University of Toronto Researchers Demonstrate AI Worm Capabilities in Simulated Corporate Network
University of Toronto researchers released a paper showing an AI-driven worm that uses open-weight LLMs to find and exploit vulnerabilities without human input. The worm infected nearly three-quarters of machines in simulated tests.
quantumcomputingreport.comUniversity of Toronto researchers built an AI-driven worm powered by open-weight large language models that generates its own attack strategies and spreads across networks without human intervention. The paper titled ‘AI Agents Enable Adaptive Computer Worms’ was released yesterday. The researchers ran the worm 15 times on a simulated 33-machine corporate network.
On average, the worm broke into nearly three-quarters of the machines and established a permanent presence on nearly two-thirds of them within one week with zero human involvement. The worm reads fresh, publicly available vulnerability advisories online in real time and determines how to exploit newly disclosed flaws on its own. LLM knowledge cutoffs did not prevent the worm from operating.
Gary McGraw, CEO of the AI security nonprofit Berryville Institute of Machine Learning, said the demonstration shows what happens when a generic open-weight model is used this way. “This shows what happens when a generic model that’s open weights can be targeted, and it just sort of grinds relentlessly, looking for bugs,” McGraw said.
McGraw added that AI has become effective enough at finding bugs and exploits that even smaller open-weight models can serve as the reasoning component of a worm.
He compared the development to the Morris worm of 1988, noting that earlier worms such as those tied to Heartbleed in 2014 and WannaCry in 2017 relied on a single known vulnerability. Ari Herbert-Voss, CEO of AI cybersecurity startup RunSybil and formerly OpenAI’s first security hire, said organizations that continue to patch on human timelines will increasingly find themselves behind the curve.
Jamieson O’Reilly, an offensive security specialist and founder of red-teaming startup Dvuln, said he has no doubt that AI-driven propagation is a real and growing capability.
O’Reilly noted that worms using local AI models would still need to move large model files across networks, creating detectable traffic and activity. The findings follow Anthropic’s launch of the Mythos model, which was deployed only to companies with critical software through Project Glasswing.
Transparency
Reported by a single outlet. This score reflects source tier and factual specificity — corroboration is limited with one source.
Story details
Related Stories
thehindu.comFive Eyes agencies report Chinese military intelligence LinkedIn recruitment
Intelligence services from the U.S., Australia, Canada, New Zealand and Britain issued a joint alert stating that Chinese military intelligence is using fake profiles and job offers on professional networking sites to target government and military personnel with security clearan…
nbcnews.comTrump Signs Executive Order for Voluntary AI Model Testing
President Trump signed an executive order creating a voluntary 30-day government testing process for AI models. OpenAI CEO Sam Altman will meet with White House officials and congressional leaders on Wednesday to discuss the policy.
The IndependentUK CMA Orders Google to Let Publishers Opt Out of AI Search Features
The Competition and Markets Authority gave Google nine months to implement new rules allowing publishers to block their content from AI-generated search results and AI model training.