Check Point Bets $170M on AI Agents to Fix Network Security — But Can a Firewall Company Execute a Platform Pivot?

Check Point Software Technologies spent three decades building the firewall into the backbone of enterprise network security. Now it is spending again — roughly $170 million across four Israeli acquisitions in five months — to replace what it built with AI agents.

On May 19, alongside the acquisition of Tel Aviv-based Deepchecks, Check Point announced an Agentic Network Security Orchestration Platform that translates business intent into firewall rules, continuously tightens over-permissive access, and troubleshoots failures without the manual overhead that has defined enterprise security operations. The platform targets what Check Point characterizes as a two-to-four week delay between a change request and a deployed firewall rule — Check Point's own description of the problem its rule-based business model helped create over thirty years of selling firewall hardware and software.

The timing is driven by financial pressure. Check Point reported Q1 2026 revenue of $668 million, up just 5% year-over-year, while its shares have declined more than 30% over the past six months. The platform launch and acquisition spree are inseparable from that context — Check Point is betting that autonomous security operations represent its only credible path back to growth.

Deepchecks is Check Point's fourth Israeli cybersecurity acquisition this year, following deals for Cyclops Security, Cyata, and the acqui-hire of Rotate in February, estimated at $150 million combined. The 15-person company raised $14 million in seed funding from Grove Ventures in June 2023. The acquisition price — estimated at $10 million to $20 million — is small relative to Check Point's quarterly revenue. What the deal structure suggests is a company that raised $14 million in seed capital two years ago sold before that valuation compounded. Deepchecks brings a validation layer meant to catch AI hallucinations before they reach production. CTO Jonathan Zanger said mission-critical security systems cannot tolerate inaccurate model outputs. Whether 15 people can validate autonomous security decisions across Check Point's installed base of over 100,000 organizations is the unresolved question the deal does not answer.

Dr. Yossi Saad, head of product management AI at Check Point, described the architecture in terms that make clear humans remain in the loop for high-risk changes. "AI intelligence is generic and comes from the LLM," Saad said. "The way you harness this power is important to get results that are relevant, accurate, and with no hallucinations." The platform keeps humans involved for bigger or higher-risk changes — security teams decide what they want to protect and set the rules for how far agents can go before a human has to sign off. Check Point provided no customer references from enterprises running the platform; whether organizations will trust autonomous agents to reconfigure production security environments at scale is unresolved.

Palo Alto Networks launched its Prisma AIRS platform in March — a comparable announcement in the same category of autonomous security operations. Whether Check Point's architecture is meaningfully differentiated from Palo Alto's is an open question that neither announcement resolves. MSSP Alert reports that Check Point's multi-vendor orchestration automates time-consuming processes across domains rather than replacing vendor-specific management tools — a narrower claim than full platform replacement. Analysts have not yet assessed whether Check Point's approach is meaningfully differentiated from Palo Alto's. Both vendors are in early stages of a similar bet on autonomous security operations. If that thesis is right, it reshapes the category. If it is wrong — if customers prove reluctant to let autonomous agents reconfigure production environments at scale — the acquisition spend represents a costly detour.

The structural tension in Check Point's announcement is this: the company built the rule-based complexity it now promises to automate. Three decades of firewall policies, vendor consoles, and policy drift are Check Point's legacy product. The platform's semantic intelligence layer promises to interpret business intent behind rules written years or decades ago. That Check Point is both the author of the problem and the announced source of the solution is not necessarily disqualifying — domain expertise is what makes autonomous validation tractable. But it is the reason to watch Q2 results carefully before calling this a transformation rather than a restructuring.