Cybersecurity researchers are warning that foreign hackers and malicious actors have shifted their focus away from directly tampering with voting infrastructure toward large-scale voter misinformation campaigns in the 2026 midterm elections, according to a new report published Monday by Check Point Software.

The report found that AI-amplified threats—including deepfake videos, deceptive audio, phishing schemes and impersonation attacks—are now the primary methods used to undermine election integrity. Researchers say this approach is cheaper, more scalable and harder to trace than attempting to compromise voting machines or ballot counting systems directly.

"The current threat environment favors operations that are inexpensive, scalable, and capable of producing outsize political or psychological impact," the report stated. "These campaigns can create confusion, reputational harm, and operational disruption without requiring direct compromise of core election infrastructure."

Aaron Rose, security architect manager for Check Point, described the strategy as an "attack on the mind."

"If you are able to confuse 10,000 people in a swing county or swing state, that alone could change the outcome of the election," Rose said in an interview with The Hill. "Because you've confused them about voting locations or who the options are."

What the Left Is Saying

Democratic lawmakers and progressive election security advocates argue the Check Point findings underscore the need for greater investment in media literacy programs and federal resources to combat AI-generated disinformation targeting voters.

Supporters of this view say the focus should be on protecting voters from manipulation rather than restricting ballot access. They point to the leaked ActBlue donor credentials—nearly 9,500—as evidence that campaigns are targeting political fundraising infrastructure as a way to confuse and financially exploit partisan donors across the political spectrum.

Progressive advocates argue that addressing AI disinformation requires comprehensive federal legislation regulating synthetic media in political advertising, along with platform-level accountability for viral misleading content. They note that the leaked donor credentials affected both major parties equally, suggesting this is a nonpartisan threat requiring bipartisan solutions.

What the Right Is Saying

Conservative election security experts and Republican officials have long argued that the primary threats to election integrity involve physical voting infrastructure—specifically electronic voting machines and mail-in ballots—which remain vulnerable to tampering.

The Trump administration has repeatedly emphasized these concerns. The Check Point report notes this divergence between how hackers are actually operating and what policymakers publicly prioritize as risks.

"Everybody's politically charged when they see information that either makes them angry or 100 percent aligns with their views, they just instantly hit that repost and don't know if it's a valid source or not," Rose observed, noting the effectiveness of these operations in an already polarized political environment.

Conservative voices argue for continued focus on securing voting machines, strengthening voter ID requirements and auditing election results—measures they say directly address documented vulnerabilities rather than speculative threats. They contend that concerns about AI disinformation should not be used to justify restricting free speech online or expanding government censorship authority.

What the Numbers Show

According to Check Point Software's report released Monday: nearly 9,500 ActBlue donor credentials and approximately 6,500 WinRed donor credentials were leaked through credential stuffing attacks. These numbers represent donors from both major parties whose personal information was exposed for potential future phishing campaigns.

Researchers documented a significant increase in domain registrations using election-related keywords such as "vote" and "election" designed to trick voters into visiting malicious sites. AI-generated content, including altered videos and deceptive audio clips, has increased substantially compared to the 2024 election cycle, according to the report.

Cybersecurity firms have tracked state-linked foreign actors—primarily from Russia, Iran and China—conducting both influence operations and cyber reconnaissance targeting U.S. election infrastructure ahead of the 2026 midterms. Rose noted that while intelligence agencies are aware of these threats, the sheer volume makes tracking and attribution difficult.

The Bottom Line

The Check Point report highlights a fundamental disconnect between how hackers actually operate and how election security is publicly debated in Washington. While malicious actors increasingly favor psychological operations over technical infrastructure attacks, federal policy discussions often focus on voting machines and ballot procedures instead of disinformation ecosystems.

Voters are advised to verify sources before sharing political content, pause before clicking unfamiliar links and be skeptical of urgent requests for personal or financial information, especially those referencing past donations. The leaked donor credentials from both major parties suggest this threat affects all political persuasions equally.

Researchers expect foreign actors to continue conducting influence operations throughout the 2026 election cycle. Federal agencies are monitoring these threats but face significant challenges in attribution and response given the scale of AI-amplified campaigns.