Copilot and Grok Found Vulnerable to Secret Hacker Control Channel
Cybersecurity experts have revealed a new way hackers can misuse AI assistants like Microsoft Copilot and Grok to secretly control infected computers. The method, called “AI as a C2 proxy” by Check Point, lets attackers send commands and steal information through AI tools, all while blending into normal online activity.
The process works like this: a hacker first infects a computer with malware. Then, the malware talks to the AI assistant using specially designed prompts. The AI fetches instructions from the hacker and sends back responses, effectively acting as a hidden communication channel. Surprisingly, this can happen without needing any account or API key, making it harder to detect or stop.
Experts warn that this is more than just a way to sneak commands past defenses. Hackers could use AI to plan attacks in real time, figure out which computers are valuable targets, and even avoid detection—turning AI into a smart accomplice.
This revelation comes shortly after Palo Alto Networks Unit 42 showed that AI tools can also help hackers turn normal websites into phishing traps, generating malicious code on the spot to trick users.
Precautions for AI Users:
- Only use AI assistants on devices you know are safe and secure.
- Avoid clicking on unknown links or opening suspicious files.
- Avoid sharing sensitive personal or company information with AI tools unless necessary.
- Keep your software and security programs updated.
- Watch for unusual activity on your computer, like unexpected messages or slow performance.
The takeaway: AI assistants are powerful tools, but they can also be exploited by attackers. Staying cautious and following simple safety habits can help prevent trusted AI services from being turned into tools for cybercrime.
Source: https://thehackernews.com/2026/02/researchers-show-copilot-and-grok-can.html
Do you have a question? Submit a ticket at [PB8324.3] Data Security Support.