New AI Cyber Worm Thinks Up Its Own Attacks To Infect Computers

AI-powered malware is a growing threat, but the extent of that threat was nebulous until researchers from the University of Toronto, Vector Institute, and CleverHans Lab presented a new PoC (proof of concept) attack developed with a local model running on only a single GPU.

Specifically, CleverHans Lab reveals that its AI-driven worm requires only a single open-weight (free) AI model and can function off of a single GPU before spreading to other machines, hijacking their GPU resources, and continuing to spread. The AI worm uses adaptive goal-directed reasoning that analyzes a victim's system and finds an unpatched vulnerability to exploit, allowing it to spread itself across a network.

Some good news first: while the AI worm is indeed adaptable, it is limited by its use of free open-weight models. The biggest limitation is that the worm can only use publicly-known, unpatched exploits. This means that it can't create zero-days on its own, only exploit known vulnerabilities that have yet to be patched.

The problem is that even known vulnerabilities can sometimes take months or years to patch, if at all, and the worm has proven capable of infecting Windows PCs, Linux PCs, and even IoT devices.


Another tidbit of good news is that the specific PoC detailed in the original CleverHans Lab paper has not been publicly released, though it should be possible to recreate by attackers.

CleverHans Lab notes that some details are intentionally omitted from the paper in order to make it harder to do, but there's really no reason that sufficiently-determined attackers could not recreate it with the right model and GPU hardware. It's something of a no-win situation for CleverHans Lab, who notes that while the research could be misused, knowledge that these threats can now exist is of utmost importance for the future of cybersecurity.

Finally, like most attacks, the AI worm is not undetectable. Not only was the PoC not designed with any camouflage mechanisms, but its reliance on publicly-disclosed vulnerabilities means that existing detection methods for those attacks should still work to detect a malicious worm at work.

It's still concerning though, which makes quick patch development, distribution, and installation paramount. Even common users reluctant to fast-track OS or firmware updates may be forced to think twice if attacks like these become commonplace. Unfortunately, the information revealed by the CleverHans Lab paper in question indicates that the spread of AI worms is a matter of "when," not "if."