Check Point takes IoT security to the next level as AI creates a ‘perfect storm’

As artificial intelligence becomes deeply embedded in the IoT ecosystem, AI-powered cybersecurity risks multiply, threatening to overwhelm defenses that haven’t caught up with the latest development.
 
Check Point Software Technologies, a leading provider of cyber defense solutions to governments and corporate customers worldwide, is at the frontline of hardening systems against emerging threats—from AI-driven manipulation of existing systems to automated attacks conducted by AI-agents and new ways of exploiting IoT vulnerabilities.
 
Antoinette Hodes, Global Solutions Architect & Evangelist at Check Point, and Miri Ofir, the company’s R&D Director, explore what’s possible—and needed—in terms of cutting-edge defenses in the AI cybersecurity space.
 
Q: Traditionally IoT devices faced cyberthreats through, for example, weak passwords, zero-day vulnerabilities, API exposure and pivoting attacks. Defenses focused on better authentication, encryption, patches, network segmentation and device hardening, etc. With the advent of AI, what has changed in this regard? How are threats that we’ve seen before changing in sophistication and scope?
 

Hodes: AI has changed the ball game and with IoT attacks (higher stakes and lower defenses), and these threats are alarming compared to IT. What once was somehow predictable and containable attacks are becoming dynamic, adaptive and increasingly autonomous.
 
These examples include:

• Adversarial attacks to turn AI against itself. Think of subtle deceiving or redirecting traffic
• Adaptive attacks, learning the environment in real time to blend in and stealthily launch persistent mechanisms
• AI agents attacking without human oversight. Map out OT network, exploit flaws in control logic and bizarrely predict safety test cycles to avoid detection

 
When looking at IoT, complexity is decentralized, but trust is centralized. Now, with AI added to these complex environments, a perfect storm has been created. AI-powered threats act independently, contextually and at scale.
 
Q: What unique challenges do AI-driven attacks pose to IoT security compared to traditional cyber threats? And what should the response of security teams be?
 
Hodes: AI driven attack don’t just scale better, they think better too. Firstly, traditional attacks exploit vulnerabilities. AI-driven attacks exploit complexity. This is because there is no device heterogeny, limited processing power (so often no onboard threat prevention) and minimal visibility. Security teams should move from reactive to predictive and preventive security. Examples defend against behaviors rather than signatures. Secondly, embed lightweight device level AI defense, meaning security must live where the threats reside. Trust nothing. Verify everything. Especially machine-to-machine interactions.
 
Q: How are malicious actors using AI specifically to target IoT environments? Do you have any examples or stories you can share?
 
Hodes: I believe most of us are aware of Mirai malware, that turns networked devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks. Another example is MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) which has developed PhotoGuard, a tool designed to protect images from unauthorized manipulation by AI models. Another fun fact, KU Leuven researchers have demonstrated a method to evade AI surveillance by wearing a specially designed, colorful printed pattern. This pattern, when worn, could confuse facial recognition systems. The result: effectively hiding the wearer's identity from AI-powered surveillance cameras. The approach leverages adversarial examples, inputs crafted to deceive machine learning models. And there are many more, think AI generated voice to spoof commands.
 
Q: Many device manufacturers are promoting AIOT (AI+IoT) solutions, what are the most significant cyber threats facing IoT devices as AI becomes more integrated into these environments?
 

Ofir: There are 2 major cyber threats related to the AIOT systems – when we combine IoT device and AI logic.
 
First, physical harm from compromised IoT devices: Unlike traditional IT systems, IoT devices interact with the physical world. When compromised, they can cause real, tangible damage. The integration of AI further automates decision-making and physical actions, amplifying potential harm. For instance, an industrial robot controlled by a compromised AI model could endanger human operators by making hazardous movements. Similarly, AI-powered drones or autonomous vehicles could be hijacked to cause property damage or bodily injury. The infamous Stuxnet attack already demonstrated how software can destroy physical equipment—in that case, Iranian centrifuges. With AI in control loops, the threat becomes even more unpredictable. Because AI models do not follow fixed rules and they don’t take margins by themselves.
 
Second, AI as a new attack surface with non-deterministic behavior: AI introduces an inherently non-deterministic layer into IoT systems, where outcomes may vary even with slight changes in input. This opens novel avenues for adversaries. Attackers might poison training data or deploy adversarial examples to manipulate model behavior; or exploit sensor spoofing to feed manipulated inputs (e.g., images, sounds, or temperature data) that trigger unintended AI responses. There are several known cases in studies and tests, where users were able to trigger unexpected behavior of AI models with certain input.
 
For example, researchers have shown that small changes to stop signs can mislead computer vision systems in autonomous cars, causing them to ignore critical traffic signs. Similar attacks can be mounted on AI-powered surveillance cameras, medical diagnostic devices, or smart home systems. In all these cases, AI becomes a liability if not properly safeguarded.
 
To mitigate these threats, manufacturers must:

• Integrate AI-specific security mechanisms such as adversarial robustness and model verification.
• Add guardrails including fail-safe physical constraints, input validation layers, and out-of-distribution detection mechanisms.
• Ensure that secure development lifecycles include threat modeling for both software and physical consequences.

 
Q: Manufacturers that develop their own AI or customize third-party or open-source models might be confronted with compromised (or “poisoned”) AI training datasets. How can they address this threat?
 
Hodes: Manufacturers developing or customizing AI models must guard against poisoned training datasets by implementing data validation, using trusted data sources and employing powerful training techniques like adversarial training to build resilience. They should demand explainability by using explainable AI (XAI) models, as this is critical for understanding decisions, especially in high-stakes environments. Investing in Red Teams for AI models helps simulate adversarial attacks on both cyber and physical layers. Other recommendations include implementing operational Drift Monitoring to detect deviations from normal AI behavior early and preventing failures and maintaining safety. Finally, embedding Human-in-the-Loop (HITL) controls ensures that critical AI decisions are reviewed by humans to reduce risk and build trust.
 
Q: How does Check Point leverage AI to detect and respond to cyber threats targeting IoT devices in real time?
 
Ofir: Check Point has solutions to protect IoT devices in the network and on device-level. Our are solutions enhanced with AI-based engines to improve the detection of new threats and to block attacks in real time.
 
Check Point IoT Protect enforces strict policy to limit access to IoT devices, and it monitors the activity inside the device to ensure the control flow integrity.
 
We offer manufacturers tools to develop IoT devices and AI models securely. For the device-level protection, we offer Check Point IoT Nano agent. Nano agent is a light-weight program that monitors the activity on the devices and can block even the most sophisticated threats, including AI-based attacks.
 
Q: How does Check Point address the lack of built-in security in many IoT devices, especially those that don’t have enough computing power to run a security agent at the edge?
 
Hodes: Check Point provides a range of IoT security solutions, including IoT devices that have limited computing power. For those assets, there is the lightweight Nano Agent. The Nano Agent is an embedded security agent designed to run directly on the device without affecting performance. It ensures the device is protected at the device level and remains cyber resilient, even under attack. The Nano Agent delivers essential security features like access control, privacy protection and data integrity. A great bonus is that it also helps manufacturers meet mandatory compliance and regulatory requirements.
 
Q: How do you differentiate between normal IoT device traffic and potentially malicious activity? How does AI help you detect existing malware on an edge device, as well as malware that is moving between devices or from the device into the network?
 
Hodes: To differentiate between normal and potentially malicious IoT traffic, the first step is consider behavioral baselining. This means learning what "normal" looks like for each device—specifically communication patterns, protocols, frequency and destinations. Once that baseline is established, AI and machine learning kick in to detect anomalies. Any deviation from expected behavior, like unusual data spikes, connections to unknown IPs, or commands sent at odd times. AI helps by continuously analyzing patterns across the network. It can detect existing malware on a smart edge device by recognizing signs like unexpected CPU spikes, unauthorized access attempts or even abnormal system calls. It could also track lateral movement, when malware tries to spread between devices and north-south movement as well as exfiltrating data from the device into the broader network.
 
Q: Looking forward, what emerging technologies or trends do you see shaping the next wave of IoT security challenges—and how is Check Point preparing for them today?
 
Hodes: Looking ahead, the next wave of IoT security challenges will be shaped by the explosive convergence of AI, edge computing and autonomous systems. We’re moving toward a world where IoT devices not only collect data, they make decisions. This shift dramatically raises the stakes, especially in critical environments like healthcare and energy. One of the biggest emerging challenges is the rise of autonomous, AI-powered malware. This malicious code can learn, adapt and evolve within IoT environments. Combine that with increasingly sophisticated supply chain attacks, and we’re looking at threats that don’t just exploit vulnerabilities, they embed themselves into the very fabric of connected infrastructure.
 
Another trend is the expansion of digital regulations like the EU Cyber Resilience Act, which will force manufacturers to rethink security as part of the design, not an afterthought.
 
Q: How is Check Point preparing? Leave that to one who owns the roadmap please
We can name threat cloud here and our IoT Protect network solution as well.
 
Hodes: My personal recommendations are:
 

• Push for explainability and accountability in AI-driven devices. If an IoT system makes a decision, we must understand why
• Demand secure-by-design practices from vendors. Security should be part of the product DNA, not a patch
• Prepare for AI-powered threats with AI-powered defenses. This includes Red Teaming AI models and monitoring for operational drift in behavior
• Balance autonomy with control: Always embed a Human-in-the-Loop for critical systems where lives or infrastructure are at risk

 
AI isn’t a future threat to IoT, it’s already here. Attackers are using AI to:
 

• Scale reconnaissance
• Outsmart perception systems
• Personalize attack timing
• Automate lateral movement
• Bypass authentication mechanisms

 
And unless defenders use equally intelligent and adaptive countermeasures, the asymmetry will only grow.