RSS

AI Agents Enable Adaptive Computer Worms

speckx2 pts0 comments

CleverHans Lab - Latest research

Latest research

AI Agents Enable Adaptive Computer Worms

In our pursuit of new knowledge to enhance the security of artificial intelligence, we uncovered a cybersecurity threat with implications across society.

Jonas Guan*&dagger;1,2<br>Tom Blanchard*1,2<br>Hanna Foerster*3<br>Hengrui Jia*1,2<br>Gabriel Huang4<br>Nicolas Papernot&dagger;1,2

1University of Toronto<br>2Vector Institute<br>3University of Cambridge<br>4ServiceNow

*Equal contribution<br>&dagger;Corresponding author

Preprint

The full paper is available as a preprint.

Read the Preprint<br>View on arXiv

On this page

An AI-driven worm propagates across a heterogeneous network by parasitically acquiring computational resources for autonomous reasoning. (a) The worm spreads through a network containing servers, workstations, and IoT devices. Red arrows show propagation between compromised machines, while blue arrows show reasoning queries from low-compute machines to compromised GPU nodes. (b) The worm combines a single-GPU LLM with an agentic framework for recursive reasoning, memory management, and tool use against target machines.

Research Overview

Large language models (LLMs) now demonstrate the capacity for structured problem-solving that, combined with tool access, enables agentic AI systems to solve complex tasks. We show that when these capabilities are embedded in a self-replicating agent, they produce a fundamentally new cybersecurity threat: an adaptive computer worm that devises target-specific attack strategies to gain control of machines and spread across networks. Each compromised machine becomes part of the worm&rsquo;s own infrastructure, providing compute or reach for further attacks.

A computer worm is self-replicating malware that spreads across a network without human intervention. The WannaCry worm (2017) disrupted critical infrastructure across 150 countries by exploiting a single vulnerability. Traditional worms can be stopped by patching the specific vulnerability they exploit. Our adaptive worm cannot be stopped this way: it uses a recursive reasoning loop to detect and exploit diverse vulnerabilities as it propagates.

We demonstrate these capabilities in a controlled experiment: a prototype AI-driven worm powered by an open-weight LLM running locally, propagated across a heterogeneous network of Linux, Windows, and IoT devices with common corporate network vulnerabilities. The experiment was conducted in an isolated virtual network.

We believe this work highlights three important dimensions of the impact of AI on the cyberthreat landscape:

It establishes a qualitative shift in threat capability. The worm replaces fixed exploitation code with goal-directed reasoning that adapts to the vulnerabilities of each target in real time. Our agent self-replicates across networked devices, subverts control of systems, and self-sustains on stolen resources.

The AI-driven worm requires only an open-weight model that can run on a single, local GPU. It does not rely on any commercial AI platform. This renders vendors&rsquo; centralized safety controls, including service refusal, content filtering, and rate limits structurally irrelevant. The worm&rsquo;s tiered design, where each compromised GPU-equipped node provides reasoning for lightweight agents on downstream devices, extends the attack surface to any networked device.

The traditional economic barrier in cybersecurity collapses. The worm parasitically uses the victims&rsquo; own computational resources, reducing the attacker&rsquo;s marginal cost to zero. As consumer devices increasingly support LLM inference, the reasoning resources available to such adversaries grow accordingly.

This work provides empirical evidence that autonomous cyberoffence has crossed from theoretical risk to demonstrated capability, a challenge that spans AI research, cybersecurity, and public policy. We believe this transition demands rigorous, transparent evaluation of model capabilities across the open and closed-weight model ecosystems.

Radial propagation tree showing the spread of the AI worm in a network instance. The propagation begins from an agent process running on the kali machine (Generation-0), and then spreads to Generation-1 hosts by exploiting a detected vulnerability, and replicating itself once it gets control over the host. This process then repeats. This figure reflects the result of 7 days of autonomous propagation in a single network instance. The hostnames are unique IDs. Arrows are labelled with the names of vulnerabilities or weaknesses that the agent exploited to control the host.

FAQs

Why pursue this line of inquiry?

The driving motivation behind all our work is to enhance the security of artificial intelligence. Recently, public discussion about AI safety has focused on the capabilities of the largest and most powerful AI models that are known to be capable of finding previously undiscovered vulnerabilities that could be exploited. In contrast, smaller...

worm across network reasoning devices rsquo

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.