Overview
- In a follow-up analysis, researchers say TRAE-generated helper files, sprint plans, and source code leaked from an open directory point to AI-driven development using TRAE SOLO inside the TRAE IDE.
- The developer applied a spec-driven workflow that produced multi-team plans and coding standards, yet timestamps show a functional 88,000-line build emerged within six days and was uploaded to VirusTotal on December 4, 2025.
- Check Point reproduced the workflow and generated code structurally similar to the recovered source, concluding there is little room for doubt that AI produced most of the framework.
- VoidLink targets Linux cloud environments with custom loaders, implants, eBPF and LKM rootkits, and dozens of plugins that detect AWS, GCP, Azure, Alibaba, and Tencent.
- Leaked Chinese-language instructions included guidance crafted to steer the model around safety constraints, reinforcing the assessment that a single developer orchestrated the build using AI tooling.