Hackers can turn Grok, Copilot into covert command-and-control channels, researchers warn
Summary
Check Point Research (CPR) has discovered that hackers can exploit web-based AI assistants like Grok and Microsoft Copilot to create covert command-and-control channels. This is achieved by leveraging the AI's web-browsing capabilities to fetch content from attacker-controlled URLs, allowing malware to communicate through trusted AI domains undetected.
IFF Assessment
The reported technique enables attackers to use AI platforms as covert command-and-control channels, bypassing typical security measures.
Defender Context
Defenders need to implement stricter inspection, identity controls, and logging for outbound traffic to AI web services. Organizations should monitor for unusual AI activity patterns and consider implementing solutions that analyze AI traffic for malicious content or commands. This technique reflects a trend of adversaries abusing legitimate tools and trusted infrastructure to evade detection, similar to 'living off the land' attacks.