Check Point Frontier AI Models Readiness Program – Security Update

At Check Point we don’t wait for threats to evolve; we evolve ahead of them. This is why we’ve been running our Frontier AI Models Readiness Program: a proactive, structured initiative designed to ensure that our products remain resilient as AI models grow increasingly capable of understanding complex software systems and assisting adversaries in attacking them.

As part of this program, we conducted large-scale AI-driven code scanning across our products, performed extensive security reviews, hardened components where needed, refined our time-to-patch procedures, and accelerated our protection development processes to meet the pace of emerging AI-driven threats.

Today’s Jumbo Security Release is one of the first direct outcomes of that effort.

This Jumbo release includes security fixes correlating with the CVEs listed below:

BLAST – The mechanism behind this security release

As part of the program, we developed a set of internal technologies we collectively call BLAST – Business Logic Application Security Testing. BLAST was built to help us perform AI-driven security analysis at enterprise scale across our own products. During the development what became clear to us is that application security is more than the model used to scan the code. Models are being released at an accelerating pace, and it was apparent to us that the logic behind our methodology must always remain model agnostic.

The challenge we set out to solve wasn’t trivial. We weren’t simply attempting to scan repositories for known coding errors. The challenge we set for ourselves was to deeply understand a platform built over decades, spanning hundreds of repositories, multiple programming languages, cloud and on-premises deployments, and complex interconnections between services. Understanding security posture requires analyzing these systems in the context of how they are actually built, deployed, and operated.

BLAST performs contextual multi-repository analysis, correlating data flows, trust boundaries, authentication paths, and service interactions across the full product architecture rather than inspecting isolated code fragments independently.

What makes BLAST different is that it goes beyond surface level code analysis. It understands architecture and business logic – one of the most significant blind spots in many current-generation AI application security tools. It combines them both with AI-assisted code analysis to surface vulnerabilities that traditional approaches would miss entirely

BLAST incorporates architectural context and product business logic into the analysis process. This allows the system to evaluate how inputs, permissions, workflows, and outputs interact across components and environments—including cloud services, management planes, APIs, and on-premises infrastructure.

By understanding intended behavior and trust relationships, BLAST can identify higher-order vulnerability scenarios that are often invisible to traditional scanners, including multi-stage attack paths, authorization flaws, insecure assumptions between services, and exploitable logic chains spanning multiple repositories.

A critical design goal for BLAST was reducing false positives through exploitability-aware analysis. Large-scale AI-assisted scanning can easily generate overwhelming volumes of theoretical findings that are not practically exploitable in real-world environments.

BLAST therefore prioritizes vulnerabilities based on contextual exploitability validation. Findings are evaluated against actual deployment conditions, reachable attack surfaces, authentication requirements, environmental constraints, and realistic attacker capabilities. This significantly improves signal quality and allows engineering teams to focus remediation efforts on vulnerabilities that represent meaningful real-world risk.

Figure 1: BLAST analysis flow

Comprehensive Mitigations

Vulnerabilities identified by BLAST were rigorously validated, confirmed exploitable under real world conditions, and patched as part of today’s release. In addition, the release includes dozens of hardening opportunities surfaced by BLAST.

As a complementary layer of protection for our customers, we introduced additional mitigations, including IPS signatures and targeted security hardening measures, to further reduce the risk associated with disclosure and potential exploitation.

Looking Forward

This release is not the conclusion of the program. It is the beginning of a continuous hardening effort. As frontier AI models continue to improve, the speed at which vulnerabilities can be discovered – by defenders and attackers alike – will increase significantly. Security programs that aren’t built for that pace will fall behind. Organizations must shorten remediation cycles, increase deployment frequency, strengthen virtual patching strategies, and continuously reassess the resilience of both modern and legacy systems.

For our customers, the message is clear. Staying current on updates is more important than ever. Customers running the latest Jumbo release are fully protected against the vulnerabilities addressed through this initiative and benefit from the broader hardening work performed as part of the Frontier AI Readiness Program.

Running the latest Jumbo release means you are protected against everything uncovered through this program and benefit from the full depth of the security hardening behind it.

We are committed to keeping you ahead of what’s coming. That commitment is built into how we build.