When AI becomes the attacker: the rise of agentic cyber-operations

For the past several years, boardroom conversations about artificial intelligence and cyber-security have focused on volume. Executives worried that AI would help hackers write better phishing emails or generate malware faster. While true, this focus missed a far more dangerous shift that has quietly taken place: AI has graduated from being a tool to being a “team member” capable of autonomous offence.

 

According to Check Point’s Cyber Security Report 2026, the threat landscape has crossed a critical threshold. We are witnessing the rise of agentic cyber-operations, where AI systems are no longer just assisting attackers but also running the operation.

 

From tool to operator

 

Let’s take the example of GTG-1002, widely considered as the first reported AI-orchestrated cyber-espionage campaign. In September 2025, investigators analysing the intrusion noticed something unusual. The attack did not unfold as a sequence of clearly manual steps. Instead, once access was established, the system appeared to map the environment, identify credentials, test pathways and escalate privileges in rapid succession.

According to data cited in the Check Point report, an AI agent handled roughly 80 to 90 per cent of the tactical intrusion tasks in that campaign. While human actors were still involved in setting objectives and overseeing outcomes, they were not manually executing every stage of the operation.

 

This distinction is critical. Traditional automation follows predefined scripts to accelerate specific, known tasks. Agentic systems, by contrast, possess structured autonomy. They can plan sequences of actions, adapt when a pathway is blocked and dynamically pursue objectives within defined parameters.

 

In the case of GTG-1002, the agent was able to automate complex activities, including reconnaissance, vulnerability identification and lateral movement, while maintaining the “state” of the operation over multiple days. The result is not simply a faster attacker, but a more resilient one. As this model matures, the role of the human adversary is fundamentally shifting from operator to supervisor.

 

The compression of response time

 

For the C-suite, the most significant implication of agentic AI is not only attack volume but the compression of time. Autonomous systems can analyse reconnaissance data, test pathways and escalate privileges at machine speed. This has the potential to significantly reduce dwell time, narrowing the window between compromise and impact.

 

Human-led defence models are not designed for this tempo. Traditional incident response cycles that depend on sequential investigation and remediation struggle when adversaries can adapt their tactics in real time. As the report suggests, operational resilience in 2026 requires a shift from reactive investigation to continuous containment.

 

In this environment, governance and identity controls become central. Strict access management and Zero Trust architectures may offer more reliable protection than perimeter-focused tooling alone, as they help limit the blast radius of an automated breach.

 

Not a future horizon risk

 

It may be tempting to categorise agentic cyber-operations as a future threat. However, the data indicates that elements of this capability are already being deployed. The Check Point report documents automated systems embedded across multiple stages of the attack lifecycle, from reconnaissance to code execution.

 

It would be inaccurate to claim that AI currently drives the majority of global attacks. But in documented campaigns such as GTG-1002, automated systems successfully executed the vast majority of tactical intrusion tasks against approximately 30 different organisations. The technology is operational, effective and its adoption is accelerating.

 

Organisations that treat agentic operations as theoretical risk may underestimate current exposure.

 

The enemy inside the gates

 

While autonomous agents are attacking the perimeter, internal AI usage is simultaneously creating a new, invisible attack surface. As organisations rush to adopt agentic frameworks to boost productivity, they are often bypassing standard security governance.

 

The data is concerning: 89 per cent of organisations were impacted by risky prompts within an average month. Furthermore, one in every 41 prompts submitted to enterprise AI tools was classified as “high-risk”, often involving the exposure of PII (personally identifiable information) or source code.

 

This creates a dual-threat scenario for 2026. Organisations must defend against autonomous AI agents trying to break in, while simultaneously managing internal AI agents that may be inadvertently leaking data or executing malicious instructions via prompt-injection attacks.

 

Resilience in the era of autonomy

 

The Check Point Cyber Security Report 2026 makes one thing clear: the human-speed era of cyber-security is ending. When the attacker is an autonomous software agent that never sleeps and processes data at machine speed, relying on manual incident response is no longer a viable strategy.

 

For business leaders, this demands a strategic pivot. Defence must move from reactive containment to automated prevention. Static controls are ill-suited to dynamic adversaries.

 

However, resilience also requires looking inward. Organisations must govern their own internal AI agents with the same scrutiny applied to human employees. This means establishing strict access limits, monitoring behaviour for anomalies and assuming that any agent could be compromised.

 

Ultimately, this is as much a governance challenge as a technical one. As AI becomes embedded on both sides of the equation, the organisations that recognise autonomy as an operational reality will be the only ones positioned to manage the risk.

The only question remaining for business leaders is whether their defence strategy is evolving as fast as the attackers.

---

To understand the full scope of agentic threats and the strategic shifts defining 2026, download Check Point’s Cyber Security Report 2026 here