Check Point Software has launched Agentic Exposure Validation (AEV), a new AI-driven capability within its Exposure Management platform that uses autonomous agents to reason like attackers and provide security teams with hard evidence of what is genuinely exploitable in their environment, before adversaries can act on it.

The launch comes as the threat landscape undergoes a fundamental shift. Frontier AI models are now capable of autonomously identifying and weaponising vulnerabilities at machine speed, compressing the mean time from CVE disclosure to confirmed exploitation from 2.3 years in 2018 to roughly 10 hours in 2026. At the same time, 72.7% of exploited CVEs in 2026 are hitting as zero-days, up from just 16.1% eight years ago.

Beyond Severity Scores

Traditional vulnerability management has long relied on static severity scores, leaving security teams to sift through thousands of flagged issues without knowing which represent a real, reachable risk. AEV takes a materially different approach: rather than assigning a score and moving on, it deploys AI agents that work through each potential exposure using logic that mirrors attacker reasoning.

The agents correlate exposure data with asset context, live threat intelligence, existing control coverage, and known exploit research to determine whether a path to compromise actually exists. When a route is blocked by an existing control, AEV pivots to an alternative attack path. If no viable path exists, the threat is discarded. If exploitation is feasible, the system produces direct evidence, giving security teams the confidence to prioritise and act.

Early customer engagements have already shown the capability of generating novel exploits for dozens of vulnerabilities that had no previously published exploit code, illustrating the analytical depth of the agents.

Closing the AI Arms Race Gap

Yochai Corem, General Manager of Exposure Management at Check Point, said the product addresses a problem that has become existential for enterprise security teams: “The era of autonomous, AI-driven exploitation is here. Frontier AI models are attacking critical vulnerabilities at scale, without human steering. Security teams are already inundated and cannot effectively address that emerging threat.”

Corem added that AEV is designed to put defenders on equal footing: “Agentic Exposure Validation is our answer: AI agents that reason like attackers reviewing your organisation’s digital surface from the outside with our unique threat intelligence context, and prove what is actually exploitable, providing security teams the evidence and the remediation to act smartly and effectively before attackers do.”

A Critical Piece of CTEM

Check Point positions AEV as a validation layer within Continuous Threat Exposure Management (CTEM) programmes, moving organisations from discovery and prioritisation into evidence-based exposure reduction. The validation step has historically been manual, slow, and resource-intensive. AEV’s safe proving loop, analysing assets and CVEs, enriching findings with live Check Point threat intelligence, verifying whether existing controls already block the path, and building targeted validation without disruptive techniques, is designed to make that step autonomous and continuous.

Agentic Exposure Validation is available now as part of Check Point Exposure Management. Organisations can request a complimentary AEV scan to see what an agentic attacker would uncover on their external attack surface.

The post Check Point Launches AI Agents That Think Like Attackers as Autonomous Exploitation Reaches Critical Threat Level appeared first on IT Security Guru.

Swiss privacy company Proton has rolled out a significant update to Proton Mail that allows users to connect their Gmail accounts directly to the platform. The feature, announced on 28 May 2026, enables Gmail messages to be imported into Proton Mail and allows users to send and receive emails from their Gmail address, all without toggling between separate inboxes.

The integration is aimed at users looking to transition away from Google’s ecosystem but who face the practical challenge of updating contacts and switching services one by one. Rather than forcing an abrupt departure, Proton is offering a bridge: a managed migration path where Gmail activity is gradually absorbed into Proton Mail.

What the Feature Does, and What It Does Not

When a user activates the Gmail connection via Proton’s Easy Switch tool, their most recent Gmail messages are imported into Proton Mail. Going forward, new emails arriving in Gmail will continue to appear automatically in the Proton inbox. Crucially, Proton says the connection is strictly one-directional in terms of access: connecting Gmail does not grant Google any visibility into the user’s Proton Mail inbox.

From a security standpoint, this is a meaningful distinction. Proton positions the feature as a transitional tool rather than a permanent hybrid solution. The company acknowledges that Google continues to read emails received by a Gmail account, including any sensitive communications. The feature is designed to shrink that exposure over time, not eliminate it overnight.

Privacy Protections Applied to Gmail Traffic

Proton says it applies its standard email protections to Gmail content viewed through the Proton Mail interface. That includes tracker removal, ad stripping, and spam filtering. Unlike Gmail, which the company describes as fundamentally built around advertising, Proton does not scan email content, build advertising profiles, or use user data for AI training purposes.

Proton also highlights an encryption benefit: when both parties in a conversation use Proton Mail, messages exchanged between connected Gmail addresses become end-to-end encrypted, meaning Google cannot read those communications. This incentivises users to encourage their contacts to make the same switch.

A Gradual Exit Strategy from Big Tech

Proton is explicit that the feature is not a long-term solution. The company frames it as part of a broader, gradual transition away from Google, designed to make the process manageable. The recommended approach is for users to update all their important accounts to their Proton address, after which Gmail receives only low-priority mail. Users can then disconnect Gmail entirely from Proton Mail and, if they choose, delete their Google account altogether.

The feature is rolling out gradually, meaning not all users will see it immediately. Setup is straightforward: users open the Easy Switch section in their Proton Mail settings and connect their Gmail account. In addition to Gmail, Proton supports email imports from Outlook, Yahoo, and Apple Mail via the same Easy Switch tool or a standalone import utility.

Wider Context: Google’s Data Practices Under Scrutiny

The launch arrives against a backdrop of sustained criticism of Google’s data harvesting practices. Google uses Gmail activity, including which emails are opened and interacted with, to build user profiles that feed its advertising ecosystem. The company also uses approximate location data derived from email activity to personalise ads. By routing Gmail through Proton’s interface rather than Google’s own apps, users can reduce their exposure to this data collection, even while maintaining their Gmail address.

For IT and security teams advising organisations or individuals on reducing Big Tech data exposure, Proton’s new approach represents a pragmatic middle ground: it acknowledges that cold-turkey Gmail abandonment is impractical for many users and provides a structured, privacy-improving alternative.

The post Proton Mail Lets Users Send and Receive Gmail Directly Without Giving Google Access to Proton Inbox appeared first on IT Security Guru.

Evolution of AI Phishing

As with most cyber threats, AI has created a fundamental shift in the phishing threat landscape. It has become a precision operation powered by AI systems that research, build, deliver, and adapt campaigns autonomously. AI acts as a force multiplier: it scales targeted techniques that previously required experience and time, while simultaneously lowering the barrier to entry once again. To understand the scope of this shift, consider that AI can now generate a convincing spear-phishing email, without obvious grammatical errors and in many languages, in under 5 minutes. This article maps the technical shifts driving this new era, from vibe-coded criminal infrastructure and AitM authentication attacks to 24/7 autonomous agents and AI-powered interactive scams.

Vibe Coding and Asian PhaaS

“Vibe coding” – the practice of prompting LLMs with natural language to generate functional code without writing a single line manually – has drastically boosted the Phishing-as-a-Service ecosystem. Threat actors now describe desired functionality, like for example “build a reverse proxy that strips CSP headers and logs POST bodies”, and iterate on output until operational. This has turbocharged the PhaaS market, particularly within the Asian threat actor ecosystems where subscription model platforms like Darcula and Lucid have gained a lot of popularity.

Operators use LLMs to rapidly build and test modular kits, credential harvesters, OTP relay panels, and bulletproof hosting deployment scripts, all generated and refined through conversational prompting. Phishing kits can now even automatically check against commercial email security solutions before deployment, and LLMs then iterate the obfuscation layer until the evasion score meets a threshold. All with minimal expertise from buyers. 

Of course cyber criminal already had access to rent fully managed campaign infrastructure before, complete with analytics dashboards, victim management, and Telegram bot alerts for real-time credential notifications, the eco system is now just growing even faster.

Modern MFA Defeat Mechanisms

The adaption of Multi Factor Authentication (MFA) has started a slow shift away from simple password stealing phishing websites. Attacker-in-the-Middle frameworks like Evilginx & Co. remain popular to neutralize MFA. They operate as reverse proxies that sit between the victim’s browser and the legitimate service, transparently relaying traffic while intercepting session cookies and JWTs in real time. A more recent escalation is the weaponization of the OAuth2 device authorization grant flow against Microsoft Entra ID and M365 environments – so-called Device Code phishing. In a Device Code attack, the threat actor initiates a legitimate authentication flow, generating a device code, then socially engineers the victim into entering it at microsoft.com. The victim authenticates normally. No malicious link is clicked, no credential is typed into a fake page – the entire interaction happens on legitimate Microsoft infrastructure, rendering URL reputation tools blind. The use of residential proxies and ORB networks makes it hard to reply on IP reputation alone for conditional access policies. The window between token theft and first malicious action has collapsed from hours to seconds – all through automation scripts.

In May 2026, Google’s Threat Intelligence Group (GTIG) reported the first case of a cybercriminal using an AI-generated zero-day in the wild. The exploit was a bypass for a 2FA system used by various companies. This demonstrates that MFA, and even phishing-resistant methods such as passkeys, will face more pressure from AI-powered vulnerability research if their implementation is flawed.

24/7 Agentic Campaign Automation

The operational model has shifted from campaigns run by humans to campaigns run for humans by autonomous agents operating continuously. The reconnaissance phase is now fully automated: agents scrape LinkedIn for organizational hierarchy, cross-reference data broker records, and query breach dumps to build rich target profiles. This context is fed into an LLM that generates unique, persona-aware email lures – a CFO receives a lure referencing her CFO peer by name, a specific pending acquisition, and a plausible internal process. Traditional signature-based Email security gateways see clean, unique text with no pattern to match.

These agents also handle the entire infrastructure lifecycle. Domain registration, DNS configuration, TLS certificate provisioning, and continuous proxy rotation are orchestrated automatically, with domains being spun up and burned on a cycle that outpaces most threat intelligence feeds. Critically, modern agentic systems maintain persistent memory across victim interactions: if an initial lure goes unclicked, the agent notes the failure, adjusts the pretext, and schedules a follow-up via a different vector – SMS, Teams, calendar invite, or LinkedIn message – referencing prior interactions to build false familiarity. The campaign never sleeps, never forgets, and never gets frustrated.

Multi-Channel and Cross-Vector Chains

Email-based phishing is still the most common attack vector, but depending on the target we have seen an increase in multi-vector delivery. Agentic architectures can coordinate attacks across channels within a single campaign. A target profiled via LinkedIn is first primed with a text message to their mobile phone or a vishing call using a cloned voice of their IT helpdesk. That call references a “security incident” and tells the target to expect an email. Alternatively, the attackers execute a subscription bombing attack, flooding the inbox with legitimate newsletters to create an IT incident.

Minutes later, the phishing email arrives – and because the target was primed, it feels more legitimate. The AI orchestrates timing, channel selection, and persona consistency across email, voice, and SMS, creating a social engineering chain that is qualitatively harder to recognize as an attack than any single-vector lure.

Full deepfake multi-persona video calls are still rare, but probably because other methods remain successful. A 10-second voice sample scraped from a public earnings call or conference recording is sufficient to clone a CEO’s voice for a fraudulent wire transfer authorization call. The asymmetry matters: one successful deepfake BEC attack generating a $25M fraudulent transfer more than justifies the investment, which is why the technique’s rarity should not be confused with low risk. From a technology standpoint, attackers have long learned how to create convincing attacks that require video authenticity tools like Pindrop & Co. to detect.

Interactive Scams and Dynamic LLMs

Once a victim engages – replies to an email, fills a form, or initiates a chat – a second AI system activates. Victim replies are routed via API into an LLM configured with a detailed persona and objective. The model reads prior conversation history, parses the victim’s emotional state and objections, and generates contextual, persuasive responses in real time. For advance-fee fraud and romance scam operations, this means a single threat actor can maintain simultaneous “relationships” with hundreds of victims indefinitely, with each conversation feeling personal and continuous.

The financial ROI is striking. What previously required a team of human operators running shifts is replaced by an API call costing fractions of a cent per response. The model never breaks character, never makes timezone errors, and never gets impatient, consistent failure modes that human operators exhibit and that trained victims sometimes catch.

Evasion and Living Off the Land

Defenders have adapted to detect malicious infrastructure – so attackers increasingly operate from trusted infrastructure. Hosting on hyperscalers, hiding behind Cloudflare’s anti-bot Turnstile protection, or even abusing new agentic AI email services. Google Drawings, SharePoint, Canva, and QR codes are abused to host redirect chains that pass URL reputation checks because the initial link is genuinely legitimate. Calendar invite phishing exploits auto-add behavior in Google Calendar to plant lures that arrive outside the classic email flow entirely.

Weaponizing Offensive AI Research and the Defender Gap

With the number of AI systems deployed in production growing, we expect phishing will soon exploit these attack surfaces as well. Prompt injection, context manipulation, and tool-call hijacking can all be used by cybercriminals to achieve their goal of sending emails and having users follow malicious links. For example, a prompt injection targeting enterprise AI assistants via a malicious document or email containing hidden instructions can manipulate a victim’s Copilot or email summarizer into suppressing security warnings, exfiltrating content, or generating deceptive summaries of legitimate alerts.

Defenders are not keeping pace. Most CISOs don’t even know how well their current email security stack blocks modern attacks, and purely hope that user awareness training prevents an impact. That blind spot is growing rapidly.

Attackers now operate at machine speed across identity, email, and endpoint simultaneously – but most SOC detection pipelines still process these as siloed signals. Closing the gap requires deploying AI detection systems with the same cross-channel memory and correlation capabilities that attackers already exploit. The organizations that will survive this shift are those that recognize the threat is no longer a human criminal using AI as a tool – it is an autonomous system running a persistent, adaptive campaign. Against that, purely human-speed defense is no longer enough.

The post The AI Phishing Revolution: From Spray-and-Pray to Autonomous Operations appeared first on IT Security Guru.