- VoidLink was created by a single developer using an AI agent
- The AI agent used skeleton code and guidelines to create complex malware
- Code development was split between three AI 'teams'
A new malware strain which shows evidence of being largely developed using AI has been discovered, potentially ushering in a worrying new era of cybercrime.
Check Point Research spotted and investigated VoidLink, and found it to be highly sophisticated, marking a stark change from other malware developed using AI, which are often derived from existing malware and are usually inferior.
AI is helping malware rapidly evolve
VoidLink’s development mimicked the work of a full development team. The lead developer started with a codebase and guidelines which were fed into an AI agent. The AI agent was then tasked with creating separate project specifications for development, coding, and architecture using a specific coding rulebook of guidelines and constraints.
The developer specified that no code was to be implemented by the agent at first. Only once the initial plans were completed did the developer allow the AI agent to deliver an execution plan for the development of VoidLink.
While evidence gathered from the source code suggests that VoidLink was intended to be a 30-week project, a test artefact suggests that VoidLink was already functional within one week of development, and had amassed 88,000 lines of code.
VoidLink differs significantly from previous examples of AI-assisted malware development which have typically been performed by threat actors with less experience. VoidLink clearly demonstrates that experienced developers can create sophisticated and highly capable malware in very short timeframes.
While VoidLink isn’t a fully AI generated malware, it is certainly evidence that we see complex malware being developed autonomously by AI agents sooner rather than later.
Source: TechRadar
