Check Point Software Technologies held its annual Check Point Advantage 2026 Taiwan conference on Thursday last week, highlighting developments in the cyberthreat situation in the region and globally, as well as best practices to address cybersecurity in the AI era.
AI as accelerator of threats and defenses
The pioneer and global leader in cybersecurity solutions focused on several aspects:
- The evolution of the cyberthreat landscape, with focus on Taiwan as a cyberattack hotspot
- The “dual reality” of AI, as a cyberthreat multiplicator and a tool and agent in the defense against cyberthreat
- Governance of agentic AI best practices and regulatory requirements
Generally, the global cyberthreat level remains high, with rapidly evolving threats and global hotspots.
Check Point Research's latest Threat Intelligence Report showed, for example, that Taiwanese organizations saw 3,974 cyberattacks per week over the past six months on average, which is 92% higher than the global threat level. The semiconductor, government and industrial manufacturing sectors were the primary targets.
“The market is undergoing unprecedented technological changes,” said Vincent Liu, General Manager, Check Point Taiwan. “In the AI era, the time from vulnerability discovery to exploitation has been drastically shortened to just a few hours, forcing the cybersecurity industry to rethink their approach.”
Check Point helps organizations boost their cybersecurity based on four pillars:
- Hybrid Mesh Network Security: Cybersecuring enterprise infrastructure and data distributed across data centers, hybrid cloud, physical branches and Internet-facing services
- Workspace security: Cybersecuring devices, browsers, email systems, SaaS applications and access control
- Exposure Management: Giving organizations visibility of their full attack surface, including IoT devices such as security cameras, to enable risk prioritization and reduction based on context rather than raw alert volume
- AI security: Cybersecuring the use of AI tools across enterprise applications and autonomous agents
The “dual role” of AI
Jayant Dave, CISO for APAC at Check Point, highlighted best practices in AI governance in compliance with cybersecurity standards such as ISO/IEC 42001:2023, as well as what CISOs can do to boost their respective organization’s defenses.
Generally, CISOs should approach the integration of AI in their organization with the question of, “when an AI makes a decision in the company, who owns it?” Dave said, drawing attention to a “lack of AI governance” in Taiwan and elsewhere that exposes organizations to risks on the one hand, and makes them miss out on the benefits of AI on the other.
According to Dave, AI models can, when properly vetted, implemented and governed, detect threats and malfunctions better than human experts. Ungoverned AI, also called “shadow AI,” however, increases the attack surface of organizations significantly, for example through data infiltration, autonomous agent exploitation or LLM-powered phishing attacks at scale. Shadow AI includes a host of consumer-grade tools used by employees who want to optimize their workflow without subjecting them to the organizations’ audit procedures. In many organizations shadow AI accounts for 40-60% of all use cases.
To monitor all workflows involving AI, the understanding of organizations must evolve from “human-in-the-loop” to “AI-in-the-loop,” which means that AI-enabled cybersecurity solutions scrutinizes all processes in which unsanctioned AI is being used, as well as sanctioned AI that might have evolved in a direction that it no longer aligns with the goals of the organization.
“AI is living in the workflows of most organizations,” Dave said. “The typical attack is no longer a man-in-the-middle attack, but a man-in-the-[AI]-model attack, a man-in-the-data attack, a man-in-the-workflow attack.”
“The focus should be on AI-assisted red-teaming to identify vulnerabilities in all workflows involving AI, instead of static-pace model assessment, which typically takes months in many organizations,” he explained. “Instead, we need continuous model assessment.”
Visibility is key
To get a full overview about what AI is involved in their workflows, organizations must analyze finance and procurement data, security and web proxy logs, and IT asset management data, as well as conduct targeted business unit head interviews and cloud platform audits, with the aim to create a “single source of truth” of AI usage within their organization. The aim should not be to eliminate the use of shadow AI, as “especially the best” employees will continue to seek out improvements to their workflows, but to turn it into sanctioned AI use.
“42% of organizations say employees bypass AI security controls when those controls slow them down,” Dave explained, citing data from the latest Check Point report. “They paste sensitive data into a personal AI account, use a browser-based tool the endpoint agent does not cover, or take whatever path feels faster than the approved one. This behavior signals something structural: governance is sitting too far above the workflow to shape what users actually do”
“Security teams are aware of the tension,” he added. “51% believe they are enabling AI adoption, yet 21% say slowing AI adoption for security reasons has already cost them competitive edge.”
“Check Point solutions, such as Lakera, can help identifying what kind of AI is being leveraged and what text is being transferred to those models,” Dave said. “Lakera also automates the risk categorization of AI models that are being leveraged into four categories: Critical, high, standard and minimal impact in case the system fails.”
“’Critical AI’ needs full transparency and full accountability toward a designated human user on site, who has to be able to pull the kill switch on the AI,” Dave said, adding that the owner of the risk must not be a vaguely defined team, but a person within the organization who can take full responsibility.
Regulations as guidelines for organizations
“AI regulations around the world, including the AI Basic Act in Taiwan, require the establishment of AI risk registers within regulated organizations, including one-person ownership and reason of use for every AI,” Dave said, adding that the most common AI regulations, from global ISO standards to national law, require similar steps, which are all covered if organizations follow Check Point’s approach and adopt the company’s solutions.
However, Check Point acknowledges that scale and depth of AI agent integrations is posing a challenge going forward.
Organizations that deploy tens of thousands of AI agents need to be aware of the operational effects of having to pull the kill switches on centrally located agents. Dave said large-scale deployments and deployments in critical infrastructure need to make use of sandbox and other test environments before agents can be fully deployed. In such cases, the ability to use agentic AI and integrate shadow AI might be limited, and they are therefore subject to tight regulations in many organizations and jurisdictions.