ACCORDING to Check Point Research, AI assistants that support web browsing or URL fetching can be abused as covert command-and-control relays, effectively turning them into C2 proxies that blend attacker traffic with normal enterprise traffic. The researchers demonstrated this using Grok and Microsoft Copilot, showing how a malware-infected machine could prompt these services to fetch attacker-controlled URLs and relay responses back through AI outputs.
Their PoC relied on a WebView2-based implant to operate in a browser-like environment, enabling bidirectional communication via URL query parameters without any API key or registered account. They warn that this approach could evolve into AI-driven malware and AIOps-style C2, where models help decide which hosts to keep, which files to encrypt or exfiltrate, and when to stay dormant.
The findings were published on 17 February 2026, highlighting the need for AI providers to harden web-fetch features and for defenders to monitor AI-enabled traffic as a high-value egress point.