Researchers at the University of Toronto have unveiled a functioning prototype of an AI-powered computer worm that spreads autonomously across networks while continuously adapting to new targets.
The work, described in a recently published paper on arXiv.org, demonstrates that self-replicating malware powered by artificial intelligence is no longer theoretical but an immediate cybersecurity concern facing every connected system worldwide.
The worm doesn’t require proprietary models from companies like Anthropic or OpenAI. Instead, researchers used a freely available AI model anyone can download from the internet. This accessibility means bad actors could replicate the work with minimal resources and technical expertise. The prototype was tested in an isolated virtual environment and successfully spread across mixed systems running Windows, Linux, and edge devices like cameras and printers without any human intervention or guidance.
What makes this worm uniquely dangerous is its learning capability. Unlike traditional malware that follows fixed instructions from its creator, this AI-powered variant adapts its attack strategy as it encounters different vulnerabilities and system configurations. It can gather sensitive information including passwords, system data, and network topology, then use that intelligence to refine subsequent attacks. Once a device is compromised, the worm leverages that machine’s computing power to support further attacks across the network.
David Lie, a computer science professor at the University of Toronto familiar with the research, called it a “wake-up call” for the cybersecurity industry. The demonstration reveals that the world remains woefully unprepared for AI-driven cyber threats despite years of warnings from security experts and government agencies.
The findings carry enormous implications for global infrastructure. Modern systems—water treatment facilities, energy grids, financial networks, healthcare systems, and telecommunications—depend almost entirely on networked computers. An unchecked autonomous worm could trigger cascading failures across critical services, potentially affecting millions of people simultaneously.
However, Lie notes that AI is dual-use technology. The same capabilities enabling an AI worm to learn and adapt could help defenders identify and patch vulnerabilities before attackers find them. Organizations must now prioritize AI-assisted penetration testing and automated fuzzing to strengthen their defenses immediately.
You can access the study here.
