Scientists build AI computer worm that learns and adapts as it spreads across networks

Scientists just built a powerful AI computer worm that learns as it spreads

I agree my information will be processed in accordance with the Scientific American and Springer Nature Limited Privacy Policy. We leverage third party services to both verify and deliver email. By providing your email address, you also consent to having the email address shared with third parties for those purposes. A new study shows that computer malware powered by easily accessible artificial intelligence (AI) models is here -- the research is a "wake-up call" to take cybersecurity risks from AI more seriously, one expert says. In the new study, researchers created an AI-powered computer "worm" designed to attack and spread between devices -- revealing a threat they say the world is woefully underprepared to fight. "Our results demonstrate that self-sustaining AI-driven cyber-threats are no longer theoretical," the researchers wrote. The paper, first reported by the New York Times, was posted on the preprint server arXiv and has yet to be peer-reviewed. On supporting science journalism If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today. David Lie, a professor at the University of Toronto who is familiar with the research but who was not directly involved with the study, says the work is a "wake-up call" that should inspire cyber experts and researchers to develop countermeasures to AI-boosted bugs as fast as possible. "The demonstration here is that there's a motivation to do this sooner rather than later," he says. To make the "worm" -- a form of malware that spreads between devices autonomously -- the researchers didn't rely on proprietary AI models from companies such as Anthropic or OpenAI, both of which have issued warnings about the threat of their technology being used by bad actors. Instead, the researchers used an undisclosed, but freely available AI model "that anyone can download off the internet," the authors wrote in a post on their lab's website. Importantly, the prototype bug was created in an isolated virtual environment -- so it isn't going to be infecting any computers. Still, AI-powered worms are especially dangerous because they don't attack a single weakness within a computer system, says Lie. Pre-AI worms were only able to follow certain instructions from their designer, Lie says, but "because this is AI powered, it can learn." The findings, the researchers say, raise serious cybersecurity concerns. "This research uncovered a new cybersecurity threat the world is not prepared to face," the study authors wrote in the same post. "With almost every aspect of modern life dependent on networked computers -- drinking water and waste management systems, access to food and goods, energy, our financial system, communications, health care, education, transportation systems, government and so much more -- the risk is enormous." The good news is, Lie says, is that this technology is "dual use." AI might enable a worm to learn as it spreads, finding and attacking hidden vulnerabilities, but AI can also help fix these shortcomings, too, he says. "They're mirrors of each other."

Autonomous Malware Is No Longer Theoretical: AI Worm Proof Of Concept Created In A Lab

On June 2, 2026, security researchers published a paper about the creation of an AI work. The headline is as subtle as a fire alarm: this lab experiment of a worm is no longer just code that blindly crawls across your environment; it leverages AI models and can now reason, execute, and learn in complete autonomy. This is certainly not the first lab-created malware. We have seen experimental or proof-of-concept worms before, from Creeper and Reaper to the Xerox PARC worms, the Morris Worm, and Cabir. But the Morris Worm remains the cautionary tale with teeth. It was created by Robert Tappan Morris (released in 1988), and it rapidly became one of the internet-wide disasters that helped make the need for security norms, regulations, and laws governing the internet perfectly clear. This latest research opens a whole can of worms (pun intended). The researchers used publicly available open-weight AI models to demonstrate an autonomous worm capable of discovering and exploiting vulnerabilities while spreading laterally across the network. Thankfully, the work was conducted in an isolated lab environment and was disconnected from the internet. The implications of this research finding becomes hard to ignore, as security leaders must prepare for handling autonomous threat operations. To prepare against this, security experts must grasp the following: * The economics of AI-enabled threat activity. Recent headlines around Anthropic's Claude Mythos Preview and OpenAI's Daybreak have caught the attention of security practitioners, business leaders, and governments. This research on AI works, however, pushes the conversation somewhere more uncomfortable as it expands the scope towards the use of small open-weight models for offensive security use cases. Additionally, in such attack vectors, the victim's infrastructure becomes part of the adversary's operating budget.While the design and code of this AI-enabled worm have been obfuscated for safety reasons, threat actors can leverage such low-cost designs to exploit at scale in a more "intelligent" approach. This does not imply that every threat actor now has a nation-state capability in a box. But it does mean defenders should stop assuming adversary TTPs will remain stable and repeatable. Security teams are already worrying about token spend, ROI, inference costs, and the operational complexity of using AI agents for defensive use cases. This economic asymmetry between defenders and attackers is brutal. To begin with, enterprises need to start measuring the performance of their defensive AI agents not just by token usage or cost, but by parameters such as failure rates, sub-agent effectiveness, task quality, and escalation frequency, to help optimize its effectiveness over time. * AI-enabled exploitation is autonomous, but execution still takes time. In this lab setup, for the autonomous AI worm with no human in the loop, it still took about 7 days to complete each experimental run. The researchers conducted 15 independent experiments on an isolated 33-host network spanning Linux servers. On average, the proof-of-concept worm took 2,520 hours (15 independent runs * 7 days per run * 24 hours) to complete all experimental runs. With a success exploit rate of 73.8% in aggregate, this demonstrates that small open-source models are capable and for sophisticated attack that leverages smarter LLMs, the results could be more concerning to security leaders.Unlike discovery of vulnerabilities, exploitation can be tricky even with the use of AI models as in this experiment the success rates were 52% and 55% for exploiting CVEs and CWEs respectively. The key takeaway is that autonomy is not magic, as the AI-enabled worm experienced failed exploitation attempts that could be detected if modern security controls were used. However, rapid enhancements to compute, memory, AI models, and supporting hardware make behavioral-based detection harder with the reduced timeframes. * Threat actor code of ethics doesn't require nerfing an AI worm. The researchers intentionally avoided turning their prototype into operationally deployable malware. They refrained from adding evasive capabilities such as encryption, polymorphic code, persistence, forensic cleanup, stealthy traffic shaping, or log suppression. These rules do not apply to real-world threat actors.The more speculative concern is adversarial software diversity. Threat actors can leverage AI to create a proprietary programming language to perform such operations. This makes analysis and incident response hard to scale as you would require manual intervention to decipher such drastic changes. Skilled reverse engineers, behavioral telemetry, sandboxing, and memory analysis still matter. But if AI helps attackers generate unfamiliar tooling faster than defenders can classify it, human-led analysis becomes the bottleneck. * Visibility and enforcement become non-negotiable. In production, this lab variant would likely have been easy to detect because it moved slowly and lacked mature evasion techniques. However, a more sophisticated attack would change this equation. Controls such as microsegmentation become essential to contain propagation and limit lateral movement, while complementary tools such as deception technology can add an additional layer of defense. What makes this AI worm especially concerning is its use of local AI compute resources. So, the new "AI PC" on your employee's desk can be misused infra, in the absence of right monitoring and response capabilities.The harder challenge sits inside the agentic application layer. Organizations need to know not only what assets they own, but which AI agents exist, what tools those agents can call, what identities they operate under, what data they can access, what permissions they inherit, and what runtime behaviors they generate. Hence, visibility into agent metadata, audit logs, tool-call telemetry, and AI bills of materials become part of the enterprise security baseline. Any agentic application that cannot be inventoried, monitored, or enforced must be terminated from the network.Additionally, enterprises must account for the fact that patching alone is not a viable solution as it falls apart when handling legacy systems. This places greater emphasis on deploying and optimizing compensating controls such as virtual patching where applicable, while strengthening your zero-trust approach to your overall security posture. Security teams should also prioritize the implementation of mature (in terms of sophistication of operations and reliability) AI agents for defensive use cases such as triage, investigation, and threat hunting. Let's Connect Forrester clients who have questions about this topic or anything related to threat intelligence can book an inquiry or guidance session with me.

This AI-Driven Computer Worm Can Adapt to Attack Different Devices

What happens when you use AI to create a self-replicating computer worm? A group of researchers did just that, developing a prototype AI-driven worm that could adapt and infect a network of Windows- and Linux-based servers, workstations, and other IoT devices. The disturbing research comes from a team at the University of Toronto, which unleashed the prototype worm in isolated virtual computers meant to simulate a corporate IT network. "In our lab, we observed the worm spreading across a realistic network with no human guidance," says Nicolas Papernot, an associate professor in the Department of Electrical and Computer Engineering and the Department of Computer Science. The team published their findings in a 49-page preprint paper to raise alarm bells about how AI-driven computer worms are no longer just a theoretical threat; you can actually build one using publicly downloadable "open weight" AI models, not just closed-source models. "Traditional worms can be stopped by patching the specific vulnerability they exploit. Our adaptive worm cannot be stopped this way: it uses a recursive reasoning loop to detect and exploit diverse vulnerabilities as it propagates," the team adds. The top AI companies have already detected hackers, including state-sponsored groups, trying to leverage their models and chatbots for cyberattacks. But the Toronto research stands out because the AI worm uses an open-weight AI model that can run on a single Nvidia enterprise GPU, rather than fetching outputs from a large language model hosted on a cloud-based server. To spread, the worm will first leverage an enterprise GPU in a corporate network to run a large language model to identify and exploit vulnerabilities on other devices. "Each compromised machine becomes part of its infrastructure, providing reach for further attacks, or computing resources," the paper says. "When the worm gains control of a GPU-equipped host, it deploys a local copy of the LLM, creating an independent reasoning node that serves downstream worm copies on devices without reasoning capability." The team is withholding certain details, such as the AI model used, to prevent bad actors from replicating their work. But the worm didn't need to be smart enough to uncover previously unknown zero-day vulnerabilities to infect other devices. Instead, it spread by exploiting known, unpatched IT vulnerabilities and leveraging software misconfigurations. "In our experiments, the prototype reached half the network in approximately five days," the researchers add. That's actually good news, though, since more traditional computer worms, such as the 2017 WannaCry attack, were able to spread globally within hours. In contrast, the AI-powered worm "requires hundreds of LLM inference calls for reconnaissance, strategy formulation, and payload generation. This affords defenders a longer window for detection and response -- but this window will compress as inference hardware and model efficiency improve," the researchers wrote. That said, the simulated victim servers and computers were configured with "one or more intentionally planted vulnerabilities" that were disclosed months earlier or years ago. Hence, the simulated test doesn't entirely reflect a real-world scenario. The research also focused on unleashing the worm mainly over servers, workstations, and IoT devices running Windows Server and various Linux distributions, rather than Windows 11 or Android. The worm itself was also set up to run on Nvidia's heavy-duty A100 and RTX PRO 6000 enterprise GPUs, which can cost between $10,000 and $17,000. Still, the team warns that as PC and smartphone manufacturers release more devices that can run AI models locally, the threat of AI-driven computer worms could easily grow, giving them a larger pool of devices to exploit. "By understanding the risks, we are now positioned to develop the countermeasures needed to detect and defend against threats like this," Papernot says. The team adds that it consulted with "national security and defense bodies" on how to properly disclose their findings.

Researchers show how AI-powered worms could wreak havoc on the internet - Engadget

The new threat can tailor its attack and learn new strategies with each machine infected. We've seen how AI can be used to find flaws in apps and websites, but researchers have now demonstrated how it could be weaponized to exploit those vulnerabilities. A team from the University of Toronto used publicly accessible AI models to power a prototype worm capable of exploiting any known computer flaw. Such worms could then spread through networks and cause chaos across the internet. A typical worm is usually designed by skilled programmers to exploit specific network flaws and can be stopped by patching those flaws. However, the U of T scientists, working in a secure closed environment and taking extensive precautions, used open-weight (open-source) AI models to create a far more sophisticated prototype worm that spread through the team's test network with no human intervention. This new type of worm tailors its attack to different types of flaws across multiple platforms, including Linux, Windows and IoT devices. It gathers data as it moves through the network, siphoning passwords and uncovering more vulnerabilities that will help it take over other machines. If an infection is discovered and patched on a computer, the worm can exploit other flaws to attack the same machine. What's more, the worm "feeds" itself by siphoning processing power from infected machines to power its reasoning and strategy for future attacks. "Hackers have typically had to prioritize the most high-value targets because time and computing resources were limited," said the lead author, Nicolas Papernot. "But now, once a worm is launched, the cost would drop to nearly zero." The idea of AI-powered cyber threats became very real recently with Anthropic's launch of Mythos, a model that can identify previously unknown cybersecurity risks. Anthropic has said that Mythos has already uncovered more than 10,000 flaws, boosting its partners' bug-finding rate by more than a factor of 10. Cloudflare, which helps protect companies from malicious attacks, found 2,000 such vulnerabilities, including 400 considered high or critical. The prototype worm created by the researchers can only exploit known flaws and not find unknown ones like Mythos. However, it's easy to see how bad actors could adapt it to both find and exploit new vulnerabilities -- which would make it nearly unstoppable if released into the wild. "In an interconnected world, no system is immune to this threat," Papernot said. "Sharing these findings is the first step in galvanizing researchers, industry leaders and policymakers to take action -- and quickly."

Scientists Find Way to Supercharge Dangerous Computer 'Worms' With A.I.

Cade Metz has reported on artificial intelligence for more than 15 years. Researchers at the University of Toronto say they have found a way to use artificial intelligence to create a dangerous computer "worm" capable of targeting any known flaw in the world's computers and quickly spreading mayhem throughout the internet. The computer scientists said in a paper published on Tuesday night that this program could be built and that a prototype they had created spread across a test network with no human intervention. The researchers kept their test network isolated from the public internet. They also redacted some details from the paper describing how they built the worm so that hackers would not be able to use the paper as a blueprint for attacks. But their work is likely to raise fears that A.I. is leading to a new era of computer hacking that will be difficult to defend against. It also adds to growing evidence that advances in A.I. are creating risks to computer networks that would have been hard to imagine just a few years ago. The A.I. company Anthropic said in April that its latest technology, Claude Mythos, was too powerful to share with the public because hackers could use it to exploit security holes in computer networks faster than they ever could before. Anthropic limited the release of the technology to about 40 organizations that maintain critical computer infrastructure so they could use the system to patch security vulnerabilities before hackers took advantage of them. A week later, OpenAI, Anthropic's chief rival, said it was limiting the release of similar technology. OpenAI shared its new system with hundreds of organizations before expanding the release to thousands of partners in the weeks that followed. (The New York Times sued OpenAI and Microsoft in 2023, claiming copyright infringement of news content related to A.I. systems. The two companies have denied those claims.) The paper from the University of Toronto adds a new twist to A.I. fears. Because the A.I. technology that powered the worm was "open source" or "open weight" -- meaning it has been freely shared on the internet -- no one can restrict how it is used. The proverbial genie is out of the bottle. "You have to have a perfectly secure system to defend against this -- and we know that is not currently feasible," said Nicolas Papernot, a professor of computer engineering at the University of Toronto who led the team that built and tested the prototype. Dr. Papernot and his team, which published the paper on his lab's website, were able to create what is essentially an A.I.-powered version of the computer worms that hackers started releasing onto the internet two decades ago. Unlike other kinds of computer viruses, worms spread from machine to machine on their own, without help from humans. With names like SQL Slammer, Conficker and Stuxnet, each of these self-replicating software programs exploited a specific vulnerability in computers, taking control of millions of machines, stealing their data, deleting their files and generally wreaking havoc. After a decade of attacks, many computer users learned to quickly patch their most glaring vulnerabilities. But the threat never went away. In 2017, another worm, WannaCry, targeted another major flaw in the world's machines and infected over 300,000 machines in 150 countries, taking their data hostage and demanding bitcoin ransom payments. The prototype built by the Toronto researchers takes this kind of self-replicating worm a step further. It can rapidly spread across a network by tailoring a new attack for each machine it encounters. As Dr. Papernot described it, the worm could "reason" through new attack strategies. "This makes it significantly more difficult to stop the spread of malware," he said. "There is no longer a single software fix you can apply to the devices to protect them from the worm." The worm could run on computers that use either the Windows or the Linux operating system. And although the worm, because of its complexity, cannot operate without finding a more powerful machine, it could attack less powerful machines on the same network, including laptops, printers and cameras. Security experts are not surprised that A.I. can tailor attacks. Over the past year, companies in the United States, China and other parts of the world have built A.I. systems that are particularly good at writing computer code. If an A.I. system can write code, it can potentially exploit vulnerabilities in software applications. But leading systems from companies like Anthropic and OpenAI cannot be packaged into worms because they are not open source and, in all likelihood, are too large to run on many computers. Many experts assumed that open source A.I. technologies were not powerful enough to drive self-replicating computer worms. In recent months, however, companies and government labs, including several in China, have released increasingly powerful open source systems. The Toronto researchers augmented an open source system in a way that enhanced those powers. They have not publicly revealed which open source system they used. But they say their prototype shows that hackers could build a similar worm -- if they have not already. Some outside experts said the threat may be limited because A.I. systems are prone to mistakes. "There is usually a meaningful gap between what you can create in lab conditions and what you can pull off in the world to create significant damage," said Dan Lahav, chief executive of Irregular, a security company that specializes in threats from A.I. "A.I. systems tend to be unpredictable and clumsy," he added. "They do weird stuff, and that can trigger security defenses." But Mr. Lahav also warned that A.I. would continue to improve. That means companies have to patch as many software vulnerabilities as possible, and they can use A.I. to help do it. For that reason, researchers said, Anthropic should share Mythos with a wider group so it can be used to fight A.I. threats. On Tuesday, Anthropic said it would share its technology with 150 additional organizations. "Ultimately, broader distribution -- so that people can use the technology to fix vulnerabilities -- is the way to go," said David Lie, a computer science professor at the University of Toronto who reviewed the paper but was not part of the team that built the worm. The methods described by the University of Toronto researchers can also be used to find and patch vulnerabilities, Dr. Lie said. Like any other cybersecurity technology, their worm can be used for both offense and defense. "One can modify the worm so that it fixes the vulnerabilities it finds," he said. "The power of the technology is dependent on what you do with it."

'A Fundamentally New Threat': Researchers Develop New AI-Powered Worm That Might Be Unstoppable

It's a nightmare scenario that's long haunted the imaginations of cybersecurity experts: computer malware that spreads autonomously from device to device, learning as it goes and exploiting different vulnerabilities along the way. Now, researchers have demonstrated that such a "worm" can in fact be built today, with publicly available AI models, and at a disconcertingly low cost. A preprint paper published Tuesday by a team from the University of Toronto, the University of Cambridge, and elsewhere outlines "a fundamentally new threat: a worm that generates tailored attack strategies to each target it encounters," according to the researchers. The paper described how the team deployed an AI agent to act as a worm in a controlled, isolated network composed of Linux, Windows, and IoT devices and "with common corporate network vulnerabilities," such as reused passwords. The agent was powered by an unnamed open source LLM. Why this worm is so dangerous Unlike a traditional computer virus, which needs a human to be duped into, say, opening a file infected with malware, worms can infect devices entirely on their own by exploiting security vulnerabilities and replicating into copies of itself along the way. They spread via a shared digital connection, such as a wifi network, to find other vulnerable devices it can infect. And they precede the LLM boom: back in 2017, the aptly-titled WannaCry worm, allegedly built by government-backed North Korean hackers, spread to hundreds of thousands of devices spread across more than 150 countries. The malware held the infected devices hostage until their owners paid a Bitcoin ransom. The WannaCry fiasco and other worm incidents underscored the vulnerabilities that come with a globally interconnected digital ecosystem. But they could be stopped relatively easily: WannaCry exploited a single security vulnerability, which was promptly patched up, eliminating any further spread. The University of Toronto team's experimental worm, in contrast, is able to dynamically detect security flaws that are unique to each particular device it infects, thereby using a variety of tactics to propagate through a network. It also parasitically feeds off devices' computing power, a problem which, as the researchers point out in their paper, is made more dire by the fact that those devices are now being built to support computationally expensive LLMs. Smartphones and laptops built for AI, in other words, are an abundant feeding ground for this kind of worm. "As consumer devices increasingly support LLM inference, the reasoning resources available to such adversaries grow accordingly," the researchers write in a blog post explaining their work. That "means every machine connected to the internet is a potential target -- if not for the data it holds, then as a launching pad for the next attack." The AI worm moves slower than traditional worms, since at each point along its path of propagation it needs to meticulously probe for potential points-of-entry into the next device; it took about five days to infect half of the devices in the experimental network, the researchers noted. But that timeframe will compress as devices get more efficient at inference and as AI models improve in their ability to detect security flaws, the researchers warn. Cybersecurity professionals have been worried about AI for years The paper arrives at an anxious moment for the cybersecurity sector, which is already trying to come to grips with the possible ramifications of powerful new AI systems that are able to discover and exploit security vulnerabilities at an unprecedented scale. In April, Anthropic announced it had developed a model called Mythos, which it has slowly rolled out to a small group of early testers in a test-and-control effort dubbed Project Glasswing. The goal of that effort is to give the cybersecurity community the opportunity to figure out how such a powerful system can be used to strengthen defense more than it empowers the offense. OpenAI launched its own model trained to detect cybersecurity vulnerabilities, called GPT-5.4-Cyber, a few weeks after Mythos launched, and has likewise only shared it with a limited group of early testers. In a similar spirit, the University of Toronto researchers said they published the paper in hopes of waking the global cybersecurity community up to the new threat. They also noted that they consulted with government and scientific bodies beforehand to assess how to best make their findings available without empowering hackers. Along with the identity of the open source model that was used to power the worm, other key methodological details were omitted from the published paper. "We shared enough information to make the threat credible enough for scientific scrutiny without providing a blueprint that would enable misuse," they wrote.

A new AI-powered computer worm could prove to be the stuff of cybersecurity nightmares | Fortune

In cybersecurity, few words trigger more dread than 'wormable' -- a vulnerability that could be weaponized into a self-spreading worm. Now researchers at the University of Toronto have demonstrated something worse: an AI-driven worm that can't be stopped by patching a single flaw, because it uses reasoning to detect and exploit different vulnerabilities as it spreads. In a new paper released yesterday, 'AI Agents Enable Adaptive Computer Worms,' the researchers explain that traditional worms exploit a single vulnerability -- patch it, and you stop the spread. But AI agents go further: the worm they built generates tailored attack strategies, with no human intervention, by hijacking compromised machines and running open-weight LLMs to simultaneously reason and extend its reach. The researchers ran the worm 15 times on a simulated 33-machine corporate network. On average, in one week with zero human involvement, the worm broke into nearly three-quarters of the machines on the network, and set up a permanent presence on nearly two-thirds of them. In addition, any LLM knowledge cutoff -- a date after which they don't know about new vulnerabilities -- did not stop the worm. The researchers showed the worm could read fresh, publicly available vulnerability advisories online in real time -- the same ones security teams use -- and figure out how to exploit those new flaws on its own. Findings come after Anthropic's Mythos wake-up call The paper's findings come at a nervous moment for cybersecurity. Anthropic's recently launched Mythos model, deployed only to companies with critical software through Project Glasswing, rattled enterprise security teams by revealing just how many unpatched software vulnerabilities exist across corporate infrastructure. Now the Toronto researchers are showing what happens when autonomous generative adversaries can find their way in without humans and without without already-known exploits. "This is bigger than Mythos in my view," said Gary McGraw, CEO of the AI security nonprofit Berryville Institute of Machine Learning. "This shows what happens when a generic model that's open weights can be targeted, and it just sort of grinds relentlessly, looking for bugs." What's new here, he told Fortune, is that AI has gotten so good at looking for bugs and finding exploits, that even the non-Mythos models, including smaller, open-weight LLMs, are now good enough to be the brains of a worm. It should be a wake-up call to the industry, said McGraw, as was the famous Morris worm of 1988 -- when Robert Morris Jr. created a worm at MIT, let it loose, and it rampaged across the early Internet like a wildfire. Nearly four decades later, agentic AI is providing the "brain" that looks for not just one bug, but any bug, he explained. Traditional worms, including important news-making ones like Heartbleed in 2014 and WannaCry in 2017, were all based on one particular bug. "Now, the worm can pick a target, and instead of seeing whether it has one bug that it knows about, it can just try to hack it with any bug that it can find," he said. Ari Herbert-Voss, CEO of AI cybersecurity startup RunSybil and formerly OpenAI's first security hire, agreed that this is the latest reckoning for organizations, who need to accelerate patching efforts and stay ahead of a new generation of machine-speed attacks. "Organizations that continue to patch on human timelines will increasingly find themselves behind the curve," he said. Still, it is important to separate laboratory success from operational reality, pointed out Jamieson O'Reilly, an offensive security specialist and founder of red-teaming startup Dvuln. "I have no doubt that AI-driven propagation is a real and growing capability," he said, but added that while the researchers showed the AI-powered worm could spread to intentionally vulnerable targets in a controlled environment, companies do have defensive controls, monitoring, authentication barriers and operational friction that could dramatically alter outcomes. "I view this research as an important warning sign rather than a surprise," he said. "AI is steadily reducing the expertise required to build autonomous offensive capabilities, and both governments and organizations should take that seriously." Security teams must figure out how to defend in this new era For security teams, the answer to how to defend against the dangers of AI-powered worms is investment -- specifically in fixing software, said McGraw, pointing to Mythos as a model. "The thing I love about Mythos is that people spent literally millions of dollars finding and fixing bugs," he said. "Maybe this will get the people who weren't involved [in Project Glasswing] to realize, we've got to fix our software too." Herbert-Voss, however, argued that this may not fundamentally be just a spending problem. Most organizations already have more vulnerabilities than they can realistically address. "The challenge is knowing what actually matters for an attacker to gain control," he explained. "As attackers become faster and more automated, defenders need to become more precise." In addition, O'Reilly emphasized that defenders still have an edge as worms using local AI models for their reasoning would still have to move large model files around computer networks. That creates unusual traffic and activity that security teams could detect. However, as models improve and get smaller, that advantage will erode, he warned. But McGraw insisted that the biggest challenge is that defenders are chronically underfunded. Most security professionals already know what they should be doing -- patching software, pen testing, using AI defensively. "That costs money, and it's an investment," he said. "You can spend too much on security, so how much is enough? Well, the scales recently changed. Time to think about it again." The bottom line, McGraw insisted, may be difficult, but is uncomplicated: "Fix your damn software."

Researchers create AI worm that adapts attacks without human input

Researchers at the University of Toronto have developed a prototype AI-powered worm capable of exploiting known computer vulnerabilities, potentially posing new threats to internet security. This worm autonomously tailors its attack strategies as it infects machines and does not require human intervention, a significant advancement over traditional worms that are manually programmed to target specific network flaws. The AI worm can spread across various platforms, including Linux, Windows, and IoT devices. As it traverses the network, it collects sensitive data such as passwords and identifies additional vulnerabilities. If it encounters a patched flaw, the worm is still capable of exploiting other existing weaknesses on the same machine to continue its attack. The worm siphons processing power from infected machines, using this resource to enhance its attack strategies. Lead author Nicolas Papernot stated that the launch of such a worm would significantly lower the operational costs for hackers. "Hackers have typically had to prioritize the most high-value targets because time and computing resources were limited," Papernot said. "But now, once a worm is launched, the cost would drop to nearly zero," he added. The urgency surrounding AI-powered cyber threats has grown following the release of Anthropic's AI model, Mythos, which can identify previously unknown cybersecurity risks and has reportedly discovered over 10,000 flaws. While the University of Toronto's prototype can only exploit known vulnerabilities, there is concern that malicious actors could adapt this technology to both find and exploit new weaknesses, creating a formidable threat. "This threat underscores the need for coordinated action," Papernot emphasized. He called for a collective response from researchers, industry leaders, and policymakers to address the potential risks posed by these developing technologies.

This new AI-powered worm spreads itself and adapts in real time -- here's how to stop it

Sara Heritage is a tech and gaming journalist, who's currently making her way up to Master Ball rank in Pokemon Champions. Bylines in IGN, GAMINGbible, The Gamer and more. You can usually find her tinkering with tech, or restoring old consoles, always with one of her 3 cats nearby. Come and talk with her over on Twitter @SHeritageJourno. Researchers at the University of Toronto have created the world's first adaptive AI-powered computer worm as a proof-of-concept malware in a yet-to-be peer-reviewed study posted in arXiv. This virus can learn on its own, make decisions, and change its attack strategy in real time to target any device connected to your network. It might sound like something out of the Terminator, but it's not all bad news. These 4 antivirus apps are actually worse than malware Your antivirus should protect you, not make your computer feel more difficult to use. Posts 3 By Afam Onyimadu What's the difference between this and viruses? Traditional malware uses fixed scripts to attack certain parts of your computer. When you think of normal malware, you probably think of a virus, which needs you to open an infected file to take control. Worms are a bit different - they can spread across networks on their own and copy themselves, taking control without any input from you. The autonomous worm from the University of Toronto uses free AI models to study its target, whether it's a desktop, laptop, or phone. It then picks known weaknesses to attack, using large language AI models like ChatGPT that are available to the public. It gets even more concerning: this worm costs hackers nothing and takes almost no time to use. Worms that use AI chatbots can adapt, collect information, and attack new targets without any human help. After infecting a device, the worm uses that device's processing power to run its AI. How to protect yourself from adaptive malware While it may sound like a science-fiction threat, the researchers at the University of Toronto have some reassuring news. "The worm parasitically uses compromised machines to run open-access large language models (LLMs) to sustain its reasoning, or extend its reach for further attacks". "It was imperative for us to understand this threat in a controlled, academic setting before bad actors figured it out for themselves," said Nicolas Papernot, author. "The reason we are doing this research is to ensure the security of the digital ecosystem we all rely on - to keep people safe. This finding catapults us into a new era of cybersecurity," Dr Papernot said. You can take steps to protect yourself Since these adaptive worms spread by finding weak spots and human mistakes, the best defense is to strengthen your personal digital habits. Subscribe to the newsletter for vital cybersecurity insights For clearer understanding of evolving cyber risks, subscribe to the newsletter for in-depth coverage of adaptive AI malware, breakdowns of defenses like passkeys and MFA, and step-by-step guidance to harden devices and accounts. Get Updates By subscribing, you agree to receive newsletter and marketing emails, and accept our Terms of Use and Privacy Policy. You can unsubscribe anytime. Remember that devices like smart cameras, routers, and WiFi-connected appliances are also at risk. Change all default passwords from the manufacturer, and if you can, put your smart home devices on a separate guest Wi-Fi network. You can also set up stronger access controls. According to new guidelines from a top spy agency, passkeys are now the most secure way to protect your data, and everyone is encouraged to use them. Also, turn on multi-factor authentication on any device that allows it to keep your personal and financial accounts safe. Finally, don't ignore software updates. It's easy to put them off, but updates fix the exact bugs that AI-powered worms look for. Treat operating system and firmware updates as urgent and important tasks.

Major Data Breach: Self-Replicating AI Worm Infects 75% of Devices in 7 Days

Researchers have demonstrated a new AI-powered worm that can move from one computer to another on its own. The finding has sparked concern about how future cyberattacks may become harder to stop. Researchers at the University of Toronto have discovered an AI-powered worm that can spread across computer systems without direct human control. The experiment has been conducted in a controlled setting, and the is now out in a paper titled 'AI Agents Enable Adaptive Computer Worms.' The study has drawn attention from since it shows how artificial intelligence could change the way malware operates in the future. Here, the researchers have highlighted that a new generation of computer worms could use artificial intelligence to spread across networks autonomously. They don't need human intervention; instead, they adapt their strategy when they encounter a challenge or roadblock. According to researchers, the worm can move from one system to another by identifying vulnerabilities on its own. Once it gained access, it could continue searching for other vulnerable systems and attempt to spread further. Unlike traditional forms of malware, it did not need constant instructions from a human operator. The research was conducted on systems running Linux, Windows, and the Internet of Things. The researchers have noted that within a week, the malware was spread to three-fourths of the devices without any human commands. The study does not mean such worms are already spreading widely online. However, it highlights a risk that security teams may face as AI tools become more common and more powerful. Also Read: The findings have also prompted to accelerate the development of AI-based defense tools. Many firms are developing systems that can monitor network activity, detect unusual behavior, and respond faster than traditional security software. This is important because most current security systems were built to detect known threats. An AI-powered threat that can change its behavior may be harder to identify using older methods. The new study suggests that the next phase of cybersecurity could involve AI on both sides, with intelligent attacks facing equally intelligent defenses.