A recent research study has raised concerns among cybersecurity experts about a new class of malware capable of autonomous propagation across computer networks using artificial intelligence. The concept, known as an AI worm, refers to malicious software that can independently analyse systems, develop attack strategies, and adapt when faced with obstacles.
The study was conducted by researchers associated with the Vector Institute in Canada. The project was initiated and supervised by Professor Nicolas Papernot. According to the findings, an AI-driven worm was able to spread through a controlled experimental network of 33 computers, achieving infection across 62 per cent of devices within seven days.
What a computer worm is
A computer worm is a type of malicious software that spreads automatically across connected systems without requiring user interaction. Unlike traditional viruses, worms replicate themselves across networks. Historical examples include the WannaCry worm of 2017, which disrupted services globally, including parts of the United Kingdom’s National Health Service, and NotPetya, which caused multi-billion-dollar financial losses worldwide in the same year.
Unlike those earlier worms, which typically exploit fixed vulnerabilities, the AI worm described in the study is designed to analyse each target system dynamically and generate tailored attack strategies.
Experimental findings
The researchers tested the AI worm in a mixed environment containing Linux, Windows, and Internet of Things (IoT) systems. Over 15 separate trials conducted during a seven-day period, the worm demonstrated the following average daily performance:
| Metric |
Average Result per Day |
| Vulnerabilities identified |
31 |
| Systems gaining administrative control |
23 |
| Replications created |
20 |
| Network vulnerabilities detected overall |
74% |
| Systems successfully infected |
62% |
The worm also demonstrated the ability to operate across different system types and adapt its strategy when initial attempts failed. If blocked, it would reassess the target environment and attempt alternative intrusion methods.
Operational mechanism
The AI worm follows a structured multi-stage process. First, it scans networked devices to identify available services, open ports, and operating system configurations. It then analyses this information to detect potential weaknesses.
Once a vulnerability is identified, it executes a tailored exploitation strategy. If successful, the worm installs a replica of itself on the compromised device, which then operates independently and continues propagation.
A key feature of the system is its reliance on a large language model (LLM), which allows it to make autonomous decisions without human intervention. When deployed on systems equipped with graphics processing units (GPUs), the worm can use available computational power to enhance its analytical capabilities, effectively turning infected devices into extensions of its own infrastructure.
Emerging security concerns
One of the most concerning aspects identified in the study is the worm’s ability to exploit newly disclosed vulnerabilities. In testing, it was able to use three security flaws that were publicly revealed in 2026, despite the model being trained before that period. Researchers noted that the worm achieved this by analysing publicly available information to identify and exploit emerging weaknesses shortly after disclosure.
This capability significantly reduces the time available for organisations to patch vulnerabilities, increasing exposure to rapid exploitation.
Independence from commercial AI systems
The study also highlighted that the worm does not rely on commercial artificial intelligence platforms. Instead, it operates using open-source AI models that can run on a single GPU. This reduces dependency on centralised safety controls implemented by major AI companies, limiting the effectiveness of existing safeguard systems.
Dual-use risks and research status
The researchers acknowledged that the technology presents dual-use risks, meaning it could be applied for both defensive cybersecurity improvements and malicious purposes. As a result, some technical details were withheld from publication, and relevant government authorities were informed in advance.
The paper, titled AI Agents Enabled Adaptive Computer Worms, is currently undergoing peer review and has not yet been published in a scientific journal. Independent experts are reviewing the methodology and findings.
The research team, led by Jonas Guan, included contributors Tom Blanchard, Hannah Forster, Hengrui Jia, and Gabriel Huang. Their work covered system design, experimental evaluation, and documentation.
Security recommendations
The study outlines several defensive measures to mitigate such threats. These include adopting zero-trust architecture, where no device or user is inherently trusted and all access requests are verified individually. Network micro-segmentation is also recommended to restrict lateral movement between systems, thereby limiting propagation.
The researchers further suggest continuous use of AI-assisted security monitoring tools to identify vulnerabilities early and reduce exposure windows.
Although the AI worm took approximately five days to reach half of the experimental network—slower than some conventional worms—researchers warn that improvements in AI models and computing hardware could significantly reduce this timeframe in future iterations, potentially increasing the speed and scale of infections.
The study concludes that addressing such threats will require coordinated action between researchers, industry stakeholders, cybersecurity professionals, and policymakers, as no single organisation is likely to manage the risk effectively on its own.
Comments