Cybersecurity researchers have unveiled a novel attack method that exploits artificial intelligence (AI) assistants with web browsing capabilities, such as Microsoft Copilot and xAI Grok, transforming them into covert command-and-control (C2) proxies. This technique, termed AI as a C2 proxy by Check Point, enables attackers to seamlessly integrate malicious communications within legitimate enterprise traffic, thereby evading detection.
The core of this method involves leveraging the AI assistants’ ability to access and summarize web content. By directing these AI tools to fetch data from attacker-controlled URLs, cybercriminals can establish a bidirectional communication channel. This channel allows them to issue commands and extract data from compromised systems without the need for API keys or registered accounts, rendering traditional security measures like key revocation ineffective.
This approach mirrors previous tactics where trusted services are weaponized for malware distribution and C2 operations, often referred to as living-off-trusted-sites (LOTS). However, a critical prerequisite for this method is that the attacker must have already compromised the target machine and installed malware. The malware then utilizes the AI assistant as a C2 channel by crafting specific prompts that instruct the AI to interact with the attacker’s infrastructure and relay commands back to the malware.
Beyond merely generating commands, attackers can exploit AI agents to devise evasion strategies and determine subsequent actions by analyzing system details and assessing the value of further exploitation. This capability paves the way for AI-driven implants and automated C2 operations that can dynamically adapt during an intrusion.
This disclosure follows recent findings by Palo Alto Networks Unit 42, which demonstrated how seemingly benign web pages can be transformed into phishing sites. By utilizing client-side API calls to trusted large language model (LLM) services, attackers can generate malicious JavaScript in real time, effectively bypassing traditional security controls.
These developments underscore the evolving landscape of cyber threats, where AI tools are not only used to enhance various phases of cyber attacks but also to create adaptive, stealthy communication channels that blend seamlessly with legitimate enterprise activities.
