Welcome to the forefront of conversational AI as we explore the fascinating world of AI chatbots in our dedicated blog series. Discover the latest advancements, applications, and strategies that propel the evolution of chatbot technology. From enhancing customer interactions to streamlining business processes, these articles delve into the innovative ways artificial intelligence is shaping the landscape of automated conversational agents. Whether you’re a business owner, developer, or simply intrigued by the future of interactive technology, join us on this journey to unravel the transformative power and endless possibilities of AI chatbots.
AI chatbots with web browsing can be abused as malware relays, based on a Check Point Research demo. Instead of malware calling home to a traditional command server, it can use a chatbot’s URL fetching to pull instructions from a malicious page, then carry the response back to the infected machine.
In many environments, traffic to major AI destinations is already treated as routine, which can let command-and-control fade into normal web use. The same path can also be used to move data out.
Microsoft addressed the work in a statement and framed it as a post-compromise communications issue. It said that once a device is compromised, attackers will try to use whatever services are available, including AI-based ones, and it urged defense-in-depth controls to prevent infection and reduce what happens after.
The concept is straightforward. The malware prompts the AI web interface to load a URL, summarize what it finds, then scrapes the returned text for an embedded instruction.
Check Point said it tested the technique against Grok and Microsoft Copilot through their web interfaces. A key detail is access, the flow is designed to avoid developer APIs, and in the tested scenarios it can work without an API key, lowering friction for misuse.
For data theft, the mechanism can run in reverse. One method outlined is to place data in URL query parameters, then rely on the AI-triggered request to deliver it to adversary infrastructure. Basic encoding can further obscure what’s being sent, which makes simple content filtering less reliable.
This isn’t a new malware class. It’s a familiar command-and-control pattern wrapped in a service many companies are actively enabling. If browsing-enabled AI services are left open by default, an infected system can try to hide behind domains that look low-risk.
Check Point also highlights how common the plumbing is. Its example uses WebView2 as an embedded browser component on modern Windows machines. In the described workflow, a program gathers basic host details, opens a hidden web view to an AI service, triggers a URL request, then parses the response to extract the next command. That can resemble ordinary app behavior, not an obvious beacon.
Treat web-enabled chatbots like any other high-trust cloud app that can be abused after compromise. If it’s permitted, monitor for automation patterns, repeated URL loads, odd prompt cadence, or traffic volumes that don’t match human use.
AI browsing features may belong on managed devices and specific roles, not every machine. The open question is scale, this is a demo and it doesn’t quantify success rates against hardened fleets. What to watch next is whether providers add stronger automation detection in web chat, and whether defenders start treating AI destinations as potential post-compromise channels.
Microsoft has warned that a Microsoft 365 Copilot issue led Copilot Chat to generate summaries from confidential emails that should have been blocked by sensitivity labels and data loss prevention controls. It detected the problem on January 21, and tied it to the Copilot “work tab” chat experience.
If your workplace relies on labels and DLP to keep sensitive mail from being processed, the immediate question is simple. Did the fix reach your tenant, and does Copilot still pull from the wrong places.
Windows 11 is getting a built-in way to measure your connection speed, and it’s placed right where you already look when something feels off. Instead of jumping to a third-party site or installing another utility, you’ll be able to kick off a Windows 11 speed test from the taskbar area in a couple of clicks.
The shortcut shows up in Quick Settings under Wi-Fi or Cellular, and it’s also available by right-clicking the network icon in the system tray. When you run it, Windows opens your default browser and starts the test there. The setup is simple, but it’s still a little different from a fully native panel inside Settings.
Microsoft is betting on glass data storage for the kind of files you can’t afford to lose, the records that have to survive hardware refreshes, format changes, and decades of time. Its Project Silica research says laser-etched silica glass can hold data for 10,000 years, with room for longer lifespans in normal storage conditions.
Data gets written inside a small glass plate with ultra-fast lasers, then imaging and decoding software reconstructs it later. Microsoft has also pointed to a peer-reviewed Nature paper as evidence it can reliably write, read, and decode what it stores. This is aimed at archives, not your personal photo drive.
Upgrade your lifestyleDigital Trends helps readers keep tabs on the fast-paced world of tech with all the latest news, fun product reviews, insightful editorials, and one-of-a-kind sneak peeks.
