You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
web fetch abuse
About this tag
Web fetch abuse refers to the exploitation of URL-fetch and browsing features in web-accessible AI assistants to covertly relay command-and-control traffic. Research demonstrates that attackers can hide C2 communications inside legitimate enterprise AI usage by leveraging services such as Grok and Microsoft Copilot. This technique allows malicious traffic to blend with normal AI interactions, potentially enabling adaptive, prompt-driven malware. The tag covers discussions of how these AI channels can be turned into external "brains" for attacks, highlighting a growing security concern for enterprise environments that deploy AI assistants with web access capabilities.
Check Point Research’s demonstration that web-accessible AI assistants can be turned into covert command-and-control relays is a practical wake-up call: by using browsing and URL-fetch features exposed in services such as Grok and Microsoft Copilot, attackers can hide C2 traffic inside otherwise...