“We must prepare for autonomous generative adversaries,” the researchers wrote. “Malware systems that propagate without human operators and are defined not by fixed exploit code, but by the capacity to reason about targets, adapt to observations, and synthesize attack logic in real time.”
According to the new study, researchers say what sets their AI-powered worm apart from earlier versions is its ability to adapt to different targets, using a large language model to identify vulnerabilities and generate attack strategies in real time rather than relying on a fixed set of exploits.
“Traditional worms, like WannaCry, exploited predetermined vulnerabilities, and their spread can be halted by patching those vulnerabilities,” they wrote. “Here we show that artificial intelligence agents enable a fundamentally new threat: a worm that generates tailored attack strategies to each target it encounters.”
In the study, the team tested the worm in an isolated virtual network containing 33 Linux, Windows, and IoT systems seeded with common vulnerabilities. Across 15 experiments, the worm identified an average of 31.3 vulnerabilities, successfully compromised 23.1 hosts, and spread to roughly 20 machines during seven days of autonomous operation.
In some tests, the study said the malware was able to reach seven generations of self-replication, and unlike many AI applications, the worm did not depend on access to AI cloud services.
Researchers also found the system could exploit vulnerabilities disclosed after the model's training cutoff by ingesting newly published security advisories at runtime, allowing it to incorporate information that was not part of the model's original training data.
While the testing was conducted in a controlled environment, the authors acknowledged the dual-use nature of the work and intentionally withheld some technical details to reduce the risk of misuse.
“Ahead of releasing this preprint, we edited the manuscript to ensure that the presentation of our method balances the depth of detail needed for the community to study this novel threat with the risk of a malicious actor using our method for creating malware,” they said.
Despite this, the researchers said the project is intended to better understand the risks posed by adaptive computer worms and provide evidence of how far AI-enabled cyber capabilities have progressed.
“Addressing this threat will therefore require coordinated action across the research, security, industry, and policy communities: evaluation frameworks that test harness-level capabilities, detection systems tuned to the behavioural signatures of autonomous agents, and regulatory measures that account for the decentralized nature of open-weight inference,” they wrote.
