← Blog

Check Point's AI Security Report 2026: The AI Infrastructure You Cannot See Is Already Being Probed

Check Point Research published its AI Security Report 2026 on July 15, 2026. Most coverage focused on autonomous exploitation and deepfakes. The under-read section is the AI-infrastructure attack surface: exposed model servers, agent control panels, and inference endpoints that attackers probe while most organizations have no inventory of them. This is the visibility gap an identity-aware policy gateway closes on the request path.

ByParminder Singh· Founder & CEO, DeepInspect Inc.
Problem-Awareai-securitythreat-reportai-infrastructureinline-enforcementai-visibility

Check Point Research published its AI Security Report 2026 on July 15, 2026, and the number that led most of the coverage is the autonomous-attacker finding: intrusions in which AI ran exploitation workflows on its own, thousands of commands across dozens of sessions with minimal human direction. The report also records that between October 2025 and May 2026, somewhere between 87% and 93% of organizations experienced at least one high-risk AI interaction every month. The Help Net Security summary from July 15 is the record I am working from.

The section that got the least attention is the one platform teams should read first. The report describes an AI-infrastructure attack surface, exposed model servers, agent control panels, and inference endpoints, that attackers continuously probe while most organizations hold no inventory of these assets. That is a visibility problem before it is anything else.

What the report covers, and where I am narrowing

The report ranges widely. It covers model-layer jailbreaking, AI-assisted malware development, and generative-identity fraud. Those are real, and they sit at layers a request proxy never touches, so I am setting them aside here. I am also not re-treading the employee-data-upload angle, which the 2026 Zscaler ThreatLabz numbers already cover in depth. The slice I want is the infrastructure-visibility finding: the model servers, agent control panels, and inference endpoints that answer to network requests and that most security teams cannot currently enumerate.

The attack surface you cannot see

An inference endpoint is a network service. An agent control panel is a web application. A self-hosted model server listens on a port. Each of these accepts requests, and each is discoverable by anyone scanning for them. Check Point's finding is that attackers already scan for them at volume, and that defenders often have no asset list to defend. You cannot write a policy for traffic you do not know exists. The first consequence of the report is not a new control to buy. It is that AI infrastructure has to become inventoried the way databases and admin panels already are, because the attacker's map of your AI endpoints is more complete than yours.

Why visibility is the precondition for every other control

Every downstream control depends on seeing the traffic. Rate limiting, authorization, prompt inspection, and logging all assume you know which endpoints exist and which identities are calling them. When AI calls leave the environment through unmanaged paths, none of those controls apply. This is why the report's framing matters: the exposure is not only that a model server is reachable, it is that the calls to and from it are unobserved. An identity-aware control point on the AI request path turns unobserved traffic into authenticated, authorized, logged traffic. That is the mechanism that converts an invisible attack surface into a governed one.

Governing and defending at machine speed

Check Point's own conclusion is that defenders have to govern how AI is used, secure the AI systems they now depend on, and defend at machine speed rather than human speed. The machine-speed point has a hard number behind it from a separate source: Google Mandiant's M-Trends 2026 report put the median time from initial access to handoff at 22 seconds in 2025, down from over 8 hours in 2022. A control that detects a problem after the traffic has landed is structurally behind an attacker moving that fast. Enforcement that evaluates and blocks a disallowed AI call inline, before it reaches the model, is the only version of this control that keeps pace.

The enforcement point that produces both visibility and speed

One decision point on the AI request path produces both outcomes the report calls for. Every AI call routed through it is authenticated, authorized against policy, and logged per request. That gives you the inventory as a byproduct, because you now see every model server and endpoint that traffic reaches. It gives you machine-speed defense, because the pass-or-block decision happens before the call executes. And it gives you the record, because each decision is written down. The report describes the gap. A stateless identity-aware gateway is one way to close it on the channel every AI interaction uses.

DeepInspect

This is exactly what DeepInspect does. DeepInspect sits inline between your users and agents and the LLM endpoints they call, whether those are hosted APIs or self-managed model servers. For every request and response it evaluates identity, data classification, model authorization, and organizational policy, then makes a pass or block decision before the traffic reaches the model. The endpoints that traffic reaches become visible because the gateway sees them, which turns the report's invisible attack surface into an inventory you can act on.

The same decision point writes the record. Every AI call becomes a logged event that names the calling identity, the destination endpoint, and the policy outcome. That is the govern-and-defend-at-machine-speed posture the report describes, implemented at the one layer where AI traffic is observable. For the running catalog of 2026 AI-security events and reports, see the agentic AI news pillar.

Book a demo today.

Frequently asked questions

What is the main finding of the Check Point AI Security Report 2026?

The coverage led with autonomous exploitation: intrusions where AI ran attack workflows with little human direction, and a finding that 87% to 93% of organizations had at least one high-risk AI interaction every month between October 2025 and May 2026. The section this article focuses on is the AI-infrastructure attack surface, exposed model servers, agent control panels, and inference endpoints that attackers probe while most teams have no inventory of them.

Why is AI-infrastructure visibility a security problem?

You cannot authorize, rate-limit, inspect, or log traffic to endpoints you have not enumerated. When AI calls travel through unmanaged paths, downstream controls do not apply because they never see the traffic. The exposure is both that an endpoint is reachable and that the calls to it are unobserved. Routing AI traffic through an identity-aware control point makes those calls authenticated, authorized, and logged.

How does this differ from the shadow-AI data-exposure problem?

The shadow-AI and employee-data-upload angle is about sanctioned and unsanctioned use of external AI tools and what data leaves with those prompts, which the 2026 Zscaler numbers cover. The infrastructure-visibility finding here is about the model servers, control panels, and inference endpoints inside and around your environment that attackers scan for. Related, but a different attack surface.

What does defending at machine speed require?

It requires enforcement that acts on the request path before a call executes, rather than detection after the traffic has landed. Mandiant's M-Trends 2026 report recorded a median 22-second window from initial access to handoff in 2025. An inline pass-or-block decision on AI traffic, made in tens of milliseconds, is what keeps a control ahead of an attacker moving at that speed.