- AI-powered worms can adapt their attacks across Linux, Windows, and IoT devices without any human intervention.
- Unlike traditional malware, AI-powered worms harvest infected machines’ processing power to fuel their own spread.
- Researchers at the University of Toronto built the prototype using publicly available open-source AI models.
- Lead researcher Nicolas Papernot warns the cost of launching such an attack could drop to nearly zero.
- AI-powered worms can adapt their attacks across Linux, Windows, and IoT devices without any human intervention.
- Unlike traditional malware, AI-powered worms harvest infected machines’ processing power to fuel their own spread.
- Researchers at the University of Toronto built the prototype using publicly available open-source AI models.
- Lead researcher Nicolas Papernot warns the cost of launching such an attack could drop to nearly zero.
AI-Powered Worms: The Threat That Patches Can’t Fix
AI-powered worms aren’t a distant hypothetical anymore. Researchers at the University of Toronto have built one — a working prototype that spreads through networks autonomously, tailors its attacks to whatever vulnerabilities it encounters, and gets smarter as it goes. It ran entirely in a controlled, isolated environment, but the implications for the open internet are difficult to overstate.
Traditional network worms are nasty but limited. They’re essentially single-purpose tools: a skilled programmer identifies a specific flaw, writes code to exploit it, and releases it. Patch the flaw, and the worm is stopped. That’s the basic playbook security teams have followed for decades. The U of T prototype tears that playbook apart.
This new class of malware doesn’t target one vulnerability — it targets whatever it finds. It works across Linux, Windows, and IoT devices, pivoting between platforms as needed. If a patch closes one door, the worm probes for another. It’s the difference between fighting an enemy with a fixed battle plan and fighting one that improvises in real time. The Cybersecurity and Infrastructure Security Agency has long warned that adaptive malware represents one of the most difficult threat categories for defenders to contain.
How the Worm Actually Works
The mechanics here are what make this genuinely alarming. The team built the prototype using open-weight — effectively open-source — AI models, the same kind anyone can download and run today. No proprietary systems, no special access. That means the barrier to replication isn’t particularly high for a determined bad actor.
As the worm spreads through a network, it doesn’t just cause damage — it learns. It collects passwords, maps the network, and identifies new attack surfaces. Every machine it infects becomes both a target and a data source. More disturbingly, it siphons processing power from infected machines to run its own reasoning and planning. The hosts become unwilling participants in their own compromise, funding the intelligence that will be used against them and their neighbors on the network.
Nicolas Papernot, the lead author of the research, put the economic shift bluntly:
