New AI Worm Poses Unstoppable Threat, Researchers Warn
▼ Summary
– Researchers demonstrated a self-spreading AI worm built with publicly available models that can autonomously exploit different vulnerabilities on each device it encounters.
– Unlike traditional worms like WannaCry that relied on a single vulnerability, this AI worm dynamically detects and uses unique security flaws per target to propagate through a network.
– The worm feeds on device computing power, and as consumer devices increasingly support LLM inference, they become abundant targets and launch pads for attacks.
– The AI worm spreads slower than traditional worms, taking about five days to infect half of devices in tests, but speed will increase as devices and models improve.
– The researchers published the paper to alert cybersecurity professionals, omitting key details like the specific open source model used to prevent misuse.
A cybersecurity nightmare that has long lingered in the minds of experts is now a demonstrable reality. Researchers have proven that a self-spreading, AI-powered computer worm can be built using publicly available models, and at an alarmingly low cost. This marks a fundamental shift in the digital threat landscape, moving beyond traditional viruses that rely on human error.
A new preprint paper, authored by a team from the University of Toronto, the University of Cambridge, and other institutions, details what they describe as “a fundamentally new threat: a worm that generates tailored attack strategies to each target it encounters.” To prove the concept, the researchers deployed an autonomous AI agent within a controlled, isolated network. This network was designed to mimic a typical corporate environment, featuring Linux, Windows, and IoT devices with common vulnerabilities like reused passwords. The agent itself was powered by an unnamed open-source large language model (LLM).
Why this worm represents a new class of danger
Traditional computer viruses require a human to be tricked into activating them, such as by opening an infected file. Worms, by contrast, are self-replicating; they can infect devices entirely on their own by exploiting security flaws and then copying themselves to new targets. They spread through shared digital connections, like a Wi-Fi network, hunting for other vulnerable machines. The threat is not entirely new in concept. The infamous WannaCry worm of 2017, allegedly created by North Korean state-backed hackers, spread to hundreds of thousands of devices across 150 countries, holding data for ransom.
But there is a critical difference. WannaCry was a single-use weapon. It exploited just one security vulnerability, and once that flaw was patched, the attack was neutralized. The experimental worm from the University of Toronto team is far more dangerous. It can dynamically detect security flaws unique to each device it encounters, using a variety of tactics to propagate through a network. It is not a one-trick pony; it is a learning, adapting adversary.
Furthermore, this new worm is parasitic, feeding on the computing power of the devices it infects. This problem is exacerbated by the fact that modern smartphones and laptops are now being built specifically to handle the heavy computational demands of LLMs. These AI-ready devices become an abundant feeding ground. As the researchers explain in a blog post, “As consumer devices increasingly support LLM inference, the reasoning resources available to such adversaries grow accordingly.” This means every internet-connected machine is a potential target, either for the data it holds or as a launchpad for the next wave of attacks.
The AI worm currently moves slower than its predecessors. It takes time to meticulously probe each potential point of entry; in the experiment, it took about five days to infect half of the network’s devices. However, the researchers warn that this timeframe will shrink dramatically as devices become more efficient at inference and as AI models improve their ability to find security flaws.
The cybersecurity sector has long feared this moment
This research arrives at a time of deep anxiety for the cybersecurity industry, which is already grappling with the potential of powerful AI systems that can discover and exploit vulnerabilities at an unprecedented scale. In April, Anthropic launched a model called Mythos, slowly rolling it out to early testers through a program called Project Glasswing. The goal is to give the cybersecurity community a chance to understand how such a powerful tool can be used to strengthen defenses rather than empower attackers. Shortly after, OpenAI released its own vulnerability-detection model, GPT-5.4-Cyber, also limited to a small group of testers.
In a similar spirit of proactive defense, the University of Toronto researchers stated they published their findings to wake up the global cybersecurity community. They consulted with government and scientific bodies beforehand to determine how to share their results responsibly. To prevent the paper from becoming a blueprint for hackers, they omitted the name of the open-source model used and other key methodological details. “We shared enough information to make the threat credible enough for scientific scrutiny without providing a blueprint that would enable misuse,” they wrote.
(Source: Gizmodo.com)
