Key facts
- Researchers developed an AI-driven worm that can adapt and exploit new vulnerabilities.
- The worm uses AI agents and LLMs to reason and extend its reach without human intervention.
- In simulations, the worm infected nearly 75% of machines on a corporate network in one week.
- The worm can read and exploit new vulnerability advisories in real time.
- Experts warn this signifies a new era of machine-speed cyberattacks requiring faster patching.
Researchers at the University of Toronto have developed an AI-driven computer worm capable of autonomously detecting and exploiting new vulnerabilities as it spreads, presenting a significant cybersecurity threat. Unlike traditional worms that exploit a single known flaw, this AI worm uses open-weight Large Language Models (LLMs) to reason and adapt, identifying and leveraging new exploits in real time.
In simulations on a 33-machine corporate network, the worm successfully infiltrated nearly three-quarters of the machines and established a permanent presence on almost two-thirds within one week, without any human intervention. This capability means that even if one vulnerability is patched, the worm can find and exploit others. Experts like Gary McGraw and Ari Herbert-Voss view this development as a critical wake-up call for the cybersecurity industry, highlighting the need for organizations to accelerate their software patching efforts to keep pace with machine-speed attacks.
While some, like Jamieson O'Reilly, note that current defensive controls and the logistical challenges of moving large AI models could mitigate immediate risks, they agree that AI is steadily lowering the expertise required for sophisticated cyberattacks. The research underscores the urgency for security teams to invest in fixing software vulnerabilities and develop more precise defensive strategies.