A new class of malware capable of autonomous reasoning and adaptive propagation across computer networks has been demonstrated in recent academic research, raising significant cybersecurity concerns. The study describes an “AI worm” that can analyse target systems, identify vulnerabilities, and modify its attack strategy without human intervention.
The research was led by a team at the Vector Institute in Canada, under the supervision of Professor Nikola Paperno. The project’s implementation and evaluation were carried out by a multidisciplinary team including Jonas Guen, Tom Blanchard, Hana Forster, Hengrui Jia, and Gabriel Huang. The findings are currently under peer review and have not yet been published in a scientific journal.
Table of Contents
The AI worm is a form of malicious software designed to propagate across interconnected systems, including corporate and personal networks. Unlike conventional worms, it uses a large language model (LLM) to independently evaluate each new environment it enters. It then identifies system services, open ports, and operating system configurations before formulating a tailored intrusion strategy.
If an initial attack fails, the system does not stop. Instead, it re-analyses the failure and generates alternative exploitation methods. Once a device is compromised, the worm creates a replica of itself, which then continues the propagation process autonomously.
Researchers tested the system in a controlled environment consisting of 33 devices running Linux, Windows, and Internet of Things (IoT) systems. The AI worm was released across 15 separate experiments over a period of seven days.
During testing, it demonstrated the ability to spread to 62% of the devices in the network and identify 74% of known vulnerabilities within the system.
| Metric | Result |
|---|---|
| Total devices in test network | 33 |
| Operating systems | Linux, Windows, IoT |
| Experimental runs | 15 over 7 days |
| Network spread achieved | 62% of devices |
| Vulnerabilities identified | 74% of system weaknesses |
| Average vulnerabilities identified per day | 31 |
| Systems with administrative access gained | 23 devices |
| Self-replications created | 20 devices |
The worm also demonstrated the ability to recognise and exploit newly disclosed vulnerabilities published in 2026, despite the underlying model having completed its training before those vulnerabilities were publicly known. Researchers attributed this capability to the system’s analysis of publicly available online information.
Conventional worms such as “WannaCry” (2017) and “NotPetya” (2017) relied on exploiting specific known vulnerabilities. Once those weaknesses were patched, the worms could be effectively contained. In contrast, the AI worm dynamically generates new attack strategies for each system it encounters, making patch-based mitigation less reliable.
The study notes that such adaptive behaviour significantly increases the complexity of defensive cybersecurity strategies.
A notable finding is that when the worm gains access to systems equipped with graphics processing units (GPUs), it utilises their computational capacity to enhance its own analytical capabilities. This effectively transforms compromised machines into distributed computational resources supporting further attacks.
Importantly, the system does not rely on commercial AI platforms. Instead, it uses open-source models that can operate on a single GPU, reducing dependence on centralised AI services and limiting the effectiveness of existing safety controls implemented by major AI companies.
The AI worm operates in a structured sequence:
This cycle continues autonomously across multiple devices, enabling parallel propagation attempts.
The researchers highlight that such systems may significantly shorten the time between vulnerability disclosure and exploitation. In controlled testing, the worm required approximately five days to reach half of the network, although researchers note that improvements in hardware and model efficiency could reduce this timeframe in future scenarios.
Proposed mitigation strategies include zero-trust network architectures, strict identity verification for all communication, and micro-segmentation to limit lateral movement within networks. Continuous AI-driven security monitoring is also recommended to detect emerging weaknesses more rapidly.
The authors acknowledge the dual-use nature of their work. While the research aims to improve understanding of emerging cyber threats, the techniques involved could potentially be misused to develop more advanced malicious software. As a result, certain technical details have been withheld, and relevant government authorities were notified in advance.
The study remains under peer review, with independent verification currently underway to assess its methodology and findings.
> World Music Day Festival Begins At Shilpakala Academy
> Noussair Mazraoui Contemplates Retirement To Become Imam
> Phil Simmons Criticises Batters Following Australia Series Loss
> Spain Overcome Saudi Arabia In World Cup Rout
> Sylhet Youths Protest Demanding Reinstatement Of DC
> Ministry Explains Transfer Of Sylhet Official Sarwar
> Former Lawmaker Selima Ahmad Passes Away In Bangkok
> Police Arrest Suspect For Illicit Online Gambling
> Police Custody Extended For Narayanganj Politician’s Son
> Bangladesh Nationalist Party Worker Murdered In Jessore District
> Iran launches new strikes against Kurdish groups in Iraq
> Sanjoy Joins World Cup Album
> Global Commemoration of International Father’s Day
> Armed Drug Dealer Apprehended in Banani Police Raid
> Foreign Exchange Rates Shape Economy
> De Paul Tops AI Beauty Ranking
> Sylhet Measles Crisis Deepens Further
> Pakistani Revolver Recovered from Ashulia Madrasah
সম্পাদক ও প্রকাশক: এ বি এম জাকিরুল হক টিটন
যোগাযোগের ঠিকানাঃ পশ্চিম কাফরুল, বেগম রোকেয়া সরণি, ঢাকা
© Copyright 2026 Khaborwala। All Rights Reserved
Comments