Head Topics

AI chatbots with web browsing can be abused as malware relays

Computing News

AI chatbots with web browsing can be abused as malware relays
AI SecurityCheck Point ResearchCommand And Control
  • 📰 DigitalTrends
  • ⏱ Reading Time:
  • 133 sec. here
  • 13 min. at publisher
  • 📊 Quality Score:
  • News: 87%
  • Publisher: 65%

Tech Product Reviews, How To, Best Ofs, deals and Advice

AI chatbots with web browsing can be abused as malware relays, based on a Check Point Research demo. Instead of malware calling home to a traditional command server, it can use a chatbot’s URL fetching to pull instructions from a malicious page, then carry the response back to the infected machine.

In many environments, traffic to major AI destinations is already treated as routine, which can let command-and-control fade into normal web use. The same path can also be used to move data out. Recommended Videos Microsoft addressed the work in a statement and framed it as a post-compromise communications issue. It said that once a device is compromised, attackers will try to use whatever services are available, including AI-based ones, and it urged defense-in-depth controls to prevent infection and reduce what happens after. The demo turns chat into a relay The concept is straightforward. The malware prompts the AI web interface to load a URL, summarize what it finds, then scrapes the returned text for an embedded instruction. Check Point said it tested the technique against Grok and Microsoft Copilot through their web interfaces. A key detail is access, the flow is designed to avoid developer APIs, and in the tested scenarios it can work without an API key, lowering friction for misuse. For data theft, the mechanism can run in reverse. One method outlined is to place data in URL query parameters, then rely on the AI-triggered request to deliver it to adversary infrastructure. Basic encoding can further obscure what’s being sent, which makes simple content filtering less reliable. Why it’s harder to spot This isn’t a new malware class. It’s a familiar command-and-control pattern wrapped in a service many companies are actively enabling. If browsing-enabled AI services are left open by default, an infected system can try to hide behind domains that look low-risk. Check Point also highlights how common the plumbing is. Its example uses WebView2 as an embedded browser component on modern Windows machines. In the described workflow, a program gathers basic host details, opens a hidden web view to an AI service, triggers a URL request, then parses the response to extract the next command. That can resemble ordinary app behavior, not an obvious beacon. What security teams should do Treat web-enabled chatbots like any other high-trust cloud app that can be abused after compromise. If it’s permitted, monitor for automation patterns, repeated URL loads, odd prompt cadence, or traffic volumes that don’t match human use. AI browsing features may belong on managed devices and specific roles, not every machine. The open question is scale, this is a demo and it doesn’t quantify success rates against hardened fleets. What to watch next is whether providers add stronger automation detection in web chat, and whether defenders start treating AI destinations as potential post-compromise channels.

We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

DigitalTrends /  🏆 95. in US

AI Security Check Point Research Command And Control Data Exfiltration Grok Malware Microsoft Copilot Web Browsing Chatbots Webview2

 

United States Latest News, United States Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

Apple Music introduces a new way for you to create playlists with text promptsApple Music introduces a new way for you to create playlists with text promptsTech Product Reviews, How To, Best Ofs, deals and Advice
Read more »

iOS 26.4 puts your iPhone in anti-theft mode by defaultiOS 26.4 puts your iPhone in anti-theft mode by defaultTech Product Reviews, How To, Best Ofs, deals and Advice
Read more »

This Dreame robot vacuum does the “hands-off” thing for real, and it’s down to $299.99This Dreame robot vacuum does the “hands-off” thing for real, and it’s down to $299.99Tech Product Reviews, How To, Best Ofs, deals and Advice
Read more »

You’ll soon be able to cap your MacBook’s charge at 80 percent to preserve battery healthYou’ll soon be able to cap your MacBook’s charge at 80 percent to preserve battery healthTech Product Reviews, How To, Best Ofs, deals and Advice
Read more »

ChatGPT now has a Lockdown Mode, but should you enable it?ChatGPT now has a Lockdown Mode, but should you enable it?Tech Product Reviews, How To, Best Ofs, deals and Advice
Read more »

Amazon’s big Fire TV update is now rolling out with plenty of new tricksAmazon’s big Fire TV update is now rolling out with plenty of new tricksTech Product Reviews, How To, Best Ofs, deals and Advice
Read more »



Render Time: 2026-04-01 17:00:53