Check Point Research's threat digest for January-February 2026 documents how AI-assisted malware development has reached operational maturity. The centerpiece is VoidLink, a Linux-based C2 framework with eBPF rootkits and 30+ post-exploitation plugins, built by a single developer using ByteDance's TRAE SOLO AI IDE via Spec
Table of contents
KEY FINDINGSINTRODUCTIONVOIDLINK: THE STANDARD WE MEASURE AGAINSTSELF-HOSTED OPEN-SOURCE MODELSSELF-HOSTED MODELS: LIMITATIONS IN PRACTICECOMMERCIAL PLATFORMS AND INFORMAL ACCESS SHARINGJAILBREAKING AS ARCHITECTURAL ABUSEABUSING AGENT ARCHITECTUREFROM DEVELOPMENT TOOL TO OPERATIONAL AGENTAI AS ATTACK SURFACE: ENTERPRISE EXPOSURESort: