Researchers at the University of Toronto have developed a prototype AI-powered worm capable of exploiting known computer vulnerabilities, potentially posing new threats to internet security. This worm autonomously tailors its attack strategies as it infects machines and does not require human intervention, a significant advancement over traditional worms that are manually programmed to target specific network flaws.
The AI worm can spread across various platforms, including Linux, Windows, and IoT devices. As it traverses the network, it collects sensitive data such as passwords and identifies additional vulnerabilities. If it encounters a patched flaw, the worm is still capable of exploiting other existing weaknesses on the same machine to continue its attack.
The worm siphons processing power from infected machines, using this resource to enhance its attack strategies. Lead author Nicolas Papernot stated that the launch of such a worm would significantly lower the operational costs for hackers. “Hackers have typically had to prioritize the most high-value targets because time and computing resources were limited,” Papernot said. “But now, once a worm is launched, the cost would drop to nearly zero,” he added.
The urgency surrounding AI-powered cyber threats has grown following the release of Anthropic’s AI model, Mythos, which can identify previously unknown cybersecurity risks and has reportedly discovered over 10,000 flaws. While the University of Toronto’s prototype can only exploit known vulnerabilities, there is concern that malicious actors could adapt this technology to both find and exploit new weaknesses, creating a formidable threat.
“This threat underscores the need for coordinated action,” Papernot emphasized. He called for a collective response from researchers, industry leaders, and policymakers to address the potential risks posed by these developing technologies.
