- VoidLink was created by a single developer using an AI agent
- The AI agent used skeleton code and directives to create complex malware.
- Code development was split between three AI “teams”
A new strain of malware that appears to have been largely developed using AI has been discovered, potentially ushering in a worrying new era of cybercrime.
Check Point Research spotted and studied VoidLink and found it to be very sophisticated, marking a step change from other AI-developed malware, which is often derived from existing malware and is generally inferior.
AI helps malware scale quickly
The development of VoidLink mimicked the work of an entire development team. The lead developer started with a code base and guidelines that were integrated into an AI agent. The AI agent was then tasked with creating separate project specifications for development, coding, and architecture using a specific coding rulebook including guidelines and constraints.
The developer clarified that no code should be implemented by the agent initially. Only after the initial plans were completed did the developer allow the AI agent to provide an execution plan for VoidLink development.
While evidence gathered from source code suggests that VoidLink was intended to be a 30-week project, a testing artifact suggests that VoidLink was already functional a week after development and had accumulated 88,000 lines of code.
VoidLink differs significantly from previous examples of AI-assisted malware development, which were typically carried out by less experienced threat actors. VoidLink clearly demonstrates that experienced developers can create sophisticated, high-performance malware in a very short time frame.
While VoidLink is not fully AI-generated malware, it certainly proves that we are seeing complex malware being developed autonomously by AI agents sooner rather than later.
The best antivirus for every budget
