Find notable cyber news and cases, enriched with sources, timelines, and signals.

AI as a C2 proxy abuse of Microsoft Copilot and xAI Grok browsing channels

Technical Analysis
First reported
Last updated
Happening score
H score 24
2 unique sources, 2 articles

Summary

Hide ▲

Researchers disclosed AI as a C2 proxy, a technique that can turn Microsoft Copilot and xAI Grok browsing features into stealthy command-and-control relays, increasing the chance that attacker traffic blends into legitimate enterprise communications. The method can also help adversaries use AI systems for reconnaissance, malware scripting, and real-time decision-making during an intrusion. It matters because the channel can operate without an API key or registered account, limiting the value of simple account-based blocking.

Related Happenings

HalluSquatting indirect prompt-injection attack on AI coding assistants

Technical Analysis
H score3 First: 08.07.2026 18:07 Last: 08.07.2026 18:07 Sources 1

About this happening: Researchers demonstrated **HalluSquatting**, an indirect prompt-injection technique that can push **AI coding assistants** to fetch attacker-controlled resources and execute code....

Microsoft Teams admin policy adds approval-based control for third-party bots

Security Tool/Service
H score11 First: 30.06.2026 13:52 Last: 30.06.2026 13:52 Sources 1

About this happening: Microsoft Teams introduced an **admin policy** that lets organizers prevent **third-party bots** from joining meetings without approval. The control improves **visibility** over e...

Microsoft Teams third-party bot approval controls for meeting social-engineering risk

Defensive Guidance
H score11 First: 30.06.2026 13:52 Last: 30.06.2026 13:52 Sources 1

About this happening: **Microsoft Teams** has added admin controls that block **third-party bots** without approval, reducing **meeting social-engineering risk** across managed tenants. The policy impr...

Fake AI study guide AsyncRAT lure campaign targeting Windows users

Campaign
H score33 First: 11.06.2026 17:00 Last: 11.06.2026 17:00 Sources 1

About this happening: A **malware-luring campaign** now uses fake **AI study guides** and **developer resources** to target **Windows users** at organizations, increasing the risk of stealthy **AsyncRA...

JustAskJacky fake AI assistant malware campaign

Campaign
H score33 First: 04.06.2026 17:00 Last: 04.06.2026 17:00 Sources 1

About this happening: The **JustAskJacky** campaign is distributing a fake **AI assistant** that installs a **backdoor**, turning trusted-looking software into a malware delivery path. The operation us...

Timeline

  1. 17.02.2026 20:08 2 articles · 4mo ago

    Check Point discloses AI as a C2 proxy abuse of Microsoft Copilot and xAI Grok

    Technical Analysis Update

    Check Point disclosed AI as a C2 proxy, a technique that abuses Microsoft Copilot and xAI Grok web-browsing and URL-fetch features to relay operator commands through legitimate AI interfaces and tunnel victim data. The method can support reconnaissance workflows, attacker scripting, and real-time evasion decisions, and it can work without an API key or registered account, although a prior host compromise and installed malware are still required.

    Show sources