AI services like Grok and Microsoft Copilot can be exploited by attackers as covert command-and-control (C2) proxies, blending malicious traffic with legitimate communications. This technique allows AI-driven malware to dynamically adapt its behavior based on real-time context from infected systems, potentially making it harder to detect. Check Point Research (CPR) details methods for achieving this, including the use of web interfaces to relay commands and data without traditional authentication barriers. The research outlines the evolving landscape of AI-driven threats, predicting a shift towards adaptive, context-aware malware that could significantly enhance the precision and speed of cyberattacks. Defensive strategies need to evolve alongside these threats, emphasizing monitoring and securing AI service interactions against abuse.