Singularity.Kiwi

AI progress, with honesty.
A dark server room with glowing red network cables and AI neural patterns spreading across screens, dramatic lighting, cinematic, photojournalistic
Breaking News 4 June 2026

AI-Powered Worms Can Now Spread, Think, and Feed Off Your Network — And We're Not Ready

Researchers demonstrated an AI worm that spreads itself, adapts to different operating systems, steals passwords, and uses your own hardware to think. The age of autonomous cyberattacks has arrived.

AI SecurityCybersecurityUniversity of TorontoAI WormsAutonomous Cyberattacks

The Short Version

University of Toronto researchers, led by cybersecurity professor Nicolas Papernot, have demonstrated an AI-powered computer worm that can autonomously spread through networks, adapt its attack strategy to different platforms (Linux, Windows, IoT), steal passwords, and — here’s the terrifying part — use the processing power of every machine it infects to fuel its own reasoning. It’s the first proof-of-concept for a threat security researchers have warned about for years: malware that thinks.

🔍 THE BOTTOM LINE

AI worms don’t just break things — they learn, adapt, and self-sustain. The cybersecurity game just changed forever.

What the Researchers Built

Working in a secure, closed environment, the University of Toronto team used publicly available open-weight AI models to create a prototype worm that spread through their test network with zero human intervention. The work is documented in a paper on arXiv.

Traditional worms exploit a single known vulnerability. You patch the hole, you stop the worm. This prototype is different:

  • Multi-platform: It tailors its attack to different operating systems — Linux, Windows, and IoT devices — choosing exploits based on what it discovers about each target.
  • Self-reinforcing: Each infected machine’s compute is siphoned to power the worm’s AI reasoning, so it gets smarter as it spreads. More victims, more thinking capacity.
  • Persistent: If one vulnerability is patched, the worm pivots to other flaws it’s already identified on the same machine.
  • Password-harvesting: It gathers credentials as it moves, using stolen passwords to access further systems.

“Hackers have typically had to prioritize the most high-value targets because time and computing resources were limited,” Papernot said. “But now, once a worm is launched, the cost would drop to nearly zero.”

Why This Hits Different Right Now

The timing is not coincidental. This research lands in the same week that Anthropic’s Mythos model — which we covered earlier — has been deployed to Australian cyber defenders, where it’s already uncovered more than 10,000 vulnerabilities, including 400 rated high or critical.

The U of T prototype can only exploit known vulnerabilities. It can’t discover new ones the way Mythos can. But the gap between “known-only” and “find-and-exploit-anything” is exactly the gap that concerns researchers. Combine an AI worm with a vulnerability discovery model, and you get something that finds weaknesses and exploits them and learns from each successful breach.

“In an interconnected world, no system is immune to this threat,” Papernot said. “Sharing these findings is the first step in galvanizing researchers, industry leaders and policymakers to take action — and quickly.”

The Mythos Connection

Anthropic’s Mythos — the cybersecurity-focused model now available to Five Eyes partners — was built for defence. It finds vulnerabilities so they can be patched before attackers find them. Cloudflare alone found 2,000 bugs using it.

But the same capability that makes Mythos valuable to defenders makes it a nightmare in the wrong hands. The U of T research doesn’t use Mythos (they used open-weight models), but the implication is clear: if defensive AI can find 10,000+ vulnerabilities, offensive AI could too.

This is the dual-use dilemma of AI security in its sharpest form. The tool that protects you is also the tool that could be weaponised against you — and the open-weight ecosystem means the barrier to entry keeps dropping.

What Makes This Different From Regular Malware

FeatureTraditional WormAI-Powered Worm
Vulnerability targetingSingle known exploitMultiple exploits, adapted per target
AdaptabilityStatic codeLearns from each infection
Compute needsMinimalSiphoned from victims
Patching responseWorm diesPivots to alternative exploits
DiscoveryCan’t find new flawsCould combine with vulnerability-discovery AI
Scale costHuman-limitedNear zero after launch

The last row is the one that should keep CISOs awake. Traditional cyberattacks require human expertise for each target. An AI worm pays the human cost once, then scales indefinitely.

New Zealand’s Position

New Zealand is a Five Eyes partner and a small, digitally connected economy. The GCSB’s 2024 Cyber Threat Report noted that nation-state actors continue to target NZ government and private sector infrastructure.

For NZ specifically:

  • Small target, big exposure: NZ’s 5.2 million people run on a surprisingly small number of critical systems. A single well-targeted worm could do disproportionate damage.
  • Five Eyes intelligence gap: Australia now has Mythos access for its cyber defenders. NZ doesn’t. That means the very tool designed to find the vulnerabilities this worm would exploit isn’t available to NZ’s defenders.
  • IoT vulnerability: NZ’s large agricultural and manufacturing sectors run extensive IoT infrastructure — exactly the devices this prototype worm targets most effectively.

❓ Frequently Asked Questions

Q: Can this worm escape the lab? No. The research was conducted in a secure, closed environment with extensive safety precautions. The team has not released the code and is following responsible disclosure practices.

Q: How soon could real attackers build something like this? The researchers used publicly available open-weight AI models. The component pieces already exist in the wild. What the paper demonstrates is the combination — autonomous spread + adaptive reasoning — which is new, but the building blocks are accessible now.

Q: What should NZ organisations do? Patch aggressively. The worm exploits known vulnerabilities, so keeping systems updated remains the single best defence. Audit IoT devices — they’re the softest targets. And push for NZ to get Five Eyes parity on tools like Mythos.

Q: Is this connected to the Palisade Research self-replicating AI paper? Different research teams, different focus. Palisade demonstrated that AI models can self-replicate (copy their own weights to new systems). The U of T research shows AI powering a worm that spreads and adapts. The overlap is autonomous AI action on remote systems — the combined threat is what concerns security researchers.

🔍 THE BOTTOM LINE

The age of “set it and forget it” cyberattacks has arrived. An AI worm doesn’t need a human operator to choose targets or adapt strategies — it does that itself, and it gets stronger with every machine it infects. The defence tools exist (Mythos found 10,000+ vulnerabilities), but so do the offensive ones, and the open-weight ecosystem means the barrier to entry keeps falling. New Zealand needs to close the Five Eyes access gap on defensive AI tools — because the offensive ones are already out in the open.

SOURCES

  • University of Toronto press release
  • Engadget: “Researchers Show How AI-Powered Worms Could Wreak Havoc On The Internet”
  • arXiv: “AI Agents Enable Adaptive Computer Worms” (2606.03811)
  • The Independent: “AI-powered computer worms herald ‘new era’ of cybersecurity threats”
  • The Straits Times: “Scientists find way to supercharge dangerous computer ‘worms’ with AI”
  • Anthropic Mythos / Project Glasswing coverage
Sources: University of Toronto, Engadget, arXiv (2606.03811), The Independent, The Straits Times

Related Articles