Attackers Abuse AI Assistants As C2 Proxies

Check Point Research on Feb. 19, 2026 disclosed a novel attack technique that repurposes AI assistants xAI's Grok and Microsoft Copilot as covert command-and-control relays. The method tunnels malicious traffic through web-browsing and allowed outbound connections on trusted platforms, enabling stealthy malware communication. Enterprises that permit these services by default may need to update egress policies and detection controls.