Friday 16 October 09:30 - 10:00, Red room
Eli Smadja & Ben Herzog (Check Point)
AI is changing malware in three distinct and increasingly operational ways: it has become an attack surface, a development accelerator, and (in the near future) part of malware's runtime decision loop. This talk traces that evolution through recent, concrete milestones and uses them to frame where "malware in the AI era" is headed.
We begin with the first in-the-wild attempt to "command" an AI analyst via prompt injection. In early June 2025, a rudimentary malware prototype uploaded to VirusTotal (nicknamed "Skynet" by its author) embedded natural-language instructions intended to override an LLM's task and coerce a benign verdict (e.g. "NO MALWARE DETECTED"). While the injection failed against tested frontier models, its significance is architectural: malware authors have started treating LLM-assisted reverse engineering and automated triage workflows as a manipulable interface – effectively a new evasion layer alongside packing, obfuscation, and sandbox tricks.
Next, we examine VoidLink (January 2026) as a step-change in attacker economics. Check Point Research assessed VoidLink as the first evidently documented case of a truly advanced malware framework authored almost entirely by AI under the direction of a single developer, supported by leaked planning artifacts and an approach akin to spec-driven development. The result is a complex, modular capability delivered at a pace that previously required coordinated teams.
Finally, we connect these trends to "AI in the Middle" (February 2026): abusing web-based AI assistants with URL-fetch/browsing features as covert C2 relays (demonstrated against Grok and Microsoft Copilot), allowing traffic to blend into commonly permitted enterprise destinations and weakening traditional kill switches like API-key revocation.
We conclude with a forward-looking model of AI-driven (AID) malware: implants shifting from static decision trees to prompt-shaped, adaptive behaviour, along with the defensive implications (AI-aware egress controls, hunting for automated webview-style interaction patterns, and stronger provider-side safeguards around browsing/fetch features).
 |
Eli Smadja Eli manages Check Point Research (CPR) at Check Point, a role he's held for the past three years. In this position, he leads global teams of highly skilled malware analysts and vulnerability researchers, guiding research strategy, mentoring talent, and driving deep technical work that helps organizations stay ahead of evolving threats. With 20 years of experience in the cybersecurity industry, Eli brings a hands-on research background rooted in malware analysis, digital forensics, and threat investigation. Over the years, he has worked across the full lifecycle of security research – unpacking complex malware campaigns, analysing attacker tradecraft, and identifying vulnerabilities that can impact real-world environments. He is passionate about turning raw technical findings into clear, actionable intelligence for security teams, products, and customers.
|
 |
Ben Herzog Ben is a security researcher at Check Point Software. His past work ranges from AI safety & applications to reverse-engineering pipelines, cryptanalytic breaks of multiple ransomware strains, work on the Certifigate vulnerability exploit, sandbox evasion / counter-evasion research and technical profiles of malware families. He has authored both introductory and in-depth writing on malware, cryptography, and vulnerability research. |
Back to VB2026 conference page
Register your interest for VB2026