Check Point Research has identified significant security risks associated with the rapid adoption of generative artificial intelligence tools in organizations. The global cyberattack statistics report for December 2025 points out that the widespread use of these technologies has caused the involuntary exposure of confidential information. Essa practice creates opportunities for cybercriminals to exploit critical data from companies around the world.
Organizations recorded an average of 2,027 cyberattacks per week throughout 2025. Esse number represents a 9% increase compared to the previous year. The growth reflects the expansion of the attack surface driven by digital transformation and increasing reliance on AI-based tools.
States Unidos and Reino Unido concentrated the highest volumes of incidents. Nessas regions, more than 1,440 organizations suffered weekly attacks, an increase of 39% compared to December 2024. Economias highly digitized organizations face a sharp increase in threats.
Accelerated growth of global cyberattacks
The unprecedented volume of cyber threats observed in 2025 is due to multiple factors. Migration to the cloud and integration of AI solutions have increased points of vulnerability in corporate infrastructures. Empresas of different sizes recorded a higher frequency of incidents throughout the year.
Ransomware has maintained a dominant position among threats affecting industrial and business operations. Grupos specialists exploited flaws in Windows systems, virtualized environments and Linux infrastructures. The technical evolution of attackers allowed greater reach and efficiency in campaigns.
Main active ransomware groups
The Qilin group, reportedly operating from Rússia, led the most aggressive actions during 2025. The organization maintained high consistency in victim posts and extortion techniques. LockBit5 and Akira occupied the second and third positions in the activity ranking.
These groups focused efforts on high-value targets. Eles used double extortion, combining data encryption with publication threats. Quick adaptation to police disruptions contributed to maintaining the volume of attacks.
- Qilin: highest number of publicly reported victims.
- LockBit5: Fast return after interrupt operations.
- Akira: focus on medium and large corporate systems.
Vulnerabilities linked to the use of generative AI
The insertion of sensitive corporate data into AI systems often occurs without adequate controls. Ausência of governance and information classification policies increases the risk of leaks. Dados confidential information may be stored insecurely or later exploited by malicious actors.
Recent studies indicate that one in every 80 queries in generative AI tools has the potential to expose critical information. The phenomenon affects organizations that adopt these technologies without specific preventive measures. Unauthorized use, known as shadow AI, exacerbates the problem in several sectors.
Enterprises face additional challenges in securely integrating broad language models. Falta visibility into prompts entered by employees prevents effective application of filters. Essa situation demands immediate implementation of solutions specialized in data protection in AI environments.
Sectors most affected by threats
Government and education are among the segments most affected by cyber incidents. Instituições Non-profits also reported a high incidence of attacks. Outdated Infraestruturas and a shortage of security experts contribute to this vulnerability.
The inappropriate use of organizational data in training AI models represents a critical factor in these sectors. Ausência of scientific controls allows exploitation by attackers looking for low-resistance loopholes. Atualização of legacy systems becomes a priority for risk reduction.
Public organizations often operate with limited cybersecurity budgets. Essa restriction makes it difficult to hire qualified professionals and acquire advanced tools. The combination of these elements creates a favorable environment for high-impact incidents.
Specific increase in ransomware
Records from December 2025 indicated a 60% increase in ransomware cases compared to the same period in 2024. The month had the highest annual volume of public incidents. Grupos and Qilin doubled the average rate of victims in the last quarters of the year.
Attackers have improved initial infiltration techniques. Exploração of vulnerabilities in corporate software and compromised credentials predominated in the campaigns. The integration of artificial intelligence by criminals has accelerated recognition and execution processes.
Recommended protective measures
Companies need to strengthen AI governance to mitigate emerging risks. Implementação clear usage policies and automatic classification of sensitive data reduces exposure. Soluções built-in prevention systems detect high-risk prompts in real time.
Modernization of legacy systems and investment in team training form an essential basis for defense. Organizações that adopt unified security platforms gain greater visibility into threats. The combination of prevention, detection and response accelerates incident containment.
Trends observed in specific regions
Countries with high digital penetration concentrated a greater volume of weekly attacks. The dependence on cloud technologies has expanded exposed surfaces in these economies. Monitoramento threat continuum allows anticipation of targeted campaigns.
Emerging regions recorded proportional growth in incidents. Adoção acceleration of digital tools without security maturity explains part of the increase. Transferência of knowledge and accessible solutions contribute to gradual balance on the global stage.
Technical evolution of attackers
Ransomware groups have demonstrated the ability to quickly adapt to disruptions. Retorno of operations following police actions occurred in short periods. Desenvolvimento of variants for Linux reflects target diversification beyond traditional Windows environments.
Use of artificial intelligence by criminals optimizes phishing campaigns and vulnerability exploitation. Geração automated compelling content increases success rates in early attack stages. Defesas need to incorporate AI-generated artifact detection.
Importance of data classification
Organizations that implement automatic classification significantly reduce leakage risks. Identificação preview of sensitive information prevents inadvertent insertion into external tools. Zero trust Políticas complements this approach in hybrid environments.
Regular employee training on shadow AI risks reinforces human layer of protection. Conscientização on consequences of inappropriate prompts reduces internal incidents. Monitoramento of network traffic detects suspicious exfiltration patterns.
