AI-Powered Computer Worm Spreads Autonomously, Researchers Warn

SAN FRANCISCO – Researchers at the University of Toronto have developed a prototype AI-powered computer worm capable of autonomously targeting and exploiting any known vulnerability in computer systems, spreading across networks without human intervention. The team, led by Professor Nicolas Papernot, published their findings on June 2, demonstrating how open-source AI models can be weaponized to create self-replicating malware that tailors attacks to each machine it encounters. The researchers kept their test network isolated from the public internet and redacted sensitive technical details from their paper to prevent the work from serving as a direct blueprint for malicious actors. Unlike traditional computer worms such as SQL Slammer, Conficker, Stuxnet, and WannaCry, which exploited specific vulnerabilities, this AI-powered prototype can reason through new attack strategies and adapt its methods as it spreads. The worm can infect systems running Windows, Linux, and Internet of Things devices while siphoning processing power from compromised machines to fuel its decision-making. It also gathers passwords and discovers additional vulnerabilities to maintain its foothold even if initial entry points are patched. "You have to have a perfectly secure system to defend against this – and we know that is not currently feasible," Papernot said. "There is no longer a single software fix you can apply to the devices to protect them from the worm." The research highlights the inherent risks of open-source AI technology, which cannot be restricted once released publicly. This concern has driven companies like Anthropic to limit distribution of their most powerful systems. Anthropic's Claude Mythos, for example, can identify previously unknown cybersecurity vulnerabilities and has uncovered more than 10,000 flaws for its partners, boosting bug-detection rates significantly. While some security experts argue that AI systems remain unpredictable and prone to errors that could trigger defenses, they acknowledge that the technology will continue to improve. Papernot and colleagues argue that broader distribution of AI security tools could ultimately help organizations patch vulnerabilities before attackers exploit them.