Copilot and Grok for Malware Communication An innovative attack method that turns popular AI assistants—more especially, Microsoft Copilot and Grok from xAI—into secret C2 relays allows attackers to tunnel malicious traffic through systems that business networks already trust and allow by default This article explores copilot grok malware. . The method discovered by Check Point Research (CPR), dubbed "AI as a C2 proxy," takes advantage of the web-browsing and URL-fetching features present in both platforms.

Malicious activity blending through AI service domains avoids most traditional detection mechanisms because they are increasingly regarded as regular corporate traffic, frequently permitted by default, and infrequently examined as sensitive egress.

Through their public web interfaces, CPR researchers showed that Grok (grok.com) and Microsoft Copilot (copilot.microsoft.com) can both be used to retrieve attacker-controlled URLs and provide structured responses, creating a completely two-way communication channel. Crucially, this eliminates the conventional kill switches of key revocation or account suspension because it operates without an API key or a registered account. Third, ransomware and data exfiltration targeted by AI, in which a model scores files based on content and metadata to encrypt or steal only the highest-value subset, resulting in significantly fewer I/O events than bulk-encryption techniques and possibly circumventing the volume-based thresholds that XDR tools use to set off ransomware alerts.

This study comes after CPR revealed VoidLink, the first verified AI-generated malware framework. VoidLink was a modular Linux implant that was written almost entirely by AI and grew to over 88,000 lines of code in less than a week. All of these results point to a fundamental change: AI is now being incorporated into malware operations rather than merely reducing the barrier to malware development.

Defenders need to integrate AI traffic into threat-hunting and incident response playbooks, treat AI service domains as high-value egress points, and keep an eye out for automated and unusual usage patterns. In turn, AI providers must give businesses more insight into how their models access external URLs and enforce authentication on web fetch features.