惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Recorded Future
Recorded Future
C
Cyber Attacks, Cyber Crime and Cyber Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Scott Helme
Scott Helme
Cyberwarzone
Cyberwarzone
C
CERT Recently Published Vulnerability Notes
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Palo Alto Networks Blog
Google Online Security Blog
Google Online Security Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
WordPress大学
WordPress大学
博客园 - 聂微东
L
LINUX DO - 最新话题
月光博客
月光博客
小众软件
小众软件
T
Troy Hunt's Blog
A
Arctic Wolf
量子位
I
Intezer
大猫的无限游戏
大猫的无限游戏
T
Tailwind CSS Blog
S
Schneier on Security
Schneier on Security
Schneier on Security
NISL@THU
NISL@THU
T
Threat Research - Cisco Blogs
TaoSecurity Blog
TaoSecurity Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园_首页
有赞技术团队
有赞技术团队
N
News and Events Feed by Topic
美团技术团队
The Cloudflare Blog
P
Privacy International News Feed
S
Security Affairs
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
G
GRAHAM CLULEY
N
News | PayPal Newsroom
Apple Machine Learning Research
Apple Machine Learning Research
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
L
LINUX DO - 热门话题
V
Vulnerabilities – Threatpost
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
CXSECURITY Database RSS Feed - CXSecurity.com
宝玉的分享
宝玉的分享
Application and Cybersecurity Blog
Application and Cybersecurity Blog
IT之家
IT之家
Hacker News: Ask HN
Hacker News: Ask HN
雷峰网
雷峰网

Check Point Blog

AI Appreciation Day: Let's Be Honest About What We're Appreciating - Check Point Blog AI Security Is Never Finished: Building the Continuous Red Teaming Loop  - Check Point Blog AI Security Threats in 2026: Annual Insights from Check Point Research - Check Point Blog AI Agents are Only As Effective as Their Harness - Check Point Blog Email Agent Hijacking: The Hidden Threat That Breaks Post-Delivery Security - Check Point Blog How Check Point Email Security Stopped a Student Job Scam Before It Reached the Inbox - Check Point Blog Redefining the CISO Contract: From Securing the Business to Securely Doing Business - Check Point Blog A New Ransomware Leader Emerges as June 2026 Attack Volumes Climb Worldwide How Unified Policies Close Security Gaps - Check Point Blog Under Pressure: Insights from the 2026 Exposure Gap Report - Check Point Blog When AI Invents the Attack: Browser-Native Ransomware - Check Point Blog Check Point and the AWS European Sovereign Cloud: Securing Europe’s Digital Future - Check Point Blog Shadow AI Is Not a Tool Problem. It's a Timing Problem. - Check Point Blog AI Is Changing Cyber Careers. NICE 2026 Showed What Students Need Next - Check Point Blog 90% of the World's Businesses are SMEs and MSMEs and AI Is Reshaping Both Their Future and Their Risk - Check Point Blog Prevention Before the Inbox: Reading the Microsoft Defender Benchmark Report in Context - Check Point Blog ClickFix: The Attack That Turns Users Into Their Own Attackers - Check Point Blog From Prompt Testing to AI Red Teaming at Enterprise Scale - Check Point Blog AI Has Moved From Assistance to Action. Is Your Security Model Ready? AI Security Governance: How to Secure AI Agents, Copilots, and Autonomous AI in 2026 - Check Point Blog OpenAI Frontier AI Models Powering Check Point's Leading Cyber Security Solutions The Operational Reality of Zero Trust- And How You Can Change It - Check Point Blog Amazon Prime Day 2026: Bargains Begin June 23 — and So Do the Scams - Check Point Blog Securing AI Agent Behavior with Amazon Bedrock AgentCore and CheckPoint AI Security - Check Point Blog What Successful Exposure Management Deployments Had in Common in 2026 - Check Point Blog From Stars to Upvotes: The Fake Reputation Economy Behind a Crypto Clipboard Hijackers - Check Point Blog Check Point and Illumio Expand Partnership to Secure Hybrid Environments - Check Point Blog The NCSC Patch Wave Is Coming. Do You Know Where Your Risk Lives? - Check Point Blog NCSC Warns of AI-Driven Patch Wave: Is Your Attack Surface Ready? Energy, Healthcare, and Finance: Why Midwest Industries Are Facing Surging Cyber Attacks - Check Point Blog Midwest Cyber Attacks Surge in 2026: Energy, Healthcare, and Finance Under Growing Threat Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years. Here's What Cyber Criminals Are Actually Doing - Check Point Blog Travel Phishing Scams Surge 122%: How Cybercriminals Are Targeting Travelers in 2026 The AI Your Security Team Can’t See Is the One You Should Worry About Check Point Engage Public Sector 2026: AI Is the New Battlefield Check Point Joins OpenAI’s Trusted Access for Cyber Program and Daybreak Initiative When Your AI Agent’s Memory Becomes a Security Liability AI Agents Are Becoming Enterprise Workers. Who Secures Them? Global Cyber Attacks Ease in May 2026, But Ransomware Surges 48% As Threats Reorganize Security Advisory – Action Required – Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751) Fraud, Ransomware, and Fake Apps Are Already Targeting FIFA 2026 The AI Defense Plane: Securing the New Enterprise Execution Layer The Meta AI Account Recovery Incident Wasn’t Just a Chatbot Problem Check Point Lays the Groundwork for the Future of AI Factory Security with NVIDIA - Check Point Blog Check ... The 2026 U.S. Midterms Have a Cyber Problem, But it’s Not at the Ballot Box The Server Seizure That Affects Also Iran’s Cyber Operations The Autonomous Security Platform Built for Attacker Speed Check Point Frontier AI Models Readiness Program – Security Update 2026 Cloud Security Report: Why Traditional Network, Cloud, and Security Architecture Are Lagging Behind t ... AI Attacks Are No Longer Experimental: Key Findings from the March-April 2026 AI Threat Landscape - Check ... Protect GenAI Chatbots with Check Point WAF The Network Security Problem No One Could Solve – Until Now. Hacktivists, Ransomware, and a 124% Surge Across DACH The Case for a Vulnerability Operations Center Before the First Whistle: How Cyber Criminals Are Targeting World Cup 2026 - Check Point Blog World Cup 20 ... When the Ransomware Gang Gets Hacked: What the Gentlemen Leak Reveals About Modern Ransomware Risk - Check ... Cyber Threats Spike in April 2026 as Ransomware Expands and Attack Volumes Climb After Short-Lived Moderation Q1 2026 Ransomware Report: Fewer Groups, Higher Impact - Check Point Blog World Password Day 2026: Why "Strong Passwords" Can’t Save You from AI, Infostealers, and the Telegram Underground - Check Point Blog Resilient by Design: When the Network Itself Becomes the Target AI Threat Readiness: Defending Against Attacks Powered by Frontier AI Models Check Point Cyber Security Now Available Across All Levels of U.S. Government - Check Point Blog Check Poi ... VECT Ransomware: Why Paying Won’t Get Your Files Back Check Point WAF Leads Application Security-Validated by Frost & Sullivan Check Point WAF Leads Application ... From Access Control to Outcome Control: Securing AI Agents with Check Point and Google Cloud Experience AI-Powered Check Point Firewall at Google Cloud Next AI Finds Every Gap: How Many Can Your Network Survive? The Gentlemen RaaS Is Surging in 2026 The Phishing Paradox: The World’s Most Trusted Brands Are Cyber Criminals’ Entry Point of Choice World Quantum Day 2026: The Harvest Has Already Begun, Are You Prepared? Why Manufacturing Cyber Security is Becoming More Complex as Cyber Attacks Accelerate March 2026 Cyber Threat Report: Ransomware & GenAI Risk PS Private Training: Turning Cyber Complexity into Operational Control Tax Season 2026: How Cyber Criminals Are Preparing Their Attacks Months in Advance Claude Mythos Wake-Up Call: What AI Vulnerability Discovery Means for Cyber Defense Iran-nexus Password Spray Campaign Targeting Cloud Environments, with a Focus on the Middle East ROI of Hybrid Mesh Network Security (IDC Study 2026) Operation TrueChaos: TrueConf Zero‑Day Supply‑Chain Attack ChatGPT Data Leak (Fixed Feb 2026): Key Takeaways Spring Cleaning Has Arrived: Meet the New Check Point Portal Experience North America’s Cyber Security Threat Reality in 2026
AI Red Teaming Makes the Unknowns Known - Check Point Blog
maciejd@checkpoint.com · 2026-06-17 · via Check Point Blog

AI security is getting attention because AI has stopped being a side experiment. 

It is now part of how work gets done. Employees use copilots to write, research, code, and analyze. Product teams are adding AI into customer experiences. Developers are building applications on top of foundation models. Business teams are experimenting with agents that can read email, summarize documents, query data, and trigger workflows. 

That is a very different world from the one many AI review processes were designed for. 

An AI system can pass a benchmark and still fail in production. It can behave safely in a clean test environment and then encounter real users, untrusted content, shifting prompts, new retrieval sources, connected tools, and attackers who adapt. It can refuse the obvious malicious request and still be manipulated through a more subtle path. 

That is why AI red teaming matters. 

As Matt Fiedler, Senior Product Manager at Check Point, put it: “Red teaming is about making unknowns known.” 

For security teams, that is the useful lens. AI red teaming is not about proving that AI is dangerous in the abstract. It is about finding how a specific AI application or agent can be manipulated, misused, or pushed outside intended boundaries before those attack paths become business risk. 

AI Testing Has to Change Because AI Systems Have Changed 

Traditional application security still matters. Access control, secure engineering, API security, cloud posture, monitoring, logging, and governance remain essential. AI does not make the existing stack disappear. 

It adds a new layer on top of it. 

A production AI system is not only a model. It is a model connected to prompts, policies, retrieval sources, tools, permissions, user workflows, and changing operational context. Its behavior can be shaped by natural language, retrieved documents, conversation history, system prompts, model updates, guardrails, and the tools it is allowed to call. 

That means a system can be secure in the traditional sense and still behave unsafely at the AI layer. 

A chatbot may make a misleading commitment on behalf of a company. An AI assistant may reveal sensitive information in a response. An agent may follow instructions hidden in an email or document. A coding assistant may change files in a way the user did not intend. A workflow agent may call a legitimate tool for the wrong reason. 

These are not always classic vulnerabilities. Often, they are failures of intent, context, policy, and workflow logic. 

AI red teaming asks a different question from ordinary quality assurance. It is not only “does the system answer correctly?” It is “what happens when someone actively tries to make the system do the wrong thing?” 

What AI Red Teaming Actually Does 

AI red teaming is adversarial, dynamic testing of an AI system. It stress tests the system across a range of misuse conditions to discover where it can be manipulated, where controls fail, and what the impact would be. 

That makes it different from model benchmarking, accuracy testing, generic prompt checks, or a one-time policy review. 

A benchmark can tell you whether a model performs well against a fixed set of tasks. A prompt test can tell you whether a system blocks a known malicious request. A policy review can tell you whether the intended rules look sensible. 

AI red teaming goes after the messy part: the interaction between model behavior, system instructions, user prompts, retrieval, tools, permissions, guardrails, and business logic. 

Done well, it does not just produce a list of clever prompts. It produces attack paths. 

An attack path explains how an adversary moves from an initial interaction to business impact. What did they exploit? How did the system respond? Which control failed? What data, tool, user, or workflow was affected? What should change? 

That is the difference between a vague concern and an actionable finding. 

The Three Risk Domains: Safety, Responsible AI, and Security 

One useful way to think about AI red teaming is across three domains: safety, responsible AI, and security. 

Safety covers harmful, toxic, inappropriate, or brand-damaging outputs. This is where much of the early AI security conversation lived: can the system be made to say something offensive, dangerous, misleading, or damaging to users? 

Responsible AI covers policy, compliance, legal, and governance failures. Does the system follow the organization’s rules? Does it stay inside the boundaries set by regulation, industry standards, and internal policy? Does it give advice or take positions it should not? 

Security covers sensitive data leakage, unauthorized actions, cross-user exposure, tool misuse, infrastructure compromise, and other ways the system can be used to harm the organization, its users, or connected systems. 

Different organizations will weigh these differently. A bank, healthcare provider, software company, and retail brand will not have identical risk tolerance. For one organization, a brand-damaging response may be the primary concern. For another, the real issue is whether an agent can expose customer data or manipulate a workflow. 

AI red teaming helps teams move that discussion from theory to evidence. 

The finding is no longer “AI might say something bad.” It becomes: this system, in this configuration, can be manipulated through this path, causing this impact. 

Where Static Testing Misses the Risk 

Static testing often breaks down because production AI does not stay still. 

Prompts change. Models change. Retrieval sources change. Tools are added. Permissions expand. Guardrails are tuned. Business workflows evolve. Attackers learn what works and adapt. 

According to the 2026 Cloud Security Report, 64% of organizations already have AI agents in pilot or production. 12% have granted agents privileged access to core systems. That means this is no longer a future-planning problem. It is a production problem. 

Attack paths are also broader than direct prompt injection. 

Direct manipulation still matters. Attackers can use role-play, reframing, multi-turn pressure, obfuscation, or language tricks to push a system outside its rules. But many of the more interesting risks arrive indirectly. 

An AI system may ingest content from documents, email, tickets, web pages, repositories, retrieval results, or connected tools. Any of that content can become part of the system’s context. Anywhere context enters the system is an avenue for attack, especially if malicious instructions arrive through a source the AI treats as trusted. 

This is especially important for agents. 

Early AI security discussions focused heavily on bad outputs. Those risks still matter. But when AI systems can retrieve data, call tools, update records, send messages, or trigger workflows, the more important question becomes: what can an attacker get the system to do? 

A successful prompt attack against a standalone chatbot may create reputational or safety risk. A successful prompt attack against an agent can create operational risk. It can move from language-level behavior to agent-level business impact. 

That is why the best red teaming findings are not just isolated examples of model misbehavior. They show the full path: start, shape, act, expose. 

Red Teaming Has to Become Continuous 

Passing an AI test is a signal. It is not proof of safety. 

That distinction matters because a one-time test says something about one version of the system at one point in time. Production AI is a moving target. A foundation model provider may update behavior. A product team may change the system prompt. A new connector may give an agent access to a tool. A retrieval source may change. A policy may be updated. A new attack technique may become common. 

None of those changes has to look like a traditional code vulnerability. Each can still shift the security posture of the system. 

This is the gap between static validation and adaptive assurance. 

Static validation asks whether the system passes a known test. Adaptive assurance asks whether the system remains resilient as context, behavior, and adversarial pressure change. 

That does not mean every AI system needs the same level of testing. Risk should drive depth. A low-impact internal summarization tool does not require the same process as an agent with access to customer data, internal APIs, or business-critical workflows. 

But for systems that touch sensitive data, operational tools, external content, regulated decisions, or high-impact user interactions, AI red teaming should not be treated as a launch-day checkbox. It should become part of the lifecycle. 

How Security Teams Should Start 

Security teams do not need to make this mystical. The starting point is practical. 

First, inventory the AI applications and agents already in use or under development. Know what exists, who owns it, what it connects to, what data it can access, and what actions it can perform. 

Second, threat model each system based on capabilities and impact. What can go wrong if the system is manipulated? What data could be exposed? What tools could be misused? What business logic must not fail? 

Third, red team early enough that findings can still influence design. It is easier to adjust prompts, permissions, workflows, and guardrails before an application is deeply embedded in production. 

Fourth, go deeper before launch for high-risk systems. Test multi-turn attacks, indirect prompt injection, data leakage, tool abuse, policy bypass, and application-specific business logic. 

Finally, re-test after major changes. Models, prompts, retrieval sources, connectors, permissions, and guardrails all affect behavior. If those change, the assurance should move with them. 

A useful operating loop is simple: scope the system, pressure-test behavior, prioritize and re-test. 

Map the AI application, its tools, data access, users, policies, and business logic. Run adversarial campaigns against prompts, context, retrieval, tool use, permissions, and multi-turn workflows. Rank findings by business impact, harden the system, and re-run tests to validate fixes. 

AI red teaming is not the whole AI security program. It is how teams verify that the program is working against real adversarial pressure. 

From AI Experimentation to AI Confidence 

The goal is not to slow AI adoption. The goal is to make AI adoption safer, more predictable, and easier to trust. 

Organizations are moving from AI experiments to AI systems that support real work. Some answer customers. Some advise employees. Some handle sensitive data. Some operate inside workflows. Some act through tools. 

The more useful those systems become, the more important it is to understand how they fail. 

AI red teaming gives security and business teams a way to see those failures before attackers, customers, or production incidents reveal them. It turns unknowns into evidence: the attack path, the impact, the failed control, and the remediation priority. 

That is how AI assurance moves beyond clean test results and toward production resilience. 

For a deeper look at why static testing breaks down in production, download the white paper: Why Your AI Passes Tests But Still Fails in Production. 

You can also register for READY OR NOT: Securing the AI Enterprise | Session 2: AI Red Teaming, a 45-minute live session with Steve Giguere and Matt Fiedler on Thursday, June 25, 2026.