University of Toronto Researchers Build Prototype AI Worm That Spreads Without Human Help
A University of Toronto team used open-weight AI models to create a worm that exploits known flaws across Linux, Windows, and IoT devices. The worm adapts its tactics, gathers data, and uses processing power from infected machines to plan further attacks.
EngadgetA University of Toronto team built a prototype worm that spreads through networks without human intervention by exploiting known computer flaws. The worm tailors its attack to different platforms and gathers passwords and additional vulnerabilities as it moves. If one flaw is patched, it switches to another on the same machine.
How the Worm Operates The worm siphons processing power from infected devices to run its reasoning and strategy updates. Lead author Nicolas Papernot said hackers have typically had to prioritize high-value targets because time and computing resources were limited, but once a worm is launched the cost would drop to nearly zero.
The researchers conducted the work in a secure closed environment using publicly accessible AI models. The prototype can only exploit known flaws and does not discover new ones.
Anthropic recently released Mythos, a model that has identified more than 10,000 previously unknown cybersecurity risks. Cloudflare reported that Mythos helped partners find 2,000 vulnerabilities, including 400 rated high or critical. Papernot said sharing the findings is the first step in prompting researchers, industry leaders, and policymakers to take action.
Transparency
2 independent outlets report the same core facts. This score blends how many outlets corroborate, their editorial tier, and how closely their facts agree — it measures corroboration, not proof.
Story details
Related Stories
nbcnews.comTrump Signs Executive Order for Voluntary AI Model Testing
President Trump signed an executive order creating a voluntary 30-day government testing process for AI models. OpenAI CEO Sam Altman will meet with White House officials and congressional leaders on Wednesday to discuss the policy.
CnbcOpenAI CEO to Join G7 Leaders Summit on AI Safety
OpenAI chief executive Sam Altman will attend the G7 conference in France from June 15-17 after an invitation from President Emmanuel Macron. Discussions are expected to focus on youth safety and frontier AI risks.
nbcnews.comTrump Requires 30-Day Government Review of Advanced AI Models Before Public Release
President Trump signed an executive order on June 3, 2026, requiring companies to submit their most advanced AI models for government review 30 days before public release. The order is the first major AI regulation directive of his second term.