AI platforms can be abused for stealthy malware communication

• AI platforms can be abused for stealthy malware communication February 18, 2026 03:18 PM 0 AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate command-and-control (C2) activity. • Researchers at cybersecurity company Check Point discovered that threat actors can use AI services to relay communication between the C2 server and the target machine. • Attackers can exploit this mechanism to deliver commands and retrieve stolen data from victim systems. • The researchers created a proof-of-concept to show how it all works and disclosed their findings to Microsoft and xAI. • AI as a stealthy relay Instead of malware connecting directly to a C2 server hosted on the attacker’s infrastructure, Check Point’s idea was to have it communicate with an AI web interface, instructing the agent to fetch an attacker-controlled URL and receive the response in the AI’s output. • In Check Point’s scenario, the malware interacts with the AI service using the WebView2 component in Windows 11.

Article Summaries:

• AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate command-and-control (C2) activity. Researchers at cybersecurity company Check Point discovered that threat actors can use AI services to relay communication between the C2 server and the target machine. Attackers can exploit this mechanism to deliver commands and retrieve stolen data from victim systems. The researchers created a proof-of-concept to show how it all works and disclosed their findings to Microsoft and xAI. AI as a stealthy relay Instead of malware connectin
• Cybersecurity firm Check Point revealed that attackers can use AI assistants such as Grok and Microsoft Copilot as covert command‑and‑control (C2) channels. By embedding a WebView2 component in malware, the compromised system can query the AI web interface, which fetches attacker‑controlled URLs and returns responses that the malware parses for instructions or stolen data. The proof‑of‑concept works without an API key or account, making it harder to block. Check Point disclosed the findings to Microsoft and xAI; Microsoft acknowledged the issue and urged users to adopt layered security practices. The research highlights a new, stealthy method for malware communication.

Sources:

• https://www.bleepingcomputer.com/news/security/ai-platforms-can-be-abused-for-stealthy-malware-communication/