Researchers Build ‘AI Worm’ That Chooses Its Own Attack Path

Researchers have demonstrated an AI-powered worm that can adapt its attack in real time, showing just how much AI could change cybersecurity threats.

In a controlled experiment, researchers from the University of Toronto created a worm prototype that uses AI models to analyze each system it infects and decide which vulnerabilities to exploit next. This allows it to move beyond fixed attack paths and tailor its attack methods to the target it encounters.

That adaptability gives it a persistence that traditional worms lack, as it can continue spreading even after specific flaws are patched. It can also operate across mixed environments, using compromised machines to support itself while reducing reliance on attacker infrastructure. 

A malware outlier, powered by AI

The use of AI in the security sector isn’t new. Its applications range from automated vulnerability and fraud detection to threat prediction and incident response. In some cases, malicious actors have also used AI models to assist in developing malware.

What sets this latest development apart is how that role has evolved. Rather than merely aiding development, the AI in this case is embedded in the malware’s operation, guiding its behavior. The result is a worm that acts like an autonomous system.

Unlike many traditional worms, the prototype was designed to operate across multiple environments and pivot when one attack path becomes unavailable. The research report notes that the worm can run on Linux, Windows, and IoT devices.

Unlike what you might also expect, it was built using open-source AI models, not restricted ones.

In addition, the team says the worm feeds on its target's compute resources. That changes the game entirely because “hackers have typically had to prioritize the most high-value targets because time and computing resources were limited.”

However, the popularization of devices capable of running on-device AI effectively drops the cost of launching these worms “to nearly zero,” Nicolas Papernot, the lead scientist, said.

Researchers sound the safety alarm

Although the big story here is the prototype, the researchers say the real takeaway is what it signals for the future of cyber threats. By demonstrating how AI can be embedded directly into a worm’s decision-making process, the prototype highlights how attacks could become more autonomous and harder to predict.

Even with its potency currently limited to exploiting already known vulnerabilities, the risk such malware poses remains significant.

That is why the team shared their findings, to get “researchers, industry leaders and policymakers to take action — and quickly.”

To ensure that this development isn’t abused by hackers, the researchers noted that both government and scientific agencies were consulted before the release of the findings. Additionally, they concealed the identity of open-source models used, as well as other important information that could be used to replicate the worm.

Also read: OpenAI is giving EU defenders access to GPT-5.5-Cyber for authorized security work such as vulnerability identification, malware analysis, and patch validation.