Researchers at Check Point have demonstrated how AI assistants like Microsoft Copilot and Grok can be manipulated into serving as command-and-control (C2) relays. By utilizing the URL-fetching capabilities of these AI platforms via Windows WebView2, attackers can create a stealthy bidirectional communication channel. This method allows malware to receive instructions and exfiltrate data while appearing as legitimate AI interaction traffic, effectively bypassing many security perimeters.
The technique is particularly dangerous because it often does not require an API key or a user account, making it difficult for providers to shut down the malicious activity by simply revoking access. While AI platforms have safety filters to detect malicious intent, researchers found that these can be bypassed by encrypting communication into high-entropy blobs that the AI can still process or summarize for the malware.
Top comments (0)