Researchers have shown that an AI-powered computer worm is capable of automatically spreading across networks by identifying and exploiting security vulnerabilities in different devices.
This development raises new concerns about the future of cyberattacks and the role of artificial intelligence in them.
This experimental malware, developed by researchers from the University of Toronto and cybersecurity firm CleverHans, relies on combining a large, locally operating language model with a standalone software framework capable of scanning networks, examining devices, and identifying vulnerabilities. The system analyzes the information it finds and then decides, without human intervention, how to move on to new targets within the network.
In an experiment whose results were published in a preliminary study on the arXiv preprint server, researchers tested this worm within a simulated corporate network comprising 33 devices running various operating systems, including Linux, Windows, and IoT devices. The results showed that the program was able to discover security vulnerabilities, compromise multiple devices, and then expand into approximately 62% of the network within a single week.
Michael Ige, an assistant professor of information technology at Trinity Washington University who was not involved in the study, said that these systems are no longer limited to carrying out a static attack, but have become capable of analyzing their surrounding environment, choosing the appropriate method of penetration for each device, and then repeating the process after success.
The researchers explain that this system doesn't rely on sophisticated, cutting-edge technologies, but rather on a setup that combines an open-source AI model with tools for network scanning and information gathering. The AI's role is to analyze the data and determine the next step, not to directly carry out the hack.
Experts add that this type of artificial intelligence does not necessarily invent new hacking methods, but it chooses from among known vulnerabilities and determines the most effective path of attack, with the ability to modify its decisions if the first attempts fail.
Bob Hutchins, a professor of artificial intelligence strategies at Lipscomb University, believes that what is new about this model is its ability to adapt, as its strategies vary depending on each device that is targeted, rather than following a fixed sequence as in traditional malware.
Hutchins points out that this capability makes the attack more flexible, because the system rearranges its steps and chooses the most appropriate method for each individual case.
In terms of design, the researchers worked to make the worm capable of spreading across devices of varying capabilities. Powerful devices equipped with graphics processing units (GPUs) handle the analysis tasks, while less powerful devices, such as Internet of Things (IoT) devices, are used to perform lighter tasks, thus turning the network itself into an attack infrastructure.
Tom Fazdar, a professor of artificial intelligence and cybersecurity, said that this hierarchical design makes the system more dangerous because compromised devices are not only victims but also become part of the attack mechanism.
Although the study has not yet undergone rigorous scientific review, it has sparked a wide debate about the possibility of using open-source artificial intelligence models to develop more sophisticated cyberattacks, even without the need for huge commercial models.
However, some experts believe the results are still limited because the experiment was conducted within a tightly controlled simulation environment containing deliberately weak systems, making it more of a proof of concept than a direct, real-world threat.
They assert that the worm's behavior could have been easily detected using traditional security monitoring tools, such as frequent network scanning activity and multiple intrusion attempts.
In contrast, the researchers emphasize that the importance of this study does not lie in it being a ready-to-use threat, but rather in it revealing how artificial intelligence can give malware greater adaptability and decision-making capabilities.
Experts conclude that this technology is still in the research phase, but it points to a possible trend for the future of cyberattacks, where software becomes more autonomous and less dependent on direct human guidance.
