Researchc2 proxyai assistantsenterprise securitymalware

Attackers Abuse AI Assistants As C2 Proxies

||By LDS Team
9.2
Relevance Score
Attackers Abuse AI Assistants As C2 Proxies

Check Point Research on Feb. 19, 2026 disclosed a novel attack technique that repurposes AI assistants xAI's Grok and Microsoft Copilot as covert command-and-control relays. The method tunnels malicious traffic through web-browsing and allowed outbound connections on trusted platforms, enabling stealthy malware communication. Enterprises that permit these services by default may need to update egress policies and detection controls.

Key Points

  • 1Repurposes Grok and Microsoft Copilot as covert C2 relays, tunneling malware traffic through trusted services
  • 2Exploits web-browsing capabilities and allowed outbound connections to bypass enterprise detection and network egress controls
  • 3Requires security teams to monitor AI-service egress, update firewall policies, and add detection rules and hunting

Scoring Rationale

High operational impact and credible Check Point research, tempered by limited public technical detail in this summary.

Sources

Public references used for this report.

2 sources

Practice interview problems based on real data

1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.

Try 250 free problems