Researchers at the University of Toronto have shown how artificial intelligence can help a computer worm to spread much more efficiently in foreign computer networks: by developing adapted attack strategies against computers that have not yet been infected. The AI worm is therefore much more dangerous than previously existing variants. The researchers describe their demonstration experiment in a preprint published online.
How a computer worm works
A worm is a special type of malware. He uses known software vulnerabilities to gain access to other people’s computers. There it then automatically creates new copies of itself that attempt to penetrate other computers on the respective network. The first major security incident involving such a computer worm occurred in 1988. A failed experiment with the so-called Morris worm paralyzed ten percent of the Internet.
Editorial recommendations
${content}
${custom_anzeige-badge}
${custom_tr-badge}
${section}
${title}
Why the new prototype is so powerful
Traditional computer worms can be contained if you know which software vulnerabilities they attack and can patch those vulnerabilities. The new prototype now uses a large language model that is not limited to a software vulnerability, but rather develops a tailor-made strategy for each goal.
According to the research paper, the worm not only accessed the knowledge from its training data, but was also able to develop new attacks in individual cases: “In our test environment, the AI-controlled worm exploited three vulnerabilities that became known in 2026 – i.e. after the end of the training phase of the LLM – by incorporating publicly available security information at runtime. These results prove that the worm can convert newly published information about vulnerabilities into working exploits without relying on the information contained in the weights of the LLM “To access the knowledge encoded in the basic model,” the researchers write.
Consequences for IT security
“You need a completely secure system to defend against it — and we know that’s not feasible right now,” Nicolas Papernot, a professor of computer engineering at the University of Toronto who led the team, told the New York Times. Because the AI module “makes it significantly more difficult to stop the spread of malware,” he said. “There is no longer a single software patch you can install on devices to protect them from the worm.”
However, the worm, which the researchers strictly isolated from the public Internet, is anything but an optimized attack tool. On the contrary. As the researchers write, they intentionally did not integrate any obfuscation or deception modules that advanced malware uses to protect itself from detection. The worm is relatively easy to detect if you monitor the activity in the infected network. In addition, the test network did not contain any active defense software. In this “worst case scenario,” the worm was only actually successful in around 50 percent of all cases. To ensure that the findings from the paper are not misused, the researchers left out critical details, such as which AI model they specifically used.
The researchers see the paper as more of a warning shot. Governments and industry must develop strategies together in the face of these new threats, they write. “For industry and policymakers, the decentralized nature of this threat complicates traditional regulatory approaches: no single vendor controls the model, hardware or equipment. Addressing this threat therefore requires coordinated action from the research, security, industry and policy communities: assessment frameworks that test capabilities at the equipment level, and detection systems that are tuned to the behavioral signature.”
Top Article
${content}
${custom_anzeige-badge}
${custom_tr-badge}
${section}
${title}
