AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

AI platforms can be abused for stealthy malware communication

highnewsLLM-Specific

securitysafety

Source: BleepingComputerFebruary 18, 2026

Summary

Researchers at Check Point discovered that AI assistants with web browsing abilities, like Grok and Microsoft Copilot, can be abused as hidden communication relays for malware. Attackers can instruct these AI services to fetch attacker-controlled URLs and relay commands back to malware, creating a stealthy two-way communication channel (C2, or command-and-control) that bypasses normal security detection because the AI platforms are trusted by security tools. The proof-of-concept attack works without requiring API keys or accounts, making it harder for defenders to block.

Classification

Attack Type

DoSOther

Attack SophisticationModerate

Impact (CIA+S)

integrity

Affected Vendors

MicrosoftxAI

Related Issues

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

Similar attackNVD/CVE Database

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

First tracked: February 18, 2026 at 07:00 PM

Classified by LLM (prompt v3) · confidence: 92%