“AI Worms”, researchers demonstrate autonomous malware capable of adapting to any online device

Pierluigi Paganini
June 10, 2026

A study by the University of Toronto shows how artificial intelligence can power autonomous worms capable of tailoring attacks against Windows, Linux and IoT devices.

A group of researchers from the University of Toronto has demonstrated how open-source artificial intelligence models can be used to create a new category of computer worms capable of autonomously adapting their attack strategies.

The study, first reported by The New York Times and published on the preprint server arXiv.org, describes a proof of concept developed in a controlled and isolated environment, but the conclusions reached suggest that the evolution of AI could profoundly alter the cyber threat landscape.

Credit: https://cleverhans.io/worm.html

Researchers argue that this poses a different threat to traditional worms, as it does not rely on a fixed set of vulnerabilities or predefined attack techniques. Instead, the malware is capable of observing its target, analysing its characteristics, and dynamically generating a compromise strategy tailored to the system it is facing.

From automation to intelligent adaptation

Worms that have made their mark on the history of cybersecurity, such as WannaCry, exploited specific vulnerabilities. Once the software flaw had been fixed or a patch applied, the malware’s ability to spread was drastically reduced.

In the model proposed by the University of Toronto, however, the worm does not rely on a single vulnerability. The artificial intelligence used by the prototype allows the malware to evaluate different attack paths and choose the most effective one based on the device it has identified. During the experiments, the worm managed to spread within a network comprising Windows and Linux systems and IoT devices, exploiting common corporate vulnerabilities, misconfigurations and weak credentials.

Credit: https://cleverhans.io/worm.html

This ability to adapt is the truly innovative aspect. The malware does not follow a rigid pattern but modifies its behaviour according to the environment it encounters, making it more difficult to implement universal countermeasures.

The financial benefit for attackers

One of the most interesting aspects highlighted by the research concerns the attack’s economic model. Traditionally, large-scale malicious campaigns require infrastructure, servers and computing power that entail high costs for attackers.

In the case of the AI worm, however, the malware directly exploits the computational resources of compromised machines. Once a device is infected, the worm uses the victim’s processing power to run the language models needed to plan the next stages of the attack. In other words, each new infection helps to fund the subsequent propagation. According to the study’s authors, this mechanism reduces the marginal cost of each new compromise to virtually zero.

The result is a potential asymmetry between defenders and attackers. Whilst organisations must continually invest in protection tools, updates and monitoring, the malware can fuel its own growth by using resources stolen from its victims.

“The reason we are doing this research is to ensure the security of the digital ecosystem we all rely on to keep people safe. This finding catapults us into a new era of cybersecurity,” says Nicolas Papernot, one of the study’s authors, “By understanding the risks, we are now positioned to develop the countermeasures needed to detect and defend against threats like this.”.

Papernot also stated that he felt it was necessary to make the research public as soon as possible, to give researchers, policymakers, and the general public the opportunity to protect themselves from an emerging threat that ranges from ordinary laptops to air conditioning systems and the power grid. The research team also shared the findings with scientific and defense agencies prior to publication.

Preparing for a new generation of threats

The authors of the study emphasise that the malware described has not been observed in real-world campaigns and that all experiments were conducted in controlled environments. Certain technical details have been deliberately omitted from the publication to reduce the risk of malicious use.

Nevertheless, the message for the cybersecurity sector is clear. Future malware may no longer be defined by static code and pre-packaged exploits, but by the ability to reason, observe the environment and autonomously develop new compromise techniques.

In this scenario, fundamental security practices such as patch management, network segmentation, protection of privileged credentials, multi-factor authentication and continuous monitoring of anomalous activity take on even greater importance. If artificial intelligence enables attackers to adapt more quickly, defensive strategies will also need to evolve towards increasingly dynamic and proactive models.

About the author: Salvatore Lombardo (X @Slvlombardo)

Electronics engineer and Clusit member, for some time now, espousing the principle of conscious education, he has been writing for several online magazine on information security. He is also the author of the book “La Gestione della Cyber Security nella Pubblica Amministrazione”. “Education improves awareness” is his slogan.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon