Researchers demonstrate Copilot and Grok can be weaponised as covert malware command-and-control relays

Feb 2026

Check Point Research demonstrated that Microsoft Copilot and xAI's Grok can be exploited as covert malware command-and-control relays by abusing their web browsing capabilities. The technique creates a bidirectional communication channel that blends into legitimate enterprise traffic, requires no API keys or accounts, and easily bypasses platform safety checks via encryption. The researchers disclosed the findings to Microsoft and xAI.

Incident Details

Perpetrator:Developer

Severity:Facepalm

Blast Radius:All enterprises using Copilot or Grok with web browsing enabled; new evasion technique bypasses traditional security monitoring

Tech Stack

Microsoft CopilotGrokWebView2

References

The Hacker News: Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies ↗BleepingComputer: AI platforms can be abused for stealthy malware communication ↗