3 min Security

Only a fraction of AI alerts are critical

Only a fraction of AI alerts are critical

Cybersecurity teams are facing an ever-increasing volume of security alerts, partly because attackers are using AI to identify vulnerabilities faster and on a larger scale. However, only a small portion of those alerts actually require immediate action. This is according to the 2026 Exposure Gap Report by Check Point Software Technologies.

According to the study, the proportion of critical vulnerabilities has risen from 18.7 to 42.6 percent of all critical risks over the course of a year. At the same time, the report shows that, upon further analysis, only 7.8 percent of all vulnerability reports were rated as “critical” or “high.” According to the researchers, the remaining alerts did not require immediate action.

According to Check Point, the use of AI is changing the pace at which attackers operate. Automated tools make it possible to scan large numbers of systems, accounts, phishing infrastructure, and known vulnerabilities in a short period of time. As a result, the number of reports received by security teams is increasing, while the capacity to assess them manually is not growing at the same pace.

In this context, the report refers to an “exposure gap”: the gap between detecting potential risks, determining which of them are truly urgent, and implementing remedial measures in a timely manner.

The research data also shows that 76 percent of all critical exposures stem from just two categories: software vulnerabilities and exposed internal information. Phishing is also gaining ground again. According to the report, the share of phishing websites among critical exposures rose from 1 to 10.5 percent in the space of a year.

Differences across sectors

The nature of the risks varies by sector. For utility companies, 78.2 percent of critical exposures consist of vulnerabilities. For government organizations, that share stands at 56.4 percent.

In the healthcare and financial sectors, however, exposed internal information is the largest risk category, accounting for 63.6 and 42.7 percent of critical exposures, respectively.

The healthcare sector also has the longest recovery times. The median time to remediate vulnerabilities there is 158.8 hours. Check Point attributes this to factors such as outdated systems, the continuous availability required by healthcare applications, and strict procedures surrounding changes to IT systems.

Prioritization is more important than increased detection

According to Yochai Corem, vice president and general manager of Exposure Management at Check Point, the number of vulnerabilities that attackers can exploit is growing faster than security teams can address manually. He states that organizations are therefore becoming increasingly reliant on methods to determine which risks truly deserve priority and which are less urgent.

On average, the organizations surveyed implemented 85.9 percent of the recommended remediation measures. According to the researchers, this indicates that organizations can respond effectively when they have sufficient insight into the risks and a clear prioritization of remediation actions.