Malware development question

In the last 3 months, I’ve really committed to the rabbit hole of cyber security and penetration testing. My job gives me a lot of free time as it’s WFH(webflow site building) and I’ve mainly been experimenting with web app testing and gpt engineering/injection. Web app testing is more enjoyable to me than the brief time I spent exploring network pentesting, but most of all I’ve devoted the majority of my time to gpt related tampering, with around 400 hours into it in a really brief span. I wont dare refer to myself as a hacker but some of the stuff I’ve achieved with gpts is actually quite heinous, and I cannot find it anywhere online at all for the time being. I’m totally addicted to it.

Anyway that said, a facet of red teaming I wasn’t totally familiar with was malware development, and ever since I’ve found out I’ve been hooked, reading about windows OS and having analysis paralysis on which language to commit to learning. I really like the thought of being able to just sit there all day and iterate payloads onto my various testing devices and environments, and refine/enhance it, and chasing that feeling of when it finally works like it’s supposed to. It’s feels more in line with my addiction to iterating with a gpt until it does what I want.

Apologies for the ramble, but a couple of questions. Firstly, I’ve read some, not all of the Reddit post related to this, but a lot on Reddit is outdated, or a great question is asked but only had a few responses. On top of that, I feel like the vast majority of resources and online community are based around the web app crowd. I’ve gathered some learning based on my own research of course, but real people are always the best source of information in my opinion.. So I ask, can anyone who happened to stumble upon this post be so kind as to fire off some references for someone jumping in from the start? Or maybe some personal experiences/advice for this learning journey?

Also, a bit of a job security question from someone on the outside, looking in. Please spare me if it’s a stupid question lol. But will the advancement of AI in EDR/AV systems soon negate human ability to write payloads at an effective pace to remain competitive? Let me clarify I’m not asking if AI will replace pentesting as a whole. Specifically the ability for anyone other than prodigy level dudes to write anything worth a shit against defense systems 10 years from now.

I’m thinking learn C first and then possibly explore maldev academy as a plan. Or maybe do them en tandem? What do you think?

Greatly appreciated in advance, and happy new year!