AI is evolving from a development tool into a core component of malware runtimes. This 'AI-Driven' (AID) malware leverages models to interpret host signals—such as user roles and environment artifacts—to dynamically decide on actions like data prioritization and lateral movement. This shifts decision-making from predictable, static code to flexible, model-driven logic that is significantly harder for defenders to signature or predict.
Check Point Research has demonstrated a practical implementation of this trend by abusing AI assistants like Grok and Microsoft Copilot as covert Command and Control (C2) relays. By emulating a browser session within a C++ implant using WebView2, attackers can tunnel bidirectional traffic through legitimate AI web interfaces. This technique bypasses traditional defenses like API key revocation and account suspension, highlighting a new frontier where legitimate AI services are repurposed as stealthy transport layers for malicious operations.
Top comments (0)