AI-Powered Worm Exploits Multiple Vulnerabilities Autonomously

A new class of cyber threat

Researchers at the University of Toronto have demonstrated an AI-driven computer worm that represents a fundamental shift in cybersecurity threats. Unlike traditional worms that exploit a single vulnerability, this autonomous malware uses large language models to identify and exploit different security flaws as it spreads—making it impossible to stop by patching one bug.

In testing on a simulated 33-machine corporate network, the worm compromised nearly three-quarters of machines within one week, establishing persistent access on nearly two-thirds of them. The system operated entirely without human intervention, according to a paper titled "AI Agents Enable Adaptive Computer Worms" released this week.

The worm works by hijacking compromised machines and running open-weight LLMs locally to reason about attack strategies. Critically, it can read publicly available vulnerability advisories in real time—the same information security teams use—and autonomously determine how to exploit newly disclosed flaws.

Why it matters

This research arrives as enterprises grapple with the scale of unpatched vulnerabilities revealed by Anthropic's Mythos model through Project Glasswing. The Toronto findings show that even smaller, publicly available AI models now possess sufficient capability to power autonomous offensive tools. Organizations accustomed to patching on human timelines face a new reality where attackers operate at machine speed across multiple attack vectors simultaneously.

Industry response and implications

Gary McGraw, CEO of the AI security nonprofit Berryville Institute of Machine Learning, called the research more significant than Mythos. "This shows what happens when a generic model that's open weights can be targeted, and it just sort of grinds relentlessly, looking for bugs," he told Fortune, which first reported the findings.

McGraw compared the development to the 1988 Morris worm that spread across the early internet. Historic worms like Heartbleed and WannaCry each exploited single vulnerabilities. "Now, the worm can pick a target, and instead of seeing whether it has one bug that it knows about, it can just try to hack it with any bug that it can find," he explained.

Ari Herbert-Voss, CEO of AI cybersecurity startup RunSybil and formerly OpenAI's first security hire, emphasized that organizations patching on human timelines will fall behind machine-speed attacks.

Practical defense considerations

Jamieson O'Reilly, founder of red-teaming startup Dvuln, cautioned that laboratory success differs from operational reality. Real corporate environments include defensive controls, monitoring systems, and authentication barriers absent from test networks. He noted that worms using local AI models must move large model files across networks, creating detectable traffic patterns—though this advantage diminishes as models become smaller and more efficient.

McGraw argued the solution requires investment in fixing software vulnerabilities, pointing to the millions spent on remediation through Project Glasswing. However, Herbert-Voss suggested spending alone won't solve the problem when organizations face more vulnerabilities than they can realistically address. "The challenge is knowing what actually matters for an attacker to gain control," he said.

The research underscores that AI has lowered the expertise barrier for building autonomous offensive capabilities, a development both governments and organizations must take seriously.

These details were first reported by Fortune.