惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threat Research - Cisco Blogs
博客园 - 聂微东
小众软件
小众软件
P
Proofpoint News Feed
Security Archives - TechRepublic
Security Archives - TechRepublic
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
TaoSecurity Blog
TaoSecurity Blog
博客园 - 司徒正美
罗磊的独立博客
N
News and Events Feed by Topic
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
S
Security Affairs
S
Security @ Cisco Blogs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
The GitHub Blog
The GitHub Blog
月光博客
月光博客
S
Secure Thoughts
P
Proofpoint News Feed
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Forbes - Security
Forbes - Security
H
Heimdal Security Blog
W
WeLiveSecurity
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
L
LangChain Blog
T
The Blog of Author Tim Ferriss
NISL@THU
NISL@THU
Google DeepMind News
Google DeepMind News
Cloudbric
Cloudbric
H
Hacker News: Front Page
The Last Watchdog
The Last Watchdog
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
Cisco Blogs
博客园 - 三生石上(FineUI控件)
博客园_首页
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
Schneier on Security
Project Zero
Project Zero
SecWiki News
SecWiki News
爱范儿
爱范儿
The Register - Security
The Register - Security
AI
AI
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Y
Y Combinator Blog
L
Lohrmann on Cybersecurity
Application and Cybersecurity Blog
Application and Cybersecurity Blog
P
Privacy International News Feed
J
Java Code Geeks
S
Securelist
C
Cyber Attacks, Cyber Crime and Cyber Security
V
Visual Studio Blog

Check Point Blog

AI Security Threats in 2026: Annual Insights from Check Point Research - Check Point Blog AI Agents are Only As Effective as Their Harness - Check Point Blog Email Agent Hijacking: The Hidden Threat That Breaks Post-Delivery Security - Check Point Blog How Check Point Email Security Stopped a Student Job Scam Before It Reached the Inbox - Check Point Blog Redefining the CISO Contract: From Securing the Business to Securely Doing Business - Check Point Blog A New Ransomware Leader Emerges as June 2026 Attack Volumes Climb Worldwide How Unified Policies Close Security Gaps - Check Point Blog Under Pressure: Insights from the 2026 Exposure Gap Report - Check Point Blog When AI Invents the Attack: Browser-Native Ransomware - Check Point Blog Check Point and the AWS European Sovereign Cloud: Securing Europe’s Digital Future - Check Point Blog Shadow AI Is Not a Tool Problem. It's a Timing Problem. - Check Point Blog AI Is Changing Cyber Careers. NICE 2026 Showed What Students Need Next - Check Point Blog 90% of the World's Businesses are SMEs and MSMEs and AI Is Reshaping Both Their Future and Their Risk - Check Point Blog Prevention Before the Inbox: Reading the Microsoft Defender Benchmark Report in Context - Check Point Blog ClickFix: The Attack That Turns Users Into Their Own Attackers - Check Point Blog From Prompt Testing to AI Red Teaming at Enterprise Scale - Check Point Blog AI Has Moved From Assistance to Action. Is Your Security Model Ready? AI Security Governance: How to Secure AI Agents, Copilots, and Autonomous AI in 2026 - Check Point Blog OpenAI Frontier AI Models Powering Check Point's Leading Cyber Security Solutions The Operational Reality of Zero Trust- And How You Can Change It - Check Point Blog Amazon Prime Day 2026: Bargains Begin June 23 — and So Do the Scams - Check Point Blog Securing AI Agent Behavior with Amazon Bedrock AgentCore and CheckPoint AI Security - Check Point Blog What Successful Exposure Management Deployments Had in Common in 2026 - Check Point Blog From Stars to Upvotes: The Fake Reputation Economy Behind a Crypto Clipboard Hijackers - Check Point Blog AI Red Teaming Makes the Unknowns Known - Check Point Blog Check Point and Illumio Expand Partnership to Secure Hybrid Environments - Check Point Blog The NCSC Patch Wave Is Coming. Do You Know Where Your Risk Lives? - Check Point Blog NCSC Warns of AI-Driven Patch Wave: Is Your Attack Surface Ready? Energy, Healthcare, and Finance: Why Midwest Industries Are Facing Surging Cyber Attacks - Check Point Blog Midwest Cyber Attacks Surge in 2026: Energy, Healthcare, and Finance Under Growing Threat Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years. Here's What Cyber Criminals Are Actually Doing - Check Point Blog Travel Phishing Scams Surge 122%: How Cybercriminals Are Targeting Travelers in 2026 The AI Your Security Team Can’t See Is the One You Should Worry About Check Point Engage Public Sector 2026: AI Is the New Battlefield Check Point Joins OpenAI’s Trusted Access for Cyber Program and Daybreak Initiative When Your AI Agent’s Memory Becomes a Security Liability AI Agents Are Becoming Enterprise Workers. Who Secures Them? Global Cyber Attacks Ease in May 2026, But Ransomware Surges 48% As Threats Reorganize Security Advisory – Action Required – Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751) Fraud, Ransomware, and Fake Apps Are Already Targeting FIFA 2026 The AI Defense Plane: Securing the New Enterprise Execution Layer The Meta AI Account Recovery Incident Wasn’t Just a Chatbot Problem Check Point Lays the Groundwork for the Future of AI Factory Security with NVIDIA - Check Point Blog Check ... The 2026 U.S. Midterms Have a Cyber Problem, But it’s Not at the Ballot Box The Server Seizure That Affects Also Iran’s Cyber Operations The Autonomous Security Platform Built for Attacker Speed Check Point Frontier AI Models Readiness Program – Security Update 2026 Cloud Security Report: Why Traditional Network, Cloud, and Security Architecture Are Lagging Behind t ... AI Attacks Are No Longer Experimental: Key Findings from the March-April 2026 AI Threat Landscape - Check ... Protect GenAI Chatbots with Check Point WAF The Network Security Problem No One Could Solve – Until Now. Hacktivists, Ransomware, and a 124% Surge Across DACH The Case for a Vulnerability Operations Center Before the First Whistle: How Cyber Criminals Are Targeting World Cup 2026 - Check Point Blog World Cup 20 ... When the Ransomware Gang Gets Hacked: What the Gentlemen Leak Reveals About Modern Ransomware Risk - Check ... Cyber Threats Spike in April 2026 as Ransomware Expands and Attack Volumes Climb After Short-Lived Moderation Q1 2026 Ransomware Report: Fewer Groups, Higher Impact - Check Point Blog World Password Day 2026: Why "Strong Passwords" Can’t Save You from AI, Infostealers, and the Telegram Underground - Check Point Blog Resilient by Design: When the Network Itself Becomes the Target AI Threat Readiness: Defending Against Attacks Powered by Frontier AI Models Check Point Cyber Security Now Available Across All Levels of U.S. Government - Check Point Blog Check Poi ... VECT Ransomware: Why Paying Won’t Get Your Files Back Check Point WAF Leads Application Security-Validated by Frost & Sullivan Check Point WAF Leads Application ... From Access Control to Outcome Control: Securing AI Agents with Check Point and Google Cloud Experience AI-Powered Check Point Firewall at Google Cloud Next AI Finds Every Gap: How Many Can Your Network Survive? The Gentlemen RaaS Is Surging in 2026 The Phishing Paradox: The World’s Most Trusted Brands Are Cyber Criminals’ Entry Point of Choice World Quantum Day 2026: The Harvest Has Already Begun, Are You Prepared? Why Manufacturing Cyber Security is Becoming More Complex as Cyber Attacks Accelerate March 2026 Cyber Threat Report: Ransomware & GenAI Risk PS Private Training: Turning Cyber Complexity into Operational Control Tax Season 2026: How Cyber Criminals Are Preparing Their Attacks Months in Advance Claude Mythos Wake-Up Call: What AI Vulnerability Discovery Means for Cyber Defense Iran-nexus Password Spray Campaign Targeting Cloud Environments, with a Focus on the Middle East ROI of Hybrid Mesh Network Security (IDC Study 2026) Operation TrueChaos: TrueConf Zero‑Day Supply‑Chain Attack ChatGPT Data Leak (Fixed Feb 2026): Key Takeaways Spring Cleaning Has Arrived: Meet the New Check Point Portal Experience North America’s Cyber Security Threat Reality in 2026
AI Security Is Never Finished: Building the Continuous Red Teaming Loop  - Check Point Blog
maciejd@checkpoint.com · 2026-07-15 · via Check Point Blog

Security programs are built around moments of closure: the finding is closed, the control passed, and the release can move forward. 

AI security refuses to cooperate with that model. 

A passing test is useful evidence, but only for a specific system, configuration, and moment. 

Production AI keeps moving. Models change behavior, prompts are revised, retrieval sources are added, agents gain tools, and users introduce unexpected context. Attackers adapt just as quickly. Yesterday’s clean result may not describe tomorrow’s risk. 

That has been the practical case for continuous AI red teaming. Now, research from the National Institute of Standards and Technology provides a mathematical basis for it. 

In Robust AI Security and Alignment: A Sisyphean Endeavor?, NIST senior scientist Apostol Vassilev applies the logic of Gödel’s incompleteness theorem to AI security. The conclusion is uncomfortable but useful: no finite set of guardrails can be universally robust against adversarial prompts. 

That does not make AI guardrails pointless. It makes permanent assurance the wrong objective. 

Why AI Security Has No Final Test 

AI guardrails are rules and controls designed to keep a system within policy. They may inspect inputs and outputs, restrict tools, filter content, enforce permissions, or monitor behavior. Each can make an AI system meaningfully safer. 

But every defensive system operates with limits. 

Human language gives attackers an enormous space in which to work. Harmful intent can be hidden through obfuscation, role-play, indirect instructions, gradual multi-turn escalation, unusual phrasing, another language, or context retrieved from an external source. For AI agents, the attack may also move through documents, email, websites, APIs, or connected tools. 

As the NIST explanation of the research puts it, the number of ways adversaries can hide harmful intent is effectively limitless. A fixed defensive model cannot anticipate every possible formulation. 

This is the distinction between defeating known attacks and proving that no unknown attack can succeed. 

Defenders can block a jailbreak, close an indirect prompt injection path, tighten a permission boundary, or stop an unsafe tool call. Those improvements matter. But passing all known tests does not prove that the system will withstand every prompt, context, or attack path it has not encountered yet. 

AI security therefore has no final exam. It has an improvement process. 

The Security Problem Is Permanence, Not Prevention 

The wrong lesson from the NIST research would be that prevention is futile. 

The more useful lesson is that prevention must keep learning. 

NIST’s proof does not give attackers a recipe for constructing the next successful prompt. Defenders can still remove known weaknesses and force adversaries to search for new ones. Every attack path that is discovered, understood, and closed increases the effort required to find another. 

That changes the measure of success. The goal is not to certify that an AI system is secure forever. It is to make successful exploitation progressively harder, more expensive, easier to detect, and less damaging when it occurs. 

This is familiar territory for security teams. No organization expects a firewall rule, detection signature, vulnerability scan, or incident response plan to remain sufficient forever. What is different about AI is the speed and ambiguity of the environment. Natural language is both the interface and part of the attack surface. The same request can be expressed in countless ways, and the system’s response can depend on context that was not present in the last test. 

NIST’s practical recommendation is direct: organizations must commit to a constant search for weaknesses and stay ahead of attackers. 

The Security Model NIST Points Toward 

The NIST model has three connected elements. 

The first is continuous adversarial discovery. Red teams actively search for prompts and attack paths that can push the system outside its intended boundaries before real attackers find them. That search must extend beyond obvious jailbreaks to include retrieved context, tool use, permissions, multi-turn behavior, and application-specific business logic. 

The second is continuous hardening. A finding should change something. Teams may revise a prompt, strengthen a policy, restrict a data source, narrow a permission, update a guardrail, redesign a workflow, or add a new runtime control. The discovered attack should then become part of the regression suite so the same weakness does not quietly return. 

The third is operational resilience. No prevention model justifies assuming that every attack will be stopped. Organizations also need to constrain what an AI system can affect, detect suspicious behavior, preserve evidence, limit the impact of a successful exploit, and recover quickly. 

These are not three separate projects. Discovery supplies evidence for hardening. Hardening improves production controls. Production monitoring reveals new behavior and attack patterns. Those observations create the next testing priorities. 

The result is a loop rather than a finish line. 

Red Teaming Creates the Feedback 

In AI Red Teaming Makes the Unknowns Known, we described how adversarial testing turns a broad concern into a specific finding: this system, in this configuration, can be manipulated through this path, causing this impact. 

At enterprise scale, that testing has to combine broad coverage with enough depth to understand how models, prompts, context, tools, permissions, and workflows interact. 

The next step is to make every useful finding part of the security program. 

A mature workflow does not end when a red team demonstrates a successful attack. It identifies the failed control and the business impact. It gives the system owner evidence to make a change. It re-runs the attack to verify the fix. It preserves the test so that future model, prompt, tool, or workflow changes can be checked against the same failure mode. 

That creates a practical operating loop: 

Discover -> Threat model -> Red team -> Prioritize -> Harden -> Protect -> Monitor -> Re-test 

Some testing should run on a schedule. Some should be triggered by change: a new model, a revised system prompt, an added retrieval source, a new connector, expanded agent permissions, or a changed workflow. Newly discovered attack techniques and production incidents should also feed directly into testing priorities. 

This is how threat intelligence becomes operational. A technique observed against one AI system can inform what defenders test across others. The result is not a static library of malicious prompts. It is a continuously updated understanding of how attacks evolve and how they propagate through real AI architectures. 

Continuous Red Teaming Loop

From Testing to Production Protection 

Red teaming shows what must be stopped. Runtime security provides the opportunity to stop it while the system is operating. 

If testing reveals sensitive data leakage, teams may need to change retrieval access, strengthen data controls, revise prompts, or inspect inputs and outputs at runtime. If an agent can misuse a permitted tool, the answer may involve narrower permissions, stronger approval boundaries, or controls that evaluate the action before it executes. If malicious instructions arrive through trusted content, defenses may need to inspect external context before it shapes the model’s behavior. 

This is why testing, monitoring, and protection cannot operate as isolated layers. 

The Check Point AI Defense Plane brings together discovery, protection, governance, and assurance across employees, AI applications, and agents. Assurance continuously tests whether systems and controls behave safely. Runtime protection acts where prompts, data, outputs, tool calls, and agent actions create production risk. Governance determines the policies and boundaries those controls enforce. Discovery shows where AI exists and what it can reach. 

Each capability makes the others sharper. Testing without production protection finds weaknesses but does not stop live exploitation. Protection without adversarial testing may defend against what teams already understand while missing system-specific attack paths. Monitoring without a remediation and re-testing loop produces activity rather than improvement. 

Continuous AI security depends on the connections between them. 

Securely Doing Business Requires a Living Program 

In Redefining the CISO Contract: From Securing the Business to Securely Doing Business, Adam Ely, GM of AI Security at Check Point, argues that security leaders should help their organizations move with AI rather than become the reason they cannot. 

The NIST findings reinforce what that requires operationally. 

Giving the business confidence to deploy AI cannot mean offering permanent approval based on a pre-launch result. Models are retrained, agents evolve, connections expand, and the risk profile of a deployment changes. Confidence has to come from knowing that the organization can see those systems, test them under adversarial pressure, protect them in production, and respond when new weaknesses emerge. 

That does not mean applying maximum testing to every AI use case. Risk should determine depth and frequency. An internal summarization tool and an agent with access to customer records and financial workflows should not receive identical treatment. 

It does mean treating assurance as a recurring security function for systems where failure could create material impact. Testing should begin early, continue around meaningful changes, and remain connected to engineering, governance, runtime controls, and incident response. 

That is how security becomes an enabler. It replaces a brittle choice between “move fast” and “stay safe” with an operating model designed to do both. 

Confidence Without Complacency 

NIST’s research does not tell organizations to surrender to inevitable AI failure. It tells them to abandon the comforting idea that one successful test or one carefully designed set of guardrails can settle the question forever. 

The stronger model is active. Search for weaknesses before attackers do. Turn findings into better defenses. Protect systems while they operate. Limit the impact of what gets through. Feed every lesson back into the next test. 

The question is no longer whether an AI system can be declared secure forever. It is whether the organization can discover weaknesses, strengthen defenses, and reduce impact faster than attackers can adapt. 

For a deeper look at why point-in-time testing creates false confidence, download the white paper: Why Your AI Passes Tests But Still Fails in Production. 

To learn how Check Point helps organizations continuously pressure-test AI systems and turn findings into actionable improvements, explore Check Point AI Red Teaming.

White paper

Why Your AI Passes Tests But Still Fails in Production

Go deeper on why AI systems drift out of safety after launch, and how continuous, adversarial red teaming reveals the attack paths that static tests miss. A practical look at moving from one-time validation to ongoing AI assurance.

Read the white paper →