AI assistants with built-in web browsing capabilities could, in the future, become a covert communication channel for malware — a kind of “courier” that carries instructions from cybercriminals to infected devices without resembling a classic attack. These are the conclusions of a new study conducted by experts at Check Point Research.
In many companies, using AI tools has become part of everyday routine and is treated as normal, trusted network traffic. Cybersecurity researchers warn, however, that in such an environment malicious communication could “blend into the background” — looking like ordinary chat queries, page summaries, or a simple “link check,” rather than a connection to a suspicious server.
Check Point Research specialists tested this hypothesis. In controlled experiments, they confirmed that AI platforms capable of fetching content from the internet could act as an intermediary: instead of connecting directly to a command-and-control server (typical of cyberattacks), malware could conceal that communication within interactions with an AI service. The tests covered, among others, Grok and Microsoft Copilot.
This points to a shift toward AI-driven attacks in which malware could behave more like an “adaptive operator” than a simple script. That would mean it could gather information about its environment and, based on that, choose its next actions — making it harder to predict and detect.
Ultimately, this is not “just another software vulnerability,” but rather a problem stemming from a growing dependence on trusted AI services. Experts are almost unanimous that organizations should stop treating traffic to AI services as automatically safe and start monitoring it in the same way as other sensitive communication channels.
“As AI becomes more deeply embedded in everyday business processes, it is also starting to be used in offensive operations. Today, cybercriminals don’t have to build complex infrastructure — often all they need is access to widely trusted AI services. To stay secure, organizations should monitor AI-related traffic with the same level of attention as any other high-risk channel, introduce stricter rules for using AI-based features, and deploy protections that understand not only what AI is doing, but also why,” says Eli Smadja, Head of Research at Check Point Research.
The researchers stress one important detail: there is still no evidence that cybercriminals are using this method in real-world campaigns. The analysis serves as an early warning — ahead of the trend becoming widespread. Check Point experts have informed relevant stakeholders about their findings. Microsoft has already responded, confirming the conclusions and implementing changes to how web content retrieval works in Copilot.
Source: https://managerplus.pl/agenci-ai-moga-przemycac-komendy-hakerow-oto-nowy-scenariusz
