AI Assistants Co-opted into Cyberattack Infrastructure, Researchers Warn

A new cybersecurity report reveals that popular AI assistants with web access can be manipulated into acting as covert communication hubs for malware. Researchers at Check Point have demonstrated that tools like Microsoft Copilot and xAI's Grok can be turned into what they call 'AI as a C2 proxy.'

The technique exploits the assistants' built-in ability to browse and summarize web content. An attacker who has already compromised a machine can use crafted prompts to direct the AI to contact a server they control. The AI then fetches and relays commands back to the malware on the infected host, creating a stealthy, two-way communication channel.

Crucially, this method requires no API key or registered account, making traditional countermeasures like key revocation ineffective. The AI essentially becomes a trusted intermediary, blending malicious traffic into normal enterprise web traffic.

'Once AI services can be used as a stealthy transport layer, that same interface can carry prompts that act as an external decision engine,' Check Point noted. This could lead to more automated, adaptive malware that uses AI to decide its next move in real time.

The finding underscores a growing trend of attackers weaponizing trusted platforms. It follows recent research from Palo Alto Networks Unit 42 showing how attackers could use client-side calls to LLM APIs to dynamically generate malicious code in a victim's browser. For this new method to work, however, attackers must first gain a foothold on a target system through other means; the AI assistant is then abused to manage the ongoing intrusion.

Source: The Hackers News