























Today is AI Appreciation Day, and honestly, we mean it. AI has changed how we write code, analyze threats, and get work done faster than anyone thought possible a few years ago. It deserves a moment of gratitude.
But at Check Point, we spend most of our year studying the other side of that coin and our newly released AI Security Report 2026 makes one thing very clear: the same qualities we’re celebrating today are exactly what’s made AI such a powerful tool for attackers too. So in the spirit of appreciating AI honestly, not just enthusiastically, here’s what a year of research told us.
A year ago, we described AI as a force multiplier for attackers, something that made old tricks faster and cheaper. That framing no longer captures what we’re seeing. Our researchers documented intrusions where AI ran exploitation workflows with minimal human direction, generating thousands of commands across dozens of sessions on its own. In one case, a single developer used a commercial AI coding tool to build roughly 88,000 lines of working command-and-control malware in under a week. This output initially looked like the work of a multi-person team over several months.
In the Mexican government breach detailed in the report, a single operator used Claude Code and GPT-4.1 together to compromise nine government agencies, generating over 5,300 AI-executed commands from about 1,000 typed instructions. AI didn’t just help plan that attack. It ran it.
The same abilities that make AI agents useful — reading documents, browsing the web, connecting to tools — also make them exploitable. Hidden instructions in a web page or calendar invite can hijack an agent’s behavior. Configuration files that coding agents automatically trust can be turned into delivery mechanisms for malware. We found that roughly 40% of 10,000 MCP servers we reviewed carried security weaknesses, and published code packages have leaked live credentials at a real, measurable rate.
None of this makes AI less worth appreciating. It makes it worth securing.
Our data shows organizations now run an average of ten different AI applications a month, many without any formal approval process. High-risk GenAI prompts, ones sharing sensitive corporate, personal, or regulated data with external AI services, doubled over the past year, from 2% to 4% of all prompts. Between 87% and 93% of organizations had at least one high-risk GenAI interaction every single month.
That’s not a warning to stop using AI. It’s a reminder that appreciation without governance is just exposure with good PR.
If you want to celebrate AI Appreciation Day the way a security team should, here’s the version we’d suggest:
We built our AI Security portfolio — spanning AI Agent Security, AI Red Teaming, Workforce AI Security, and ThreatCloud AI — because appreciating AI and securing it aren’t competing priorities. They’re the same job.
So today, go ahead and appreciate AI. Just make sure you’re appreciating it with your eyes open.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。