Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
AI Assistants Exploited as Malware Command Channels

AI Assistants Exploited as Malware Command Channels

Posted on February 17, 2026 By CWS

Cybersecurity experts have unveiled a new threat, revealing that artificial intelligence (AI) assistants with web browsing capabilities can be manipulated to serve as covert command-and-control (C2) channels for malware. This technique, demonstrated on platforms like Microsoft Copilot and xAI Grok, enables attackers to mask their operations within legitimate enterprise communications, thereby evading detection.

AI as a Covert Communication Tool

The method, termed ‘AI as a C2 proxy’ by Check Point, utilizes the integration of anonymous web access with browsing and summarization prompts. This approach allows adversaries to employ AI systems not only to accelerate cyber attack phases but also to dynamically generate malicious code that adapts based on data from compromised hosts.

AI tools have already amplified the capabilities of cybercriminals, assisting in reconnaissance, crafting phishing emails, and debugging code. However, using AI as a C2 proxy represents a significant advancement, as it transforms these systems into two-way communication channels by retrieving and responding to attacker-controlled URLs without needing an API key or account registration.

Challenges in Detection and Prevention

This strategy mirrors traditional tactics that exploit trusted services for malware distribution, often described as living-off-trusted-sites (LOTS). The technique requires initial compromise of a target machine to deploy malware, which then uses AI tools as communication conduits to relay commands from attacker servers.

Check Point highlights the potential for attackers to not only generate commands but also to develop evasion strategies using AI outputs to assess the value of further exploitation. The AI services can thus function as a decision engine, paving the way for automated, AI-driven malware operations.

Broader Implications for Cybersecurity

The disclosure follows a similar revelation by Palo Alto Networks Unit 42, which demonstrated how client-side API calls to trusted large language model (LLM) services can dynamically generate malicious scripts, transforming benign web pages into phishing sites. This method, akin to Last Mile Reassembly (LMR) attacks, involves assembling malware directly within the victim’s browser, bypassing traditional security measures.

Researchers warn that attackers could manipulate AI safety protocols to generate harmful code snippets, which are then executed in the victim’s environment. This underscores the growing complexity and sophistication of AI-enabled cyber threats, necessitating enhanced vigilance and new security strategies to counteract these evolving risks.

As AI continues to play a pivotal role in cyber operations, understanding and mitigating its misuse becomes critical. Organizations must adapt to this new landscape, ensuring robust defenses against AI-facilitated attack vectors.

The Hacker News Tags:AI abuse, AI security, AI tools, API threats, C2 proxies, Check Point, Copilot, cyber attack, Cybersecurity, Grok, LOTS, machine learning, malware threats, network security, Phishing

Post navigation

Previous Post: How CISOs Leverage Threat Intelligence to Prevent Breaches
Next Post: QR Codes Exploited in Rising Phishing and App Threats

Related Posts

Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT The Hacker News
Critical Docker Vulnerability Allows Host Access Critical Docker Vulnerability Allows Host Access The Hacker News
AI Tool CyberStrikeAI Powers Global FortiGate Attacks AI Tool CyberStrikeAI Powers Global FortiGate Attacks The Hacker News
Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack The Hacker News
Critical Cybersecurity Threats and Emerging Vulnerabilities Critical Cybersecurity Threats and Emerging Vulnerabilities The Hacker News
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AI Security Model Redeployment and Major Vulnerabilities
  • Flipper Zero Enhances Firmware Development Strategy
  • T3MP3ST Framework Transforms AI Into Security Pioneers
  • Microsoft Enhances Windows 11 OOBE with New Update
  • Government Pays $1M to Prevent Data Leak by Kairos Group

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AI Security Model Redeployment and Major Vulnerabilities
  • Flipper Zero Enhances Firmware Development Strategy
  • T3MP3ST Framework Transforms AI Into Security Pioneers
  • Microsoft Enhances Windows 11 OOBE with New Update
  • Government Pays $1M to Prevent Data Leak by Kairos Group

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark