It is not realistic to expect users to consistently identify sophisticated attacks on their own. on helping users identify suspicious activity. The challenge now is that many AI-driven attacks are designed specifically to avoid detection.
Voice scams are a clear example. Attackers can replicate tone, urgency and context in a way that feels entirely legitimate. In some cases, employees are responding to requests that appear to come directly from trusted individuals within their organisation.
This means training needs to shift from detection to awareness and response. Employees should understand that these threats exist and know how to verify requests, particularly when sensitive actions are involved. However, it is not realistic to expect users to consistently identify sophisticated attacks on their own.
Security needs to take on a larger role in mitigating this risk. Controls should be able to detect and block threats before they reach the user, and safeguards should be in place to prevent high-risk actions without verification.
In essence, training should support a broader security framework, not serve as the primary line of defence.
The report frames AI as a‘ force multiplier’ for attackers – but how close are we to AI-driven attacks becoming fully autonomous?
We are already seeing significant levels of automation in attacker activity. AI is being used to accelerate reconnaissance, generate exploits and personalise attacks at scale. Tasks that previously required time and expertise can now be executed much faster and with less human involvement.
Fully autonomous attacks are not yet the standard, but they are no longer theoretical. The more immediate concern is that attacks are now operating at machine speed. That alone creates a gap that traditional, human-led defence cannot close.
Addressing this requires a dual approach. On one side, AI is used to strengthen defence, analysing billions of events and enabling realtime prevention. On the other, organisations need to secure the AI systems they are deploying, from employee tools to autonomous agents and underlying infrastructure.
AI is also transforming how security teams operate. With AI Copilot, teams can reduce manual effort, streamline workflows and respond more quickly to incidents. This allows organisations to keep pace with the speed at which threats are evolving.
The reality is that autonomy is already sufficient to challenge existing security models. The focus now should be on ensuring that defence can operate at the same scale and speed.
Based on the overall findings from this report, what specific capabilities or approach would you recommend leaders to prioritise first, and how does Check Point support that journey?
The first priority is to shift towards a preventionfirst model.
In a landscape where attacks can develop and execute in minutes, waiting to detect and respond is no longer effective. Organisations need to stop threats before they materialise, which requires real-time intelligence, automation and consistent enforcement across the entire environment.
The second is continuous exposure management. Understanding what assets exist, where the risks are and how they are being targeted needs to happen continuously, not as a periodic exercise. This allows organisations to reduce their attack surface proactively.
The third is securing the workspace and the AI layer. Users are now the perimeter, and AI is both a productivity tool and a potential risk. Protecting both is essential to maintaining resilience.
Check Point supports this through a unified architecture built on four pillars: hybrid mesh network security for consistent protection across environments, workspace security to protect users and collaboration tools, exposure management to reduce risk continuously, and AI security to safeguard both the use and development of AI.
Alongside this, capabilities like ThreatCloud AI provide real-time threat intelligence, and the AI Copilot helps security teams operate more efficiently by automating tasks and accelerating response.
The focus is on helping organisations simplify security, reduce risk and keep pace with a threat landscape that is evolving faster than ever.
40 WWW. INTELLIGENTCISO. COM