In the cybersecurity community, the ability to see a threat before it strikes defines who stays safe and who gets hit. This was the central theme of Check Point’s recent Threat Intelligence live AMA Reddit webinar, where leading experts from Check Point Research (CPR) and External Risk Management (ERM) Research (formerly Cyberint) offered rare, behind-the-scenes insights into how they track, predict, and prevent attacks at machine speed.
These experts are :
- Sergey Shykevich – Head of Threat Intelligence Group, with deep experience in cybercrime and military intelligence operations.
- Pedro Drimel Neto – Malware analysis lead at Check Point Research (CPR), known for reverse engineering and threat hunting.
- Amit Weigman – Cybersecurity and AI expert from the Office of the CTO, focused on uncovering fraud and proactive defense.
- Coral Tayar – Cyber researcher at Check Point External Risk Management(formerly Cyberint) featured in The Washington Post and Bleeping Computer, specializing in emerging threats.
- Shmuel Gihon – Lead researcher at Check Point ERM (formerly Cyberint) with appearances on CNBC and Dark Reading, known for uncovering global threat campaigns.
- Daniel Sadeh – Threat Intel Analyst at Check Point ERM (formerly Cyberint), with a background in education and research.
- Eugenia Shlaen – Threat Intel Analyst at ERM, focused on risk, deep and dark web investigations and client threat assessments.
The discussion, hosted on r/threatintel, drew security analysts, CISOs, and AI researchers from around the world. It unpacked everything from AI-generated phishing, real-time adversary adaptation, and threat attribution, to what it really means to fight cybercrime in an age where AI doesn’t just defend, it attacks.[1]
Together, the Check Point team brought over 50 years of combined experience to the AMA, offering raw, real-time insights into threat intelligence.
AI and the New Cyber Battleground - One of the most discussed themes of the AMA was the rise of agentic AI in cyber operations. As Amit Weigman, Cyber Security and AI Expert at Check Point’s Office of the CTO and External Risk Management Research, explained, threat actors are now using AI to automate reconnaissance, craft dynamic phishing campaigns, and deploy malware faster than ever. “Attackers are already using AI to move faster and hit harder,” said Weigman. “But defenders who use AI to model attacker behavior, simulate evolving threats, and automate response loops can flip the script; while AI helps to correlate signals across massive datasets, in the end, human expertise still matters. It’s not about outspending the attacker, it’s about outsmarting and outlearning them.”
This ability to learn faster has become the defining advantage in cyber security. While attackers weaponize AI to exploit vulnerabilities, AI-powered prevention engines, continuously correlate billions of signals daily across 150,000 networks to predict and stop attacks before they start.
Early Detection at Global Scale - This threat visibility spans over 100,000 gateways and cloud environments worldwide, giving its research teams the ability to detect anomalies long before they go mainstream. As stated by the group, “We often see threats in one region before they propagate globally. That early visibility is key.”
This global scope allows researchers to trace campaigns as they emerge, from hacktivist-led DDoS attacks to AI-assisted financial fraud and share actionable intelligence with CERTs, law enforcement, and partner organizations in real time.
The message is clear: in an AI-driven landscape, timing is everything. Seeing a threat seconds earlier can mean saving millions in damage and downtime.
Inside the Mind of a Threat Hunter - So what does a day in the life of a cyber threat researcher look like? According to Pedro Drimel Neto, Malware Analysis Lead at Check Point Research, it’s a mix of science, intuition, and adaptability, “No two days are alike. One morning you’re reverse-engineering malware, the next you’re tracking phishing campaigns or writing tools to automate detection.”
Meanwhile, Daniel Sadeh, Threat Intel Analyst from the External Risk Management research team who focuses on proactive client defense commented, “Each analyst monitors multiple client environments across sectors in finance, tech, manufacturing scanning open, deep, and dark web sources for emerging threats. We’re not waiting for alerts; we’re hunting for early indicators.”
This collaboration between Check Point and ERM research’s external risk teams has been instrumental in detecting AI-driven attacks like deepfake-enabled scams, multi-stage ransomware, and synthetic social engineering campaigns before they become global headlines.
The Culture of Collaboration: AMA as a Living Learning Hub - Beyond the technical insights, the AMA underscored a key philosophy: collective defense. Check Point’s researchers highlighted how open dialogue between experts, researchers, and the cyber security community helps build resilience at scale. Check Point works closely with CERTs, law enforcement, and other vendors to share IOCs and threat insights and encouraged researchers to submit suspicious samples and indicators. “We believe in collaboration, not competition,” said Sergey Shykevich, Head of Threat Intelligence Group. “The more we share, the stronger we all are.” This is why AMA sessions have become a vital part of Check Point’s outreach, connecting global defenders, sharing learnings, and equipping the community to respond faster to emerging AI threats.
Decoding the Adversary - Behind every alert and blocked attack is a team of experts racing against machine-speed adversaries. At Check Point, this fusion of AI-powered analysis and human expertise drives both Check Point Research and the ERM teams, enabling them to predict and prevent attacks before they spread.
As Pedro Drimel from Check Point Research explains, “No two days are alike, one day we’re reverse-engineering malware or building automation tools, the next we’re hunting for new threats or presenting at a security conference. It’s a constant cycle of learning and adapting.”
This proactive model embodies a prevention-first philosophy using AI-driven intelligence to detect intent before impact. Analysts correlate massive volumes of global data to spot emerging campaigns, from phishing to ransomware, turning every signal into actionable defense.
However, as Sergey Shykevich, Head of Threat Intelligence Group, notes, attribution is becoming increasingly complex: “Hacktivists target governments and corporations using DDoS, while cyber criminals use the same methods for extortion. Motivations help, but collaboration blurs the lines.” In today’s AI-driven threat landscape, traditional labels no longer apply attackers share models, code, and methods across borders and ideologies.
For Check Point’s researchers, this evolution underscores the need for AI-enabled forensics and predictive analytics. As adversaries automate deception, defenders must automate truth using AI to reveal patterns, infer intent, and build cyber resilience. By applying AI to pattern recognition, adversary profiling, and anomaly detection, researchers are not just responding to attacks, they’re anticipating intent. This approach turns AI from a reactive tool into a strategic ally in threat intelligence, enabling faster, smarter, and more predictive defense mechanisms. The future belongs to those who can see, learn, and act at machine speed.
Adapting at Machine Speed - If there was one message that echoed throughout the AMA webinar, it was this: adapt or be outpaced. Cyber defense today is less about traditional tech and more about mindsets the ability to learn, pivot, and automate faster than the adversary.
As Weigman concluded, “Attackers are experimenting every day. The real danger isn’t them, it’s defenders who underestimate how fast they’re moving.” There is clearly a critical cultural challenge in cybersecurity: denial. Weigman warns that underestimating AI’s capabilities can lead to issues, and putting plans in place to pivot to the new reality is essential.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.msspalert.com/native/we-see-threats-before-they-hit-how-ai-and-human-intelligence-are-rewriting-cyber-defense
Comments