Microsoft has issued a new warning about AI chatbots sending users to dangerous websites. The company says threat actors are adapting their social engineering tactics to exploit how people interact with AI tools like Copilot and Bing Chat.

Attackers are using techniques such as malvertising and fake promotional pages to appear in chatbot recommendations. When a user asks for a product or service, the chatbot may cite a seemingly legitimate link that actually leads to a phishing site or malware download.

How the Attack Works

Threat actors create malicious websites that rank highly in the search indexes used by AI chatbots. They rely on SEO poisoning and sponsored ads to get references included in chatbot responses. The AI then presents these links to users as helpful suggestions.

Microsoft researchers observed campaigns where attackers offered fake downloads for popular software or tools. Users who clicked were redirected to credential harvesting pages or sites hosting ransomware. The tactic exploits the trust users place in AI-generated answers.

Why This Matters

Millions of people now rely on AI chatbots for quick answers and product recommendations. Many assume the links provided are vetted and safe. This trust creates a prime opportunity for attackers.

Users who click a chatbot-recommended link without scrutiny risk compromising their devices, accounts or personal data. Businesses using AI assistants for internal tasks face similar threats. The attack method is effective because it bypasses traditional warning signs like suspicious emails or obvious spam.

The warning also highlights a broader issue. AI chatbots lack real-time security verification of the sources they cite. They may recommend sites based on popularity or relevance rather than safety.

Practical Steps to Stay Safe

Microsoft recommends users treat chatbot-provided links with the same caution as any unknown web address. Hover over links to inspect the full URL before clicking. Avoid downloading software from third-party pages linked by AI tools. Always verify offers or deals directly through official websites.

Organizations should monitor how employees use AI assistants and consider adding security layers that flag suspicious domains. Browser extensions that block known malicious sites can provide an additional safeguard.

The threat is likely to grow as AI adoption increases. Threat actors will continue refining their methods to match user behavior. Awareness and careful clicking remain the best defense.