AI-powered worm adapts in real-time to new targets, researchers say

Key facts

• A new AI-powered worm can autonomously identify vulnerabilities and generate tailored attack strategies in real time.
• The malware utilizes open-weight AI models running directly on compromised machines, rather than relying on cloud services.
• Researchers demonstrated its ability to adapt tactics, compromise systems, and self-replicate across networks.
• Testing showed the worm could reach seven generations of self-replication and exploit newly disclosed vulnerabilities.
• The study authors emphasize the need for coordinated action across research, security, industry, and policy sectors to address this emerging threat.

New research from institutions including the University of Toronto and the University of Cambridge describes a proof-of-concept AI-powered worm that can autonomously identify vulnerabilities, generate tailored attack strategies, and spread across networks in real time. This adaptive capability distinguishes it from traditional worms that rely on fixed exploits.

The AI worm utilizes open-weight large language models that run directly on compromised machines, effectively turning infected systems into part of its computing infrastructure, rather than depending on external cloud services. This allows it to adapt its tactics on the fly and even incorporate newly disclosed vulnerabilities by ingesting security advisories at runtime.

In controlled tests within a virtual network, the worm demonstrated its ability to identify numerous vulnerabilities, compromise systems, and achieve multiple generations of self-replication. The researchers highlighted that this work signifies a move beyond theoretical AI-driven cyberattacks, presenting a new class of adaptive computer worms.

Acknowledging the dual-use nature of their findings, the researchers have intentionally withheld certain technical details to mitigate the risk of misuse. They advocate for a coordinated response from the research, security, industry, and policy communities to develop evaluation frameworks, detection systems, and regulatory measures to address this evolving threat.