Signal

Researchers warn web-enabled AI assistants can be abused as covert C2 relays

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-02-17 14:12 UTCUpdated 2026-02-17 18:08 UTC

rss

threat_researchai_securityevasionenterprise_security

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies

thehackernews · News · thehackernews.com · 2026-02-17 18:08 UTC

AI in the Middle: Turning Web-Based AI Services into C2 Proxies & The Future Of AI Driven Attacks

Check Point Research · News · research.checkpoint.com · 2026-02-17 14:12 UTC

limited source diversity in top sources

View all evidence

Overview

New research highlights a practical way attackers could hide command-and-control traffic in plain sight: by routing it through popular, web-enabled AI assistants. By abusing browsing/URL-fetching and summarization workflows, adversaries may be able to make malicious communications resemble routine enterprise AI usage—while also setting the stage for more adaptive, AI-assisted intrusion behavior.

Entities

Check Point ResearchMicrosoftxAIMicrosoft CopilotGrok

Score total

1.01

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Research disclosure details a demonstrated technique against Copilot and Grok
Enterprise adoption of AI assistants increases exposure to abuse paths
Attackers may leverage commonly allowed AI service traffic patterns

Why it matters

C2 traffic may blend into normal AI assistant usage, complicating detection
Web-browsing AI features can become an unexpected relay layer in intrusions
Signals a shift toward more adaptive, AI-assisted attacker workflows

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

AI assistants with web browsing or URL fetching can be abused as stealthy command-and-control (C2) relays to blend into legitimate enterprise communications.
The technique was demonstrated against Microsoft Copilot and Grok.

How sources frame it

Check Point Research: neutral
The Hacker News: neutral

Both posts describe the same research theme: web-enabled AI assistants being abused as covert C2 relays.

All evidence

Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies

thehackernews · thehackernews.com · 2026-02-17 18:08 UTC

AI in the Middle: Turning Web-Based AI Services into C2 Proxies & The Future Of AI Driven Attacks

Check Point Research · research.checkpoint.com · 2026-02-17 14:12 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

thehackernews (1)
Check Point Research (1)

Top origin domains (this list)

thehackernews.com (1)
research.checkpoint.com (1)