Researchers warn AI-powered worms could spread autonomously across networks
AI turns a classic worm into a faster, adaptive threat
A new cybersecurity study is raising alarms about what happens when autonomous malware meets modern AI. Researchers at the University of Toronto have demonstrated a prototype worm powered by publicly accessible AI models that can exploit known computer flaws, spread through a test network without human intervention and adapt its behavior as it moves.
Unlike traditional worms, which are usually built by skilled programmers to target specific vulnerabilities, the prototype was designed to tailor its attacks across different systems, including Linux, Windows and IoT devices. As it spreads, it can gather data, siphon passwords and look for additional weaknesses that help it move deeper into a network. If one route is patched, the worm can try another.
The team said it built the system in a secure closed environment and used open-weight AI models with extensive precautions. Even so, the result showed how AI could be weaponized to automate exploitation at a scale that is difficult to contain once released.
A worm that learns as it goes
The researchers say the worm also “feeds” itself by drawing processing power from infected machines, using those resources to improve its reasoning and strategy for later attacks. That creates a new kind of threat economy, where an attacker no longer needs to spend as much time or computing power after launch.
“Hackers have typically had to prioritize the most high-value targets because time and computing resources were limited,” said lead author Nicolas Papernot. “But now, once a worm is launched, the cost would drop to nearly zero.”
The prototype is still limited in one important way: it can exploit known flaws, but it cannot discover new ones on its own. That makes it less advanced than AI systems such as Anthropic’s Mythos, which the company says has already uncovered more than 10,000 vulnerabilities and helped partners boost bug-finding rates by more than tenfold.
Still, the researchers warn that bad actors could combine those capabilities. In that scenario, an AI worm could both find and exploit fresh vulnerabilities, making it far harder to stop.
“In an interconnected world, no system is immune to this threat,” Papernot said.
Sources: