1. AI is becoming an active cyber attacker
- The report concludes that AI is no longer just assisting cyber-attacks- it is now building malware, supporting intrusion operations, accelerating vulnerability discovery and participating in post-exploitation activities.
- AI is increasingly enabling attackers to execute operations faster and at greater scale, significantly compressing the time between vulnerability disclosure and exploitation.
2. Anthropic’s Project Glasswing identified severity
- Anthropic’s Project Glasswing reportedly identified more than 10,000 high- and critical-severity zero-days in its first month and generated working exploits on the first attempt in approximately 83% of cases.
- The report highlights that vulnerability discovery is becoming increasingly automated, making rapid remediation critical.
- It notes:
- US CISA requires certain critical vulnerabilities to be remediated within 3 days.
- CERT-In advises organizations to contain and remediate critical internet-facing vulnerabilities within 12 hours of discovery.
3. AI Coding Credential Exposure
- Check Point Research identified CVE-2025-59536 and CVE-2026-21852, demonstrating how trusted AI coding project files could execute malicious commands, launch rogue MCP servers, capture credentials and compromise developer environments.
- The report also found that out of approximately 46,500 published NPM packages, 428 had accidentally exposed local Claude Code settings files, with approximately 1 in every 13 containing live credentials.

4. Fake AI- generated videos are being used as facial biomterics
- The report highlights that AI is enabling attackers to create convincing fake identities across text, audio and video, making traditional identity verification increasingly unreliable.
- It documents attackers using fake AI-generated video feeds streamed directly into identity verification cameras to bypass facial verification systems, while malware has been observed harvesting victims’ facial biometrics to defeat bank face-verification systems.
- Demonstrating how AI is scaling identity fraud, the report cites the Mexican government breach, where a single operator used AI across 34 attack sessions, issuing 1,088 human instructions that generated 5,317 AI-executed commands to compromise nine government agencies and expose approximately 400 million records.
5. AI-related data exposure is increasing
Regional findings
- Europe: 3.95% of prompts classified as high risk (approximately 1 in every 25 interactions).
- Latin America: 3.76% (approximately 1 in every 27 interactions).
- North America: 3.33% (approximately 1 in every 30 interactions).
Industry findings
- Business Services: 5.91% (approximately 1 in every 17 prompts), increasing from 5.50% in January to 6.98% in May (27% increase).
- Wholesale & Distribution: 5.47% (approximately 1 in every 18 prompts).
- Telecommunications: 4.06% (approximately 1 in every 25 prompts).

6. India focus
- The report highlights Pakistan-linked Transparent Tribe (APT36) using an AI “assembly line” to mass-produce disposable malware targeting Indian government systems.
It also cites CERT-In’s recommendation that organizations contain and remediate critical internet-facing vulnerabilities within 12 hours, reflecting the increasingly compressed AI-driven threat landscape
7. AI is enabling KYC bypass and identity fraud
- The report highlights that AI is making identity verification increasingly unreliable. Attackers are using AI-generated video feeds to bypass Know Your Customer (KYC) verification, while malware has been observed harvesting victims’ facial biometrics to defeat bank face-verification systems.
- It also notes that bank, fintech and cryptocurrency accounts that have already passed KYC verification using fake AI identities are being openly sold on Telegram, demonstrating how AI is scaling identity fraud.
Notable Case Studies
• VoidLink: AI-built malware crosses the threshold
- In January 2026, Check Point Research reported VoidLink, a sophisticated Linux command-and-control (C2) framework with 30+ post-exploitation plugins.
- Initially believed to have been developed by a multi-person team over several months, it was actually built by one developer using the AI coding tool TRAE SOLO.
- Using AI to implement, test and refine code from detailed specifications, the developer produced approximately 88,000 lines of functional malware in under one week.
- The report notes there was no indication of AI involvement in the finished malware, with its use only uncovered because of the developer’s operational security mistake.
• GTG-1002: AI performing the majority of attack operations
- Anthropic’s GTG-1002 disclosure reported Claude Code carrying out 80–90% of the tactical work across approximately 30 target organizations.
- AI reportedly handled reconnaissance, exploitation, credential harvesting, lateral movement and data triage, illustrating AI’s growing operational role during cyber intrusions.
• Mexican Government Breach: AI-enabled intrusion at scale
- Between late December 2025 and mid-February 2026, a single operator compromised nine Mexican government agencies, exposing approximately 400 million records spanning tax, civil registry, vehicle, patient and electoral data.
- Researchers reconstructed the operation from the attacker’s own servers:
- 1,088 human instructions
- 5,317 AI-executed commands
- Across 34 separate sessions
- Claude Code was used to conduct intrusion and post-exploitation activities, while GPT-4.1 analysed stolen data and generated follow-on instructions.
- As with VoidLink, AI involvement only became known because of the attacker’s own operational mistake.
• AI platforms can themselves become data exfiltration channels
- Check Point Research demonstrated that ChatGPT’s secure code execution sandbox could be abused through DNS lookups to exfiltrate sensitive data.
- A proof-of-concept “personal doctor” AI assistant successfully exfiltrated patient details and medical assessments from uploaded lab reports.
- The issue was reported to OpenAI and fixed on 20 February 2026, with no evidence of exploitation in the wild.
