- VoidLink was created by a single developer using an AI agent
- AI agent used skeleton code and guidelines to create complex malware
- Code development was split between three AI ‘teams’
A new strain of malware has been discovered that shows evidence of having been largely developed using AI, which could usher in a worrying new era of cybercrime.
Check Point Research detected and investigated VoidLink and found it to be highly sophisticated, marking a marked change from other AI-developed malware, which are often derived from existing malware and are generally inferior.
AI is helping malware evolve rapidly
The development of VoidLink mimicked the work of an entire development team. The lead developer started with a code base and guidelines that were incorporated into an AI agent. The AI agent was then tasked with creating separate project specifications for development, coding, and architecture using a specific coding rulebook of guidelines and constraints.
The developer specified that at first the agent would not deploy any code. Only once the initial plans were completed did the developer allow the AI agent to deliver an execution plan for VoidLink development.
While evidence gathered from the source code suggests that VoidLink was intended to be a 30-week project, a test artifact suggests that VoidLink was already functional within a week of development and had accumulated 88,000 lines of code.
VoidLink differs significantly from previous examples of AI-assisted malware development that have typically been performed by less experienced threat actors. VoidLink clearly demonstrates that experienced developers can create sophisticated and highly capable malware in very short periods of time.
While VoidLink is not entirely AI-generated malware, it is certainly proof that we see complex malware autonomously developed by AI agents sooner rather than later.
The best antivirus for all budgets
