{"data":{"id":"a3ec1e7f-d669-4f33-9ee8-56d090f28e81","title":"AI platforms can be abused for stealthy malware communication","summary":"Researchers at Check Point discovered that AI assistants with web browsing abilities, like Grok and Microsoft Copilot, can be abused as hidden communication relays for malware. Attackers can instruct these AI services to fetch attacker-controlled URLs and relay commands back to malware, creating a stealthy two-way communication channel (C2, or command-and-control) that bypasses normal security detection because the AI platforms are trusted by security tools. The proof-of-concept attack works without requiring API keys or accounts, making it harder for defenders to block.","solution":"N/A -- no mitigation discussed in source.","labels":["security","safety"],"sourceUrl":"https://www.bleepingcomputer.com/news/security/ai-platforms-can-be-abused-for-stealthy-malware-communication/","publishedAt":"2026-02-18T20:18:24.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["denial_of_service","other"],"issueType":"news","affectedPackages":null,"affectedVendors":["Microsoft","xAI"],"affectedVendorsRaw":["Microsoft Copilot","Grok","xAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}