Researchers: New Replicating AI-Driven Worm Could Hijack Entire Networks

University of Toronto analysts have developed a proof-of-concept AI-powered computer worm that autonomously identifies unpatched vulnerabilities, analyzes targets and creates customized exploits. They warn that it signifies a paradigm shift in cybersecurity, with more autonomous and adaptive threats. What does it mean for enterprises?
June 9, 2026
2 min read
Add Us On Google

Key Highlights

  • Changing the landscape of cybersecurity, researchers created a proof-of-concept AI-driven worm that dynamically identifies vulnerabilities and adapts its attack strategies.
  • It presents a destabilizing economic asymmetry between attackers and defenders, because the worm's propagation incurs minimal cost to the attacker while posing substantial risks to enterprise networks.
  • Researchers warn such low cost, adaptive threats could target anything online, from laptops to critical infrastructure.
  • The risk from AI worms highlights the urgency of proactive vulnerability management, zero trust architectures and coordinated policy action.
ID 132116427 © Wrightstudio | Dreamstime.com
Woman’s finger reaching for padlock icon on blue screen representing cybersecurity.

Changing the cybersecurity landscape as we know it, researchers from the University of Toronto, Vector Institute and University of Cambridge have built a proof of concept, AI-powered computer worm that autonomously analyzes each target, adapts its attack strategies and builds custom exploits in real time. 

The AI-powered worm uses a locally hosted, open-weight large language model (LLM) to reason its way through a network, generate tailored attack strategies for each target it encounters, and replicate itself — all without human intervention and without touching a commercial AI service. 

The University of Toronto reports that in a controlled 33 host simulation spanning Linux, Windows and Internet of Things (IoT) devices, highlighting a significant evolution in malware capabilities. By running open weight models locally on compromised machines, it bypasses centralized AI safety controls and uses stolen compute to fuel further attacks.  

According to The Hacker News, the preprint was posted to arXiv on June 2 and is under peer review. It shows why single-CVE patching breaks down when malware can inspect exposed services, read fresh advisories and generate a new attack path at runtime. 

Why does this worm change the cybersecurity landscape?

Unlike traditional worms that rely on fixed exploits, AI-driven worms can adapt dynamically by identifying and exploiting unpatched vulnerabilities and human misconfigurations. Researchers demonstrated that the worm could reason about flaws disclosed after its training data cutoff. 

Combined with a near-zero marginal cost per infection, this adaptability gives attackers a significant economic advantage and poses a challenge to traditional cybersecurity defense models.

What does this mean for enterprises?

The emergence of such autonomous malware presents a destabilizing economic asymmetry between attackers and defenders, because the worm's propagation incurs minimal cost to the attacker while posing substantial risks to enterprise networks, according to arXiv.org from Cornell University. 

The advent of adaptive AI-driven worms also signifies a paradigm shift in cybersecurity, requiring immediate action to bolster their security measures, including proactive vulnerability management, zero trust architectures, and coordinated policy action.

About the Author

Theresa Houck

Theresa Houck

Contributor

Theresa Houck is an award-winning B2B journalist with more than 35 years of experience covering industrial markets, strategy, policy, and economic trends. As Senior Editor at EndeavorB2B, she writes about IT, OT, AI, manufacturing, industrial automation, cybersecurity, energy, data centers, healthcare, and more. In her previous role, she served for 20 years as Executive Editor of The Journal From Rockwell Automation magazine, leading editorial strategy, content development, and multimedia production including videos, webinars, eBooks, newsletters, and the award-winning podcast “Automation Chat.” She also collaborated with teams on social media strategy, sales initiatives, and new product development.

Before joining EndeavorB2B, she was an Industry Analyst at Wolters Kluwer in its human resources book publishing operation. Before that, she spent 14 years with the Fabricators & Manufacturers Association, Intl., serving as Executive Editor of four magazines in the sheet metal forming and fabricating sector, where she managed and executed editorial strategy, budgets, marketing, book publishing, and circulation operations, and negotiated vendor contracts.

Houck holds a Master of Arts in Communications from the University of Illinois Springfield and a Bachelor of Arts in English from Western Illinois University.

Trending

Resources

June 3, 2026
Oct. 16, 2025
Oct. 16, 2025

Quiz

mktg-icon Your Competitive Edge, Delivered

Stay ahead of the curve with weekly insights into emerging technologies, cybersecurity, and digital transformation. TechEDGE brings you expert perspectives, real-world applications, and the innovations driving tomorrow’s breakthroughs, so you’re always equipped to lead the next wave of change.

Sign Me Up
marketing-image