AI as a C2 proxy abuse of Microsoft Copilot and xAI Grok browsing channels
Technical Analysis
Summary
Hide ▲
Show ▼
Researchers disclosed AI as a C2 proxy, a technique that can turn Microsoft Copilot and xAI Grok browsing features into stealthy command-and-control relays, increasing the chance that attacker traffic blends into legitimate enterprise communications. The method can also help adversaries use AI systems for reconnaissance, malware scripting, and real-time decision-making during an intrusion. It matters because the channel can operate without an API key or registered account, limiting the value of simple account-based blocking.
Related Happenings
Zealot autonomous AI cloud intrusion proof of concept
Technical Analysis
First: 23.04.2026 13:09
Last: 23.04.2026 13:09
Sources 1
About this happening:
**Palo Alto Networks Unit 42** built **Zealot**, an autonomous AI agent that successfully attacked an isolated **Google Cloud Platform** environment, showing that machine-speed ad...
Zealot autonomous AI cloud intrusion proof of concept
Technical AnalysisAbout this happening: **Palo Alto Networks Unit 42** built **Zealot**, an autonomous AI agent that successfully attacked an isolated **Google Cloud Platform** environment, showing that machine-speed ad...
External Microsoft Teams helpdesk-impersonation campaign
Campaign
First: 20.04.2026 18:11
Last: 20.04.2026 18:11
Sources 1
About this happening:
A **campaign** abusing **external Microsoft Teams collaboration** is letting attackers impersonate **IT/helpdesk staff**, gain remote access, and stage **targeted data exfiltratio...
External Microsoft Teams helpdesk-impersonation campaign
CampaignAbout this happening: A **campaign** abusing **external Microsoft Teams collaboration** is letting attackers impersonate **IT/helpdesk staff**, gain remote access, and stage **targeted data exfiltratio...
Microsoft launches agent guardrails, identities, and Security Copilot updates for agentic AI
Security Tool/Service
First: 24.03.2026 14:28
Last: 24.03.2026 14:28
Sources 1
About this happening:
**Microsoft** rolled out new **agentic AI security controls** at **RSAC Conference**, adding preview **guardrails in Microsoft Foundry**, **agent identities in Entra ID**, and upd...
Microsoft launches agent guardrails, identities, and Security Copilot updates for agentic AI
Security Tool/ServiceAbout this happening: **Microsoft** rolled out new **agentic AI security controls** at **RSAC Conference**, adding preview **guardrails in Microsoft Foundry**, **agent identities in Entra ID**, and upd...
LayerX font-rendering PoC exposes a browser-rendering gap in AI assistant analysis
Technical Analysis
First: 17.03.2026 15:59
Last: 17.03.2026 15:59
Sources 1
About this happening:
A **LayerX** proof-of-concept showed that a **font-rendering attack** can hide malicious webpage commands from AI assistants, creating a risk of **unsafe guidance** when the brows...
LayerX font-rendering PoC exposes a browser-rendering gap in AI assistant analysis
Technical AnalysisAbout this happening: A **LayerX** proof-of-concept showed that a **font-rendering attack** can hide malicious webpage commands from AI assistants, creating a risk of **unsafe guidance** when the brows...
Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical Analysis
First: 11.03.2026 18:38
Last: 11.03.2026 18:38
Sources 1
About this happening:
**Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...
Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical AnalysisAbout this happening: **Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...
Timeline
-
17.02.2026 20:08 2 articles · 3mo ago
Check Point discloses AI as a C2 proxy abuse of Microsoft Copilot and xAI Grok
Technical Analysis UpdateCheck Point disclosed AI as a C2 proxy, a technique that abuses Microsoft Copilot and xAI Grok web-browsing and URL-fetch features to relay operator commands through legitimate AI interfaces and tunnel victim data. The method can support reconnaissance workflows, attacker scripting, and real-time evasion decisions, and it can work without an API key or registered account, although a prior host compromise and installed malware are still required.
Show sources
- Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies — thehackernews.com — 17.02.2026 20:08
- AI platforms can be abused for stealthy malware communication — www.bleepingcomputer.com — 18.02.2026 22:18