- VoidLink was created by a single developer using an AI agent
- The AI agent used skeleton code and guidelines to create complex malware
- Code development was shared between three AI ‘teams’
A new strain of malware that shows signs of being largely developed with the help of artificial intelligence has been discovered, potentially ushering in a worrying new era of cybercrime.
Check Point Research discovered and investigated VoidLink and found it to be highly sophisticated, marking a marked change from other malware developed using AI, which are often derived from existing malware and are usually inferior.
AI helps malware evolve quickly
VoidLink’s development mimicked the work of a full development team. The lead developer started with a codebase and guidelines that were fed into an AI agent. The AI agent was then tasked with creating separate project specifications for development, coding, and architecture using a specific coding rulebook with guidelines and constraints.
The developer specified that no code should be deployed by the agent first. Only when the initial plans were completed did the developer allow the AI agent to provide an execution plan for the development of VoidLink.
While evidence gathered from the source code suggests that VoidLink was intended to be a 30-week project, a test artifact suggests that VoidLink was already functional within a week of development and had accumulated 88,000 lines of code.
VoidLink differs significantly from previous examples of AI-assisted malware development, which have typically been carried out by less experienced threat actors. VoidLink clearly demonstrates that experienced developers can create sophisticated and highly competent malware in very short time frames.
While VoidLink isn’t completely AI-generated malware, it’s certainly proof that we’ll see complex malware being developed autonomously by AI agents sooner rather than later.
The best antivirus for all budgets
