U of T researchers demo AI worm that adapts as it spreads

University of Toronto Researchers Reveal AI-Powered Computer Worm That Spreads Autonomously

A team of cybersecurity researchers at the University of Toronto has demonstrated that freely available artificial intelligence models can power a self-propagating computer worm capable of adapting its attack strategy in real time — a finding they say marks the beginning of a new era in cyberthreats.

An Adaptive Digital Invader

The research, released on June 2, shows that open-weight AI models — which anyone can download and modify — can be weaponized to create malware that scopes out targets, tailors its attacks and clones itself from device to device without human involvement. The prototype was tested in a secure, closed lab simulating dozens of interconnected devices including laptops, printers and cameras.utoronto

Unlike traditional worms that follow fixed scripts and fail when encountering unfamiliar defenses, the AI-driven version gathers intelligence as it moves deeper into a network, with each breach revealing passwords and weak points that unlock the next machine. It also siphons processing power from compromised devices to fuel its reasoning, eliminating the cost of each new infection.utoronto

“Hackers have typically had to prioritize the most high-value targets because time and computing resources were limited,” said Nicolas Papernot, an associate professor at U of T and the project’s lead researcher. “But now, once a worm is launched, the cost would drop to nearly zero”.utoronto

Broader Implications

The researchers shared their findings with national security and defense bodies before publishing and removed information that could aid malicious actors. Their paper, posted to arXiv on June 3, describes countermeasures including methods to detect AI-driven worms.arxiv

Papernot emphasized that while the prototype still requires technical expertise to build, the window for developing defenses is closing. In an uncontrolled setting, the worm could scan public vulnerability disclosures and exploit flaws faster than patches can be deployed.utoronto

A Growing Landscape of AI-Enabled Threats

The research arrives amid mounting concern over AI’s role in offensive cybersecurity. In April, Anthropic restricted access to its Claude Mythos Preview model after it demonstrated the ability to autonomously discover and exploit zero-day vulnerabilities across every major operating system and web browser. Access was limited to roughly 40 organizations through a program called Project Glasswing. As of May, Anthropic reported that an early snapshot of Mythos had disclosed 1,596 vulnerabilities across 281 open-source projects.cnbc

Papernot drew a distinction between his team’s work and models like Mythos: the U of T prototype does not discover unknown flaws but instead exploits known ones at machine speed using models that lack commercial safeguards. “Every device connected to the internet becomes a potential target, if not for the data it holds, then as a foothold to attack more valuable targets,” he said.utoronto