The recently discovered cloud-focused VoidLink malware framework is believed to have been developed by a single person with the help of an artificial intelligence model.
Check Point Research published details about VoidLink last week, describing it as an advanced Linux malware framework that offers custom loaders, implants, rootkit modules for evasion, and dozens of plugins that expand its functionality.
The researchers highlighted the malware framework's sophistication, assessing that it was likely the product of Chinese developers "with strong proficiency across multiple programming languages."
In a follow-up report today, Check Point researchers say that there is "clear evidence that the malware was produced predominantly through AI-driven development" and reached a functional iteration within a week.
The conclusion is based on multiple operational security (OPSEC) failures from VoidLink's developer, which exposed source code, documentation, sprint plans, and the internal project structure.
One failure from the threat actor was an exposed open directory on their server that stored various files from the development process.
"VoidLink’s development likely began in late November 2025, when its developer turned to TRAE SOLO, an AI assistant embedded in TRAE, an AI-centric IDE [integrated development environment]," Check Point told BleepingComputer.
Although the researchers did not have access to the complete conversation history in the IDE, they found on the threat actor's server helper files from TRAE that included "key portions of the original guidance provided to the model."
"Those TRAE-generated files appear to have been copied alongside the source code to the threat actor’s server, and later surfaced due to an exposed open directory. This leakage gave us unusually direct visibility into the project’s earliest directives," Eli Smadja, Check Point Research Group Manager, told us.
According to the analysis, the threat actor used Spec-Driven Development (SDD) to define the project’s goals and set constraints, and had the AI generate a multi-team development plan covering architecture, sprints, and standards.
... continue reading