Malware News AI in the Middle: Turning Web-Based AI Services into C2 Proxies & The Future Of AI Driven Attacks (A Checkpoint Research)

[Khushal]

Content source

https://research.checkpoint.com/2026/ai-in-the-middle-turning-web-based-ai-services-into-c2-proxies-the-future-of-ai-driven-attacks/

Check Point Research shows AI web assistants with browsing can be abused as covert C2 relays (AI as a proxy) via Grok and Copilot, enabling bidirectional data flow and AI-driven malware decision-making without credentials.

AI in the Middle: Turning Web-Based AI Services into C2 Proxies & The Future Of AI Driven Attacks - Check Point Research

Key Points Introduction AI is rapidly becoming embedded in day-to-day enterprise workflows, inside browsers, collaboration suites, and developer tooling. As a result, AI service domains increasingly blend into normal corporate traffic, often allowed by default and rarely treated as sensitive...

research.checkpoint.com

 

[Wrecker4923]

Our proposed attack scenario is quite simple: an attacker infects a machine and installs a piece of malware. Then the malware communicates directly with either Grok or Copilot through the web interface, sending a prompt that causes the AI agent to issue an HTTP(S) request to an attacker-controlled URL, retrieve content from that site, and return the attacker’s response via the AI output back to the malware.