University of Toronto Researchers Demonstrate AI‑Powered Worm That Autonomously Exploits Known Flaws

Researchers at the University of Toronto have shown that artificial intelligence can power a self‑propagating worm capable of exploiting any known computer flaw. Working in a sealed test environment, the team used open‑weight AI models—publicly accessible versions of machine‑learning software—to create a prototype that moved through a simulated network without human intervention.

The worm does not rely on a single vulnerability. Instead, it scans each target, matches the flaw to a pre‑learned exploit, and then launches an attack tailored to the operating system—whether Linux, Windows or an Internet‑of‑Things device. As it spreads, the malware harvests passwords and other data, feeding that information back into its decision‑making engine.

AI gives the worm a self‑learning edge

Unlike traditional worms, which require skilled programmers to write code for specific bugs, the AI‑driven version continually refines its strategy. When a machine patches a vulnerability, the worm pivots to another known flaw on the same host, keeping the infection alive. It also taps the processing power of compromised devices to run its reasoning algorithms, effectively “feeding” on the resources it steals.

Lead author Nicolas Papernot explained that the new approach could dramatically reduce the cost of launching attacks. "Hackers have typically had to prioritize high‑value targets because time and computing resources were limited," he said. "But now, once a worm is launched, the cost would drop to nearly zero."

The research builds on recent advances in AI‑assisted security tools. Anthropic’s Mythos model, for instance, can identify previously unknown vulnerabilities and has already uncovered more than 10,000 flaws for its partners. While the University of Toronto’s prototype cannot discover new bugs—it only exploits those already known—its ability to autonomously select and deploy exploits demonstrates how AI could amplify existing threats.

Security firms are taking notice. Cloudflare, which protects millions of websites, recently reported finding 2,000 vulnerabilities using AI‑enhanced methods, including 400 classified as high or critical. The Toronto team’s findings suggest that malicious actors could adapt similar techniques to both discover and weaponize flaws, creating a near‑unstoppable threat if released into the wild.

Researchers stress that the work was conducted under strict safeguards. The test network was isolated from the internet, and the team took extensive precautions to prevent accidental spread. Their intention, Papernot said, is to raise awareness among scholars, industry leaders and policymakers so that defensive measures can keep pace with offensive capabilities.

In an increasingly interconnected world, the study underscores a shift in the cyber‑threat landscape. As AI models become more powerful and accessible, the line between defensive research and offensive weaponization grows thinner, prompting calls for coordinated action across the security community.

This article was written with the assistance of AI.
News Factory APP - agentic news to boost your SEO & AEO.