AI-enabled web-browsing assistants can be abused as stealthy command-and-control relays that blend attacker communications into legitimate enterprise traffic. Check Point demonstrated this βAI as a C2 proxyβ technique against Microsoft Copilot and xAI Grok, warning it can enable AI-assisted malware operations and dynamic, evasive implants. #MicrosoftCopilot #xAIGrok
Keypoints
- AI browsing and URL-fetch features can be turned into stealthy C2 channels that tunnel commands and data.
- Check Point labeled the method βAI as a C2 proxyβ after demonstrating it against Microsoft Copilot and xAI Grok.
- The attack uses anonymous web access and crafted prompts to fetch attacker-controlled content without API keys or accounts.
- An initial host compromise is required, with malware using the AI agent to receive commands and exfiltrate information.
- Palo Alto Unit 42 research shows related LLM-based techniques can generate malicious JavaScript and enable Last Mile Reassembly-style phishing and evasion.
Read More: https://thehackernews.com/2026/02/researchers-show-copilot-and-grok-can.html