BlogCheck Point
Blog6 minute read

Why Check Point's Lakera acquisition is more than just AI

Lakera, founded in 2021, enhances AI security by detecting anomalies and adversarial attacks. Acquired by Check Point, its technology strengthens AI-driven threat prevention. Through innovative tools like Gandalf, Lakera leverages human creativity to improve AI resilience. This integration promises advanced, adaptive security, transforming Check Point's approach to AI-based threat detection.

In this blog

  1. Who Is Lakera?
  2. Why Check Point acquired them
  3. Integration possibilities
  4. Opportunities & risks
  5. What this means to customers
  6. Competitive landscape & market impact
  7. What's next & predictions
  8. Final thoughts

 Who Is Lakera?

Lakera was founded in 2021 in Zurich by David Haber, Matthias Kraft, and Mateo Rojas-Carulla. The company focuses on protecting artificial intelligence systems from tampering and misuse. Its technology detects when data or model behavior strays from what's expected, helping to identify threats such as data poisoning, prompt injection, and adversarial attacks. Rather than monitoring only networks or endpoints, Lakera safeguards the AI layer itself to ensure models remain trustworthy even under attack. The founders, who bring experience from Google, Meta, and aerospace AI projects, built tools that combine behavioral monitoring with checks for model reliability. Their work reinforces the safety of machine learning in real-world environments and aligns naturally with Check Point's goal of extending proactive, prevention-based security into AI-driven systems.

Gandalf: Agent Breaker

Lakera has also taken an innovative approach to improving its models by harnessing human creativity. The company created Gandalf, an interactive AI security game that challenges players (reaching more than 1 billion players to date) to trick a chatbot into revealing hidden passwords and, more recently, to exploit a whole app store of vulnerable GenAI agents. In Gandalf: Agent Breaker, players attack apps across four difficulty levels in any order, and each attempt is scored from zero to one hundred based on how well it meets the objective; achieving a score of seventy-five or higher unlocks the next level for that app, and a global leaderboard tracks top performers. Each logged attempt supplies real examples of prompt injections, jailbreaks, and other manipulative techniques, forming a vast dataset of human-driven adversarial behavior. Lakera trains its AI using natural language processing, adversarial learning, and anomaly detection so these models can recognize and block similar attacks in production systems. By learning from real human interactions rather than synthetic simulations, Lakera's technology becomes increasingly adaptive and resilient—an approach that supports Check Point's broader vision of integrating trustworthy, self-learning AI across its security ecosystem.

 Why Check Point acquired them

Check Point acquired Lakera to strengthen its AI-driven threat prevention strategy and close a key gap in network detection and response. Lakera's behavioral analytics add a new layer of intelligence to Check Point's architecture, embedding anomaly detection closer to the network core where threats originate. This integration expands visibility into complex or AI-generated attacks that traditional tools often miss. By combining Lakera's technology with ThreatCloud telemetry, Infinity AI-Ops, and SmartEvent analytics, Check Point gains deeper behavioral insight and faster, more adaptive detection across its security ecosystem.

A recent example underscores why Check Point's acquisition of Lakera makes strategic sense. In September 2025, researchers discovered the first malicious Model Context Protocol (MCP) server hidden in a fake npm package called postmark-mcp, which secretly copied every outgoing email to an attacker's server. Lakera's behavioral detection models are trained to identify anomalies and manipulative AI behaviors that could have exposed this threat early by flagging the unexpected data exfiltration pattern and detecting the abnormal communication between the compromised MCP instance and the attacker's domain. By integrating this kind of AI-driven anomaly analysis, Check Point can extend its visibility into emerging AI and agent ecosystems, spotting subtle behavioral deviations that traditional signature-based systems would miss.

 Integration possibilities

Lakera's technology can integrate with Check Point systems in a few different ways. On the gateway, it could run as a built-in inspection layer that studies traffic in real time and spots unusual behavior before it spreads. As a cloud service, it could send live telemetry to the Infinity platform, adding new behavioral data to ThreatCloud's global intelligence feed. A hybrid setup would let gateways and the cloud learn from each other, improving detection models over time. Together, these integrations would expand Check Point's data flow, improve log correlation, and help its AI tools rank and respond to threats more accurately.

 Opportunities & risks

Check Point's purchase of Lakera offers major benefits but also some clear challenges. The new technology can speed up threat detection, improve visibility into AI-based attacks, and help automate responses when unusual behavior appears. Still, bringing Lakera's systems into Check Point's platform will take careful work to manage data models, processing delays, and how information moves between gateways and the cloud. Behavior-based detection also comes with the risk of false positive alerts, which can affect how teams respond to real threats. Another challenge lies in balancing privacy with visibility, since analyzing behavioral data depends on deep inspection of network and application traffic. The success of this integration will depend on how well Check Point tunes these AI models across diverse customer environments, ensuring accuracy without sacrificing performance or compliance.

 What this means to customers

For customers, this signals upcoming changes in how data and analytics flow through their environments. Organizations should prepare for expanded telemetry sharing by confirming that logging, network taps, and API integrations are properly configured to feed behavioral data into Check Point's systems. Early adopters will benefit from testing these capabilities in non-production environments to measure detection accuracy, resource impact, and interoperability with existing policies. Integration will roll out gradually through future Jumbo Hotfixes and the R82 dot releases, following the same phased approach used for previous integrations. Customers who plan ahead will be best positioned to take advantage of the new capabilities as they arrive.

 Competitive landscape & market impact

For Check Point to make the most of the Lakera acquisition, success will depend on how effectively it turns AI-driven detection into measurable customer value. The company must integrate Lakera's behavioral analytics across its product line without adding operational complexity or performance drag. Delivering consistent, explainable results will be critical, and customers need to trust that AI-powered decisions improve accuracy rather than obscure it. Check Point also has an opportunity to expand its influence by using this technology to unify prevention and detection under a single, transparent framework that extends from the network edge to the cloud. To improve their current position in the market, it must execute fairly quickly, communicate clearly, and show that its' AI investments deliver real outcomes: faster response times, lower false positives, and a more intelligent Infinity Fabric that adapts as threats evolve.

 What's next & predictions

Over the next year and a half, Lakera's technology is likely to appear within Check Point's Infinity AI-Ops and SmartEvent platforms, enhancing anomaly detection and event analysis with deeper behavioral context. Future releases, beginning with R82 dot releases, maybe we will see  new dashboards that visualize AI-driven correlations and support automated remediation policies based on Lakera's models. Over time, this integration could evolve into a more autonomous framework… one capable of adapting security policies dynamically as network behavior changes. It would be great if these advancements move Check Point closer to highly integrated AI-native architecture, where prevention, detection, and response operate as a unified, self-optimizing system.

 Final thoughts

Check Point's acquisition of Lakera is a strategically solid move forward that accelerates a transition toward a self-learning, adaptive security architecture. If executed well, and I hope it will be, it could redefine how detection, prevention, and AI assurance venn-diagram-intersect inside the Infinity ecosystem.

Technologies