Cyber Criminals Are Preparing Their Attacks Months in Advance Claude Mythos Wake-Up Call: What AI Vulnerability Discovery Means for Cyber Defense Iran-nexus Password Spray Campaign Targeting Cloud Environments, with a Focus on the Middle East ROI of Hybrid Mesh Network Security (IDC Study 2026) Operation TrueChaos: TrueConf Zero‑Day Supply‑Chain Attack ChatGPT Data Leak (Fixed Feb 2026): Key Takeaways Spring Cleaning Has Arrived: Meet the New Check Point Portal Experience North America’s Cyber Security Threat Reality in 2026
The AI Defense Plane: Securing the New Enterprise Execution Layer
maciejd@checkpoint.com · 2026-06-03 · via Check Point Blog

Enterprise security has always had a comforting assumption baked into it: systems do what they were built to do.

Sometimes badly. Sometimes insecurely. Sometimes in ways that make auditors develop a nervous twitch. But still, the basic shape was understandable. Applications processed requests. Databases stored data. APIs connected systems. Users clicked things they probably should not have clicked.

Then AI arrived and made the whole thing a little weird.

AI did not introduce one neat new risk category. Security teams are very good at turning new risk categories into taxonomies, dashboards, and meetings with names like “working group.”

The real change is that AI cuts across the categories we already had.

Employees use AI tools to summarize, analyze, code, create, and make decisions faster. Developers embed models into applications connected to customers, documents, databases, and internal systems. Agents retrieve information, call tools, invoke APIs, and take action across workflows.

AI is no longer sitting politely inside a single application boundary. It is becoming a new execution layer across the enterprise.

A prompt entered in a browser can shape a business decision. A retrieved document can manipulate an application response. A model output can trigger an agent action. A tool call can move data, change a record, or initiate a workflow before a human has time to review what happened.

In other words, language has become executable.

That does not mean every prompt is code. It means natural language can now influence how systems behave, what they access, what they generate, and what actions they take.

This is already showing up in real security research. Check Point Research has disclosed vulnerabilities in AI developer tooling, including command injection in OpenAI Codex CLI and critical flaws in Claude Code that could expose API keys and redirect authenticated traffic. Researchers have also documented how hidden instructions in AI workflows can manipulate agents into exposing secrets or taking attacker-controlled actions.

That is why enterprises need an AI Defense Plane.

Get the Playbook

The AI security gap is architectural

Most enterprises understand that AI changes the risk model. The harder question is whether they have the architecture to control it.

According to Check Point’s 2026 Cloud Security Report, 77% of organizations have changed their security strategy in response to AI, but only 26% say they have the architecture to enforce it.

This creates a familiar enterprise pattern: the strategy has moved on, but the architecture is still looking for its shoes.

Policies get written. Governance boards are formed. Acceptable-use rules are published. Teams deploy filters, model safeguards, data controls, or testing processes. All of that matters. But it does not automatically create a coherent control model.

AI risk does not stay inside one layer. It moves between employees, applications, models, data, tools, APIs, and agents. It appears through interaction, context, intent, and behavior.

The issue is not whether an organization has AI policies or point solutions. The issue is whether it can enforce them across the places where AI is used, embedded, and allowed to act.

Point controls do not see the full path

Point controls can solve narrow problems. They can inspect a traffic path, filter an input, monitor a tool, or test a model at a specific moment in time.

But AI systems rarely fail in only one place.

A single AI workflow may begin with a user request, pull in retrieved context, pass through a model, generate an output, and trigger an action through an agent or tool. Every step may look legitimate in isolation. The risk often appears in the chain.

That is where fragmentation becomes a problem. One team may manage employee AI usage. Another may secure AI applications. Another may review models. Another may own identity and access. Another may manage data protection.

Each sees part of the picture. None sees the full execution path.

If AI risk travels through the system, security cannot sit in a corner and wait for it to arrive.

What is the AI Defense Plane?

The AI Defense Plane is a unified security architecture for discovering, protecting, governing, and validating AI behavior across the enterprise.

It is not one control point. It is a coordinated control model across three connected planes: employees using AI tools, applications embedding AI into workflows, and agents that access data, invoke tools, call APIs, and take action.

Across those planes, the AI Defense Plane brings together four capabilities: discovery, protection, governance, and assurance.

Discovery shows where AI is used, what data flows through it, and where it can act. Protection prevents prompt-based attacks, data exposure, unsafe outputs, tool misuse, and out-of-policy behavior at runtime. Governance enforces policy consistently across users, applications, agents, and environments. Assurance continuously tests whether AI systems and controls behave safely as models, prompts, tools, permissions, and workflows change.

These capabilities need to work together.

Governance without enforcement turns policy into guidance people can acknowledge, admire, and then route around. Testing without runtime control exposes weaknesses but does not stop production misuse. Runtime protection without assurance can drift as systems evolve.

Only 14% of organizations say they have AI security policies that are both enforced and audited. The AI Defense Plane connects these functions into one operating model.

The three planes of enterprise AI risk

These planes are useful because they show where AI enters, where it runs, and where it acts. But they are not hard walls.

That is part of the problem.

A copilot-powered workflow created by an employee can start to look a lot like an AI application built by a development team. It may access corporate data, combine context from multiple systems, and trigger actions across business tools. The owner may be different. The risk pattern is not.

AI Defense Plane

1. Employees: AI enters through the normal path of work

For many organizations, employee AI use is where the risk shows up first.

People use AI tools to summarize documents, write code, analyze data, draft customer responses, and troubleshoot problems. Much of that usage happens through browsers, SaaS tools, personal accounts, copilots, and productivity applications.

The risk is not only malicious behavior. Often, the bigger issue is ordinary work happening faster than existing controls can follow.

Only 5% of organizations report full visibility into AI tool usage, data access, and data movement.

As Adam Ely, GM of AI Security at Check Point, put it: “A mistake that somebody makes has a bigger blast radius.”

Workforce AI Security needs to operate where employees actually use AI: across sanctioned and unsanctioned tools, uploads and downloads, browser sessions, SaaS applications, and workflows where sensitive data moves.

2. Applications: AI changes how software behaves

AI applications are different from traditional applications because their behavior is shaped dynamically at runtime.

Prompts are assembled. Context is retrieved. User input is interpreted. Model outputs are generated in real time. The same application can behave differently depending on the prompt, retrieved data, system instructions, tools, and state.

This is where traditional application security starts to feel like it has been handed a very confident intern who keeps making decisions no one explicitly approved.

The request may be syntactically valid and still unsafe. The response may appear helpful while leaking sensitive information. Retrieved content may manipulate the model without the user ever seeing the instruction.

Securing AI applications requires runtime protection in the path where prompts, context, outputs, and actions are evaluated.

3. Agents: AI becomes an actor inside the enterprise

Agents represent the sharpest version of the shift from response to action.

They do not only generate text. They retrieve data, make decisions, invoke tools, use credentials, call APIs, and execute tasks on behalf of users, teams, applications, or workflows.

The 2026 Cloud Security Report found that 64% of organizations already have AI agents in pilot or production, and 12% have granted agents privileged access to core systems.

Or, as Adam Ely put it: “We’ve never had this non-human workforce that is autonomous or semi-autonomous.”

Least privilege remains essential, but incomplete. An agent can be allowed to access a tool and still use it at the wrong time, for the wrong reason, with the wrong context.

AI Agent Security needs to control the execution layer: prompts, data flows, outputs, tool calls, and actions.

Runtime is where AI risk becomes real

AI security has to operate at runtime because runtime is where AI behavior is determined.

A static review can evaluate a system design. A policy can define what should be allowed. A model safeguard can reduce known categories of unsafe output. But AI behavior depends on the live interaction: the user’s prompt, retrieved context, available data, connected tools, agent instructions, permissions, and environment state.

Only 17% of organizations have broadly deployed runtime LLM controls, even as AI workloads and agentic systems move into production.

That is why detection after the fact is not enough. A prompt can lead to a tool call. A tool call can change data. A changed record can trigger another workflow. By the time an alert is reviewed, the action may already have happened.

Runtime protection extends existing controls into the semantic layer where AI behavior is shaped. It asks questions traditional controls were not built to answer: What is the user or system trying to get the AI to do? Is sensitive data being exposed? Is the agent action aligned with user intent and business policy? Is the tool call appropriate given the context?

These questions require controls that understand language, context, and behavior, not only files, packets, identities, or API calls.

From testing to enforcement

AI security cannot be treated as a one-time deployment gate.

Models change. Prompts change. Applications change. Agents gain tools. Permissions shift. Attack techniques evolve. A system that behaved safely last month may behave differently after a model update, new integration, or workflow change.

56% of organizations have no formal AI security testing process or test only ad hoc.

This is the part of AI security that makes “we tested it before launch” sound a little like “we checked the weather in March, so the whole year should be fine.”

AI Red Teaming helps teams understand how AI systems can be manipulated under realistic conditions. AI Agent Security applies runtime control in production, helping prevent prompt-based attacks, data leakage, unsafe behavior, and out-of-policy tool use before they turn into business impact.

Together, they create a feedback loop: red teaming reveals realistic failure modes, runtime protection turns those lessons into controls, and production signals inform future testing.

The goal is not to certify an AI system once. The goal is to keep security aligned with how the system actually behaves over time.

The path forward

Enterprises do not need a new disconnected AI control. They need a security model that matches how AI now operates.

AI is already embedded in employee workflows. It is already entering applications. It is already moving toward agents that can retrieve data, invoke tools, and take action across business processes.

That means discovering AI usage across the enterprise, protecting the runtime paths where AI behavior is shaped, governing policy consistently, and continuously validating whether AI systems and controls behave as intended.

For CISOs and security leaders, this creates a path to say yes to AI with greater confidence. For platform and application teams, it creates a way to deploy AI without treating security as a blocker. For governance teams, it turns policy into enforceable control.

AI has moved from language to action.

Security now needs to move from fragmented controls to a unified AI Defense Plane.Get the Playbook