Why AI Cybersecurity Threats Are Rewriting the Rules of Digital Defense
The cybersecurity industry has always been defined by an arms race between attackers and defenders. But according to Check Point Software's Chief Technology Officer Jonathan Zanger, the arrival of AI — particularly generative AI and autonomous AI agents — represents something categorically different. Speaking to CSO Spain at the company's Engage 2026 user conference in Paris, Zanger described the current moment as "the biggest change since the advent of the internet," one that is simultaneously creating enormous opportunities for defenders and dangerous new capabilities for threat actors. For developers, IT decision-makers, privacy professionals, and small business owners navigating this landscape, understanding how AI cybersecurity threats are evolving in 2026 is no longer optional — it is existential.
Check Point Software is one of the world's largest cybersecurity vendors, with products covering network security, cloud security, endpoint protection, and threat intelligence. Zanger's remarks at Engage 2026 offer a rare, candid look at how a major security vendor is adapting its own internal operations, product strategy, and client guidance in response to the AI revolution. The insights are relevant far beyond Check Point's own customer base — they reflect industry-wide dynamics that affect virtually every organisation deploying digital infrastructure today.

How AI Agents Are Giving Security Teams a 20x Productivity Multiplier
One of the most striking claims Zanger made was quantitative: Check Point's red teams — specialists tasked with testing their own products for vulnerabilities — are now operating approximately 20 times more efficiently thanks to AI augmentation. The company has deployed around 300 AI agent instances working continuously to monitor and stress-test its systems. This represents a fundamental shift in how cybersecurity operations are structured.
Traditionally, threat intelligence gathering was bottlenecked by human capacity. Identifying an Advanced Persistent Threat (APT) group, building a profile of its tactics, and translating that intelligence into product-level defences required skilled analysts working painstaking hours. AI has not replaced those analysts — it has dramatically multiplied their reach. "What has AI allowed us to do? Dramatically scale this operation," Zanger told CSO Spain. Tasks that once required weeks of manual investigation can now be triggered, processed, and acted upon in a fraction of the time.
This mirrors findings from broader industry research. According to a 2024 IBM Cost of a Data Breach Report, organisations that had deployed AI and automation in their security operations identified and contained breaches significantly faster than those that had not — reducing the breach lifecycle by an average of 108 days. The productivity gains Zanger describes are not aspirational; they are already measurable in the field.
For IT decision-makers evaluating their own security stacks, the implication is clear: teams that fail to integrate AI-assisted detection and response tools risk falling structurally behind, not just against attackers, but against peer organisations that are using AI to move faster.
The Other Side of the Coin: Why AI Is Also Empowering Smaller, Faster Threat Groups
Zanger was equally candid about the downside. The same AI capabilities that are scaling defensive operations are lowering the barrier to entry for offensive cybercrime. The result, he warned, is a "proliferation of smaller, faster threat groups" capable of conducting sophisticated phishing campaigns and deploying malware without the level of expertise previously required.
This is not a theoretical concern. Research published by Europol has flagged the use of large language models to generate highly convincing phishing emails, fraudulent documents, and social engineering scripts at scale. What once required a skilled human writer — capable of crafting culturally appropriate, grammatically correct lures — can now be automated. For organisations in Europe operating under GDPR, where a successful phishing attack leading to a data breach can trigger mandatory 72-hour breach notifications and significant regulatory fines, this acceleration of threat velocity has direct compliance consequences.
The attack surface is also expanding structurally. As organisations integrate AI agents into their enterprise systems — giving them access to customer databases, financial records, internal communications, and cloud infrastructure — each new connection becomes a potential entry point. "The more connections AI has, the greater the attack surface and the security risk," Zanger explained. Security teams seeking to limit integrations are now in direct tension with business units eager to extract maximum value from AI tools, a dynamic familiar to anyone who has navigated shadow IT debates in a corporate environment.
Every Major AI Platform Tested Had Serious Security Gaps — What That Means for Your Organisation
Perhaps the most alarming disclosure in Zanger's interview was this: Check Point's security researchers found serious vulnerabilities in every AI platform they analysed over the past year, as well as in all major AI development tools. Zanger was careful not to name specific vendors, and he was measured in his tone — "I'm not criticising anyone here, because their job is to launch innovative products quickly" — but the implication is stark. If you are deploying a third-party AI platform inside your enterprise or SaaS stack and assuming it is secure because it comes from a reputable vendor, you are taking on risk you may not have adequately quantified.
This finding is consistent with broader research from the cybersecurity community. OWASP's Top 10 for Large Language Model Applications — now a widely referenced framework in the developer community — identifies prompt injection, insecure output handling, training data poisoning, and excessive agency as among the most critical risks in AI deployments. These are not edge cases. They are structural characteristics of how current LLM-based systems work, and they require explicit security controls that many organisations have not yet implemented.
For developers building on top of AI APIs, this is particularly relevant. An application that passes user input directly to an LLM without sanitisation, or that grants an AI agent write access to production systems without human-in-the-loop approval gates, is creating exploitable pathways. The principle of least privilege — long established in traditional software security — applies equally, and arguably more urgently, to AI agent architectures.

The Three Areas Where AI Is Transforming Cybersecurity Right Now
Zanger outlined three distinct domains where AI is reshaping how cybersecurity is delivered — and where organisations need to focus their attention and budgets.
First: AI-augmented defence operations. AI is changing how security teams detect vulnerabilities, assess security posture, implement configuration changes, and respond to active incidents. The speed advantage here is significant. In a world where, as Zanger noted, "an attack can cause damage in seconds," the traditional detect-then-respond model is no longer sufficient. Prevention — catching threats before they execute — must be the primary objective, supported by AI systems capable of processing telemetry at machine speed.
Second: Securing AI applications and agents themselves. As AI becomes embedded in enterprise workflows — customer service bots, code assistants, data analysis agents, procurement automation — each deployment represents a new potential attack vector. These systems need to be treated as first-class security objects, not trusted utilities. This includes controlling what data AI agents can access, auditing the actions they take, and monitoring for anomalous behaviour that may indicate compromise or misuse.
Third: Defending against AI-driven attacks. Zanger advocates for deploying advanced models capable of detecting zero-day vulnerabilities and anomalous behaviour, combined with AI systems that simulate ethical attacker behaviour. This "offensive AI for defensive purposes" model — essentially using AI red teams to pre-empt real attackers — is becoming a competitive differentiator among mature security organisations.
| Security Domain | AI Application | Key Risk If Ignored |
|---|---|---|
| Defence Operations | Automated threat detection, vulnerability scanning, incident response | Slower response times, human analyst overload, missed zero-days |
| AI Application Security | Agent access control, output monitoring, data exposure prevention | AI agents becoming attack vectors or leaking sensitive data |
| Attacker Simulation | AI red teams, ethical attacker simulation, surface mapping | Unknown attack surfaces exploited before internal teams detect them |
| Phishing & Social Engineering | AI-generated lure detection, behavioural email analysis | Credential theft, ransomware deployment, GDPR breach obligations |
Why Explainability and Transparency Matter — Especially for Smaller Organisations
A question raised during the interview — about whether AI security systems can be made more transparent and auditable — touches on a tension that is particularly acute for small and medium-sized businesses (SMBs). These organisations often lack dedicated security teams capable of interpreting the output of black-box AI detection systems. When an automated system blocks a transaction, flags an email, or quarantines a file, business owners and their staff need to understand why — both to trust the system and to challenge it when it makes mistakes.
Zanger framed this as a core responsibility of cybersecurity vendors: "My perspective is that we should automatically block as many threats as possible, without requiring human intervention, but we must also enable humans to understand what happened and modify the future behaviour of the protection mechanisms." This is, in essence, a call for explainable AI (XAI) as a feature requirement in security tooling — not a nice-to-have, but a baseline expectation.
This has regulatory resonance in Europe. The EU AI Act, which entered into force and is being phased in progressively, includes provisions around transparency and human oversight for high-risk AI applications. Cybersecurity systems that make automated decisions with significant operational
Originally reported by CSO Online. Summarised and curated by European Purpose.