AI assistants with web browsing repurposed as covert C2 relays
Technical Analysis
Summary
Hide ▲
Show ▼
AI assistants with web browsing are now being shown as covert command-and-control relays, letting malware hide commands and stolen data inside routine enterprise traffic. Grok and Microsoft Copilot can be prompted through public web interfaces to fetch attacker-controlled URLs and return responses, effectively acting as a proxy. The technique works without an API key or registered account, raising the risk of stealthy abuse across AI-enabled workflows.
Related Happenings
LayerX font-rendering PoC exposes a browser-rendering gap in AI assistant analysis
Technical Analysis
First: 17.03.2026 15:59
Last: 17.03.2026 15:59
Sources 1
About this happening:
A **LayerX** proof-of-concept showed that a **font-rendering attack** can hide malicious webpage commands from AI assistants, creating a risk of **unsafe guidance** when the brows...
LayerX font-rendering PoC exposes a browser-rendering gap in AI assistant analysis
Technical AnalysisAbout this happening: A **LayerX** proof-of-concept showed that a **font-rendering attack** can hide malicious webpage commands from AI assistants, creating a risk of **unsafe guidance** when the brows...
Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical Analysis
First: 11.03.2026 18:38
Last: 11.03.2026 18:38
Sources 1
About this happening:
**Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...
Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical AnalysisAbout this happening: **Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...
Starkiller dark-web phishing platform scales credential theft as a SaaS-style criminal service
Threat Actor Meta
First: 19.02.2026 14:00
Last: 19.02.2026 14:00
Sources 1
About this happening:
The **Starkiller** phishing platform has emerged as a **SaaS-style criminal service**, raising the scale and durability of credential theft operations. It is sold on the **dark we...
Starkiller dark-web phishing platform scales credential theft as a SaaS-style criminal service
Threat Actor MetaAbout this happening: The **Starkiller** phishing platform has emerged as a **SaaS-style criminal service**, raising the scale and durability of credential theft operations. It is sold on the **dark we...
AI as a C2 proxy abuse of Microsoft Copilot and xAI Grok browsing channels
Technical Analysis
First: 17.02.2026 20:08
Last: 17.02.2026 20:08
Sources 1
About this happening:
Researchers disclosed **AI as a C2 proxy**, a technique that can turn **Microsoft Copilot** and **xAI Grok** browsing features into stealthy **command-and-control relays**, increa...
AI as a C2 proxy abuse of Microsoft Copilot and xAI Grok browsing channels
Technical AnalysisAbout this happening: Researchers disclosed **AI as a C2 proxy**, a technique that can turn **Microsoft Copilot** and **xAI Grok** browsing features into stealthy **command-and-control relays**, increa...
AI Recommendation Poisoning in "Summarize with AI" buttons
Technical Analysis
First: 17.02.2026 11:31
Last: 17.02.2026 11:31
Sources 1
About this happening:
**AI Recommendation Poisoning** now shows how clickable **"Summarize with AI"** buttons can inject persistent prompts into chatbot memory, creating a new path to bias recommendati...
AI Recommendation Poisoning in "Summarize with AI" buttons
Technical AnalysisAbout this happening: **AI Recommendation Poisoning** now shows how clickable **"Summarize with AI"** buttons can inject persistent prompts into chatbot memory, creating a new path to bias recommendati...
Timeline
-
18.02.2026 17:00 2 articles · 3mo ago
AI assistants with web browsing abused as covert C2 relays
Initial DisclosureCheck Point Research described a proof-of-concept showing that AI assistants with web browsing, including Grok and Microsoft Copilot, can be manipulated through public web interfaces to fetch attacker-controlled URLs and return responses, turning the AI service into a proxy that relays commands to infected machines and sends stolen data back out without an API key or registered account. The researchers also used a WebView2 browser component inside a C++ program to automate invisible interaction with the interface and showed commands embedded in HTML being parsed and executed.
Show sources
- AI Assistants Used as Covert Command-and-Control Relays — www.infosecurity-magazine.com — 18.02.2026 17:00
- AI Assistants Used as Covert Command-and-Control Relays — www.infosecurity-magazine.com — 18.02.2026 17:00