Two out of three people cannot reliably tell a scam from a legitimate message. That stat, from Malwarebytes’ own research, is not a failure of intelligence. It is a reflection of how sophisticated scam infrastructure has become. Phishing kits are cheap, AI-generated lures are convincing, and the volume is relentless. The answer cannot just be “be more careful.” It has to be structural. That is exactly what this integration is trying to address.

Malwarebytes announced its connector for Anthropic’s Claude on April 29, 2026, adding to an existing integration with ChatGPT. The move puts threat intelligence directly inside the AI tools people are already using for daily tasks, from drafting emails to planning travel.

What the Integration Actually Does

The integration works as a connector inside Claude, requiring no Malwarebytes account to activate. Users navigate to Customize, then Connectors, search for Malwarebytes, and click Connect. Three steps.

Once connected, users can paste a suspicious URL, phone number, or email address directly into a Claude conversation and ask for a check. Claude calls Malwarebytes’ threat intelligence database and returns one of four verdicts: Malicious, Suspicious, Safe, or Unknown.

The Unknown verdict deserves attention. Rather than treating a lack of data as implicit safety, the system automatically triggers a WHOIS lookup to surface domain registration details and registrar abuse contacts. That is a sensible design choice, because newly registered domains are a consistent marker in phishing infrastructure.

Users can also check multiple items simultaneously. If a message contains three links and two phone numbers, one query handles all five. That matters in practice, because real phishing attempts often layer multiple contact vectors into a single lure.

Why Embedding This in an AI Tool Makes Sense

The instinct to ask an AI assistant “is this legit?” is already there. People already paste suspicious text into ChatGPT and Claude and ask for an opinion. The problem is that without grounded threat intelligence, the answer is a general-purpose language model making an educated guess. That is not the same as a lookup against a threat database built from years of active malware and scam tracking.

Malwarebytes has been accumulating that kind of data for a long time. CNET recognized the platform with its Editors’ Choice Award in 2026, describing it as “one of the best cybersecurity suites on the planet.” That reputation is now being channeled into a conversational interface that meets users where their attention already is.

The scam problem the integration is responding to is concrete. Scams arrive through SMS, email, voice calls, and direct messages. The 66 percent figure from Malwarebytes’ own survey reflects a population that is confused and underserved by existing tools. Most people are not running link scanners before they click. They are asking a question and acting on the answer. Building threat verification into that conversational layer is a logical response to actual behavior.

Malwarebytes Affiliate Link

Understanding the Four Verdicts and How to Act on Them

Malicious means a confirmed threat. Do not click, do not call, do not reply. This verdict draws from Malwarebytes’ established threat intelligence and should be treated as definitive.

Suspicious means risk indicators are present but no confirmed threat exists yet. The practical advice here is to avoid interaction and, if the message claimed to be from a known organization, verify through that organization’s official channels independently.

Safe means the item is recognized and legitimate. This does not mean a legitimate domain cannot be used in a future attack, but for current purposes, the item checks out.

Unknown means the database has no record. This is where users should apply the most skepticism. The automatic WHOIS lookup that triggers on Unknown results can surface useful signals, including domain age, which is one of the more reliable indicators of whether a site was spun up specifically to run a short-duration phishing campaign.

Users who confirm a scam can also report it through Claude back to the Malwarebytes threat intelligence team. That feedback loop is important. It means user encounters with novel scams can feed directly into detection, tightening the system over time.

The Broader Context: AI Tools as Security Infrastructure

This integration reflects a shift in how security tooling is being distributed. Browser extensions, dedicated apps, and standalone scanners all require user intent and installation friction. Connectors inside AI assistants are different. They operate at the point of confusion, which is exactly when someone is staring at a message they are not sure about.

The fake CAPTCHA scam reported by Malwarebytes Labs on April 28, 2026 is a good example of what users are up against. That campaign used fake CAPTCHA pages to authorize international SMS charges, then redirected a cut of the proceeds to the scammers. It is the kind of attack that looks superficially legitimate and requires active verification to catch. A tool that enables that verification inside a conversation, without friction, is addressing a real gap.

The PhantomRPC situation reported the same day, where Microsoft rated a privilege escalation issue as “moderate” and declined to patch it, is a reminder that the threat surface is broad and institutional responses are often slow. User-facing tools that offer immediate, accessible verification are filling a real need.

The Malwarebytes and Claude integration is available now. Setup instructions and full documentation are available through the Malwarebytes Help Center.

Sources and Further Reading

Malwarebytes Product and Scams Blog: https://www.malwarebytes.com/blog/category/product

Malwarebytes Labs Author Page: https://www.malwarebytes.com/blog/authors/malwarebyteslabs

Malwarebytes in Claude Announcement (April 29, 2026): https://www.malwarebytes.com/blog/product/2026/04/scam-checking-just-got-a-lot-easier-malwarebytes-is-now-in-claude

Malwarebytes Help Center: Using Malwarebytes in Claude: https://help.malwarebytes.com/hc/en-us/articles/47985341083675-Using-Malwarebytes-in-Claude

CNET Editors’ Choice: Malwarebytes Antivirus Review: https://www.cnet.com/tech/services-and-software/malwarebytes-antivirus-review/

Malwarebytes Labs: Fake CAPTCHA Scam Turns a Quick Click Into a Costly Phone Bill (April 28, 2026): https://www.malwarebytes.com/blog/news/2026/04/fake-captcha-scam-turns-a-quick-click-into-a-costly-phone-bill

Malwarebytes Labs: Microsoft Won’t Patch PhantomRPC: Feature or Bug? (April 29, 2026): https://www.malwarebytes.com/blog/news/2026/04/microsoft-wont-patch-phantomrpc-feature-or-bug