Security researchers demonstrated that AI chatbots offering web browsing can be manipulated to act as covert command‑and‑control conduits for malware. By prompting the chatbot to fetch a malicious URL and parsing the returned text for instructions, attackers can hide malicious traffic behind legitimate AI service requests. The technique works without needing developer APIs or API keys, and can also be used to exfiltrate data. Experts recommend treating AI web‑enabled services like any other high‑trust cloud application, monitoring for abnormal automation patterns, and restricting access to managed devices.
Read more → 