According to cybersecurity researchers, artificial intelligence (AI) assistants that facilitate web browsing or URL retrieval can be modified to function as covert command-and-control (C2) relays This article explores malware ai. . This technique could enable attackers to blend in with authentic enterprise communications and avoid detection.

Check Point has dubbed the attack technique AI as a C2 proxy after it was demonstrated against Microsoft Copilot and xAI Grok. According to the cybersecurity firm, it makes use of "anonymous web access combined with browsing and summarization prompts."

"AI-assisted malware operations, such as creating reconnaissance workflows, scripting attacker actions, and dynamically determining 'what to do next' during an intrusion, can also be enabled by the same mechanism." The development marks yet another significant advancement in the ways that threat actors could misuse AI systems, not only to scale or speed up various stages of the cyberattack cycle, but also to use APIs to dynamically generate code at runtime that can change its behavior in response to information obtained from the compromised host and avoid detection. When it comes to conducting reconnaissance, vulnerability scanning, crafting convincing phishing emails, creating synthetic identities, debugging code, or developing malware, AI tools already act as a force multiplier for adversaries.

"The LLM service API returns these snippets, which are then put together and run in the victim's browser at runtime to create a fully functional phishing page."