AI Malware Worm Adapts to New Targets in Real Time, Cybersecurity Experts Say – Decrypt

Advances in AI agents may be opening the door to a new cybersecurity threat: adaptive computer worms capable of generating attack strategies on the fly and spreading autonomously across networks, new research warns.

The paper, from researchers at the University of Toronto, Vector Institute, University of Cambridge, and ServiceNow, describes a proof-of-concept AI-powered worm that can identify vulnerabilities, devise tailored attack paths, compromise systems, and replicate itself across a network while adapting its tactics to different targets.

“We must prepare for autonomous generative adversaries,” the researchers wrote. “Malware systems that propagate without human operators and are defined not by fixed exploit code, but by the capacity to reason about targets, adapt to observations, and synthesize attack logic in real time.”

A computer worm is self-replicating malware that spreads automatically across vulnerable networks. Worm outbreaks, including the ILOVEYOU malware in 2000 and WannaCry in 2017, infected millions of computers worldwide, disrupting critical services and causing billions of dollars in damage.

More recently, the Shai-Hulud malware showed how self-propagating attacks can spread online, infecting software used by major companies, including OpenAI and Mistral.

According to the new study, researchers say what sets their AI-powered worm apart from earlier versions is its ability to adapt to different targets, using a large language model to identify vulnerabilities and generate attack strategies in real time rather than relying on a fixed set of exploits.

“Traditional worms, like WannaCry, exploited predetermined vulnerabilities, and their spread can be halted by patching those vulnerabilities,” they wrote. “Here we show that artificial intelligence agents enable a fundamentally new threat: a worm that generates tailored attack strategies to each target it encounters.”

In the study, the team tested the worm in an isolated virtual network containing 33 Linux, Windows, and IoT systems seeded with common vulnerabilities. Across 15 experiments, the worm identified an average of 31.3 vulnerabilities, successfully compromised 23.1 hosts, and spread to roughly 20 machines during seven days of autonomous operation.

In some tests, the study said the malware was able to reach seven generations of self-replication, and unlike many AI applications, the worm did not depend on access to AI cloud services.

Rather than relying on cloud infrastructure from providers such as AWS, Microsoft Azure, or Google Cloud, the malware ran AI models directly on compromised machines. As it spread, infected systems effectively became part of its computing infrastructure.

Researchers also found the system could exploit vulnerabilities disclosed after the model’s training cutoff by ingesting newly published security advisories at runtime, allowing it to incorporate information that was not part of the model’s original training data.

While the testing was conducted in a controlled environment, the authors acknowledged the dual-use nature of the work and intentionally withheld some technical details to reduce the risk of misuse.

“Ahead of releasing this preprint, we edited the manuscript to ensure that the presentation of our method balances the depth of detail needed for the community to study this novel threat with the risk of a malicious actor using our method for creating malware,” they said.

Despite this, the researchers said the project is intended to better understand the risks posed by adaptive computer worms and provide evidence of how far AI-enabled cyber capabilities have progressed.

“Addressing this threat will therefore require coordinated action across the research, security, industry, and policy communities: evaluation frameworks that test harness-level capabilities, detection systems tuned to the behavioural signatures of autonomous agents, and regulatory measures that account for the decentralized nature of open-weight inference,” they wrote.