AI & Cybersecurity
Check Point CTO: AI is reshaping the full value of cybersecurity—from scaling defense to new risk challenges
Check Point Global CTO Jonathan Zanger pointed out at the Engage 2026 conference that AI is profoundly transforming cybersecurity from three dimensions: scaling defenses, expanding attack surfaces, and the need for explainability. Enterprises must embed security layers from the very start of AI projects to address the new risks posed by non-deterministic systems.
Event Overview
At Check Point's Engage 2026 user conference held in Paris, Global CTO Jonathan Zanger gave an exclusive interview to CSO Spain. Zanger defined 2026 as "the year of the biggest transformation in cybersecurity since the advent of the internet" and elaborated in detail on how AI is reshaping the offensive and defensive landscape of cybersecurity across multiple dimensions.
Technology and Risk Analysis
AI Scales Defenses but Also Empowers Attacks
Zanger pointed out that Check Point used to rely on expert teams to manually analyze threats and create signatures, where human limitations made it difficult to scale defenses. The introduction of AI has completely changed this situation: Security teams can now achieve a 20-fold efficiency improvement with AI Agents. The company has deployed approximately 300 AI instances internally for continuous monitoring and testing.
However, attackers benefit equally. AI lowers the barrier to launching complex attacks, leading to a surge in "smaller, faster threat groups." AI-driven phishing, ransomware, malware, and exploits have significantly increased in both speed and volume, rendering traditional detection and response insufficient—When attacks can cause damage within seconds, prevention becomes key.
Non-Deterministic Nature of AI Brings New Security Challenges
Traditional IT systems are deterministic: the same input yields the same output, making them easy to protect. AI systems, on the other hand, understand natural language, handle ambiguity, and behave unpredictably. At the same time, the value of AI depends on the number of systems it connects to—security teams want to limit connections to reduce the attack surface, while business units want to integrate AI into various parts of the organization to access information. This tension leads to a drastic expansion of the attack surface.
All AI Platforms Have Vulnerabilities
Zanger revealed that over the past year, Check Point conducted security assessments on all major AI platforms and found severe vulnerabilities in every one of them. This is not targeted at specific vendors, but because the speed of innovation far outpaces security considerations. He emphasized: Enterprises should not assume that an AI platform is secure simply because it comes from a well-known vendor.
Enterprise Impact Analysis
- Operational Risk: AI Agents accessing enterprise systems can be manipulated, leading to data breaches or business disruption.
- Compliance Risk: The black-box nature of AI makes auditing and compliance difficult, especially under regulations like GDPR.
- Brand Risk: AI-driven attacks are more realistic and harder to defend against; successful breaches can severely damage customer trust.
- Supply Chain Risk: If an AI supplier has security flaws, it directly impacts all its customers.
Industry Trend ObservationsZanger believes that 2026 marks the transition of AI from a "supporting tool" to a "core variable in security". Three trends are particularly critical:
1. AI-enhanced defense: Security teams leverage AI to automate and scale vulnerability detection, situational assessment, and alert response. 2. Protecting AI applications themselves: The rapid adoption of generative AI has given rise to a new security domain—ensuring AI models are not misused and do not leak sensitive information. 3. Countering AI-driven attacks: Predictive defense requires combining zero-day detection models with AI systems that simulate ethical attackers.
This is not an isolated event, but a structural transformation of the entire industry.
Defense and Response Recommendations
- At the enterprise level: Embed security layers at the outset of all AI projects, and establish collaboration mechanisms between security teams and AI teams.
- At the technical level: Deploy explainable AI security solutions that retain human traceability without sacrificing efficiency. Adopt multi-layered preventive strategies rather than relying solely on detection and response.
- At the management level: Develop AI connectivity strategies, restrict unnecessary data flows, and conduct independent security assessments of AI platforms regularly.
SecurityPost Insight
Jonathan Zanger's interview clearly reveals two core paradoxes of the AI era: AI is both the most powerful defense lever in history and a new weapon in the hands of attackers; the value of AI is proportional to its connectivity, but risks amplify accordingly.
For enterprise security decision-makers, the most critical takeaway is to abandon blind trust in vendor reputations. All AI platforms have flaws; security must be embedded in the architecture from day one, not applied as an afterthought. At the same time, explainability is no longer a "nice-to-have" but the foundation for balancing trust and rapid response.
In the coming year, we expect to see more data breaches caused by improper permission control of AI agents, as well as attack techniques specifically targeting AI applications (such as model poisoning and prompt injection). Enterprises that establish AI security governance frameworks early will gain a clear advantage in the next competitive cycle.
Evidence route · securitypost
securitypost frames this note through Security Post publishes defensive cybersecurity intelligence for enterprise security leaders, covering thre.... Threat Briefing / Enterprise Security / AI & Cybersecurity explains the local editorial angle: Source links should be opened before the summary is reused. dates, names and status changes still need checking.