Check Point has launched an agentic orchestration platform that can end the policy drift, stalled Zero Trust projects, and manual configuration backlogs that have plagued enterprise security teams for decades.
The company’s Agentic Network Security Orchestration Platform is built around autonomous AI agents that translate business intent directly into firewall policy, tighten configurations in real time, and respond to threats across multi-vendor environments without waiting for a human to raise a ticket.
It’s an ambitious claim, but Check Point’s diagnosis of the problem is hard to argue with. A single network change request can take two to four weeks to work through analysis, security review, and policy dependencies, only to break something else and restart the cycle. Segmentation projects sit on roadmaps for years. Policies drift as workloads move faster than any team can keep up with. Zero Trust becomes a slide deck, not a deployment.
“Security teams can operate entirely at the level of business intent,” said Charlotte Wilson, head of enterprise for the UK & Ireland at Check Point. “Everything below that, the rule creation, the policy tightening, the virtual patching, is handed to AI agents to execute autonomously, within predefined guardrails and under continuous human oversight. We are turning projects that used to take months into days of auditable action.”
What’s Actually Under the Hood
At the centre of the platform is what Check Point calls a Network Knowledge Graph, a live, continuously updated relational model of a customer’s actual environment that incorporates topology, traffic flows, asset dependencies, and real-time configuration data. This is the part that matters: the agents aren’t reasoning over generic training data, they’re reasoning over your specific network as it exists right now.
A semantic intelligence layer interprets not just the syntax of existing firewall policies but the business intent behind them, including rules written years or decades ago that no one fully remembers creating.
Four core capabilities sit on top of this foundation:
- Intent-to-Policy converts natural language business requirements into hardened, risk-validated firewall rules across multi-vendor environments.
- Zero Trust and Policy Tightening continuously analyses active traffic to identify over-permissive configurations and autonomously applies validated policy tightens without risking connectivity disruptions.
- Autonomous Troubleshooting conducts multi-step reasoning across topology, policy history, and logs to cut mean time to resolution from hours to minutes.
- Continuous Compliance maps every rule and configuration change to DORA, PCI-DSS, and NIST in real time,l replacing annual audit scrambles with automated enforcement.
Security teams retain approval authority over high-impact changes, with a full execution trace of every agent action.
The Acquisition Behind the Roadmap
Also announced today: Check Point has signed a definitive agreement to acquire Deepchecks, a production-grade platform for LLM evaluation, observability, and monitoring, along with its team and IP. The team, graduates of Israel’s elite Talpiot technology programme, will work to build the evaluation layer that lets enterprises actually trust autonomous agents in production. It’s the component most agentic security pitches quietly skip over.
“Any multi-agent system must include a robust evaluation layer that enables continuous measurement, tuning, and improvement over time,” said Ofir Korzenyak, VP AI Technologies. “Deepchecks’ team brings cutting-edge capabilities precisely in this area.”
Availability
Some capabilities are shipping today. Policy Auditor, Policy Insights, and AI Assist are generally available. The broader Playblocks Agents platform is in early access, with a wider preview including more agents, additional skills, and expanded multi-vendor support expected in H2 2026.
The underlying agent models are fine-tuned on over 30 years of Check Point operational data across more than 100,000 customer organisations, which gives them a head start on the edge cases that trip up models trained on more generic security data.
IDC’s Frank Dickson offered a qualified endorsement: “Agentic approaches like Check Point’s ground autonomous execution in a live understanding of the actual network environment, representing a meaningful architectural shift in how organisations can structurally close that gap.”
For security teams buried in configuration backlogs and stalled Zero Trust projects, it’s the kind of architectural shift that’s been a long time coming.
